Sometimes it becomes necessary to deny access to certain files. For example, to configuration files containing access details to databases, interfaces, etc. Let’s say in the config.cfg file you store the login/password for accessing the database. Create a .htaccess file in this directory with the following directives:
<FilesMatch "\.(cfg)$">
Order allow,deny
Deny from all
</FilesMatch>
Now, if a visitor types something like http://www.your_domainname.com//config.cfg in the browser, he will receive a 403 error or your page for this error.