Block php files except in one directory

Question

I'm trying to block all calls to php files in a specific folder and subfolders except for one specific folder and its subfolders.

I've tried a number of different regex permutations and I can get the regex to match properly, it's implementing in htaccess where I have a problem.

This is the htaccess file as it is now:

<FilesMatch "\.(?i:php)$">
  <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
  </IfModule>
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
</FilesMatch>

and this is the regex expression that matches properly outside of htaccess:

^(?!.*(thedirectory)).*(?i:php)$

When I check that regex against index.php it matches. When I check against /thedirectory/index.php it does not match. When I check against /someotherdirectory/style.css it does not match.

How I'd like it to work is:

domain.com/folder/index.php -> 404 Error
domain.com/folder/thedirectory/index.php -> resolves
domain.com/folder/someotherdirectory/index.php -> 404 Error
domain.com/folder/someotherdirectory/afunction.php -> 404 Error
domain.com/folder/someotherdirectory/style.css -> resolves

Answer 1

The <Files> and <FilesMatch> sections match just the filename, not the directory path. So attempting to do so will naturally fail.

An alternative approach is to simply create an additional .htaccess file in the directory you want to allow access, which will override the parent:

Require all granted

Answer 2

Turned out to be a lot more straightforward than I thought it would be:

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^(?!.*(thedirectory)).*(?i:php)$ [NC]
    RewriteRule "(.*)" /404.php
</IfModule>