Can’t you just use an .htaccess file inside doc_root/scripts
to prevent all access over the web to .js
files over HTTP?
It won’t stop minify, since that provides indirect access.
So in doc_root/scripts/.htaccess
, something along the lines of
<Files ~ "\.js$">
order allow,deny
deny from all
</Files>
Note that the location of the .htaccess
file matters in this case.