Not sure what you're doing in the first place that allows them to be downloaded -- mine all just get executed.
That said, if you want to deny running the script directly, you can add in a flag that proper scripts set before including the file and which is subsequently checked.
For example, let's say that you have the following index.php file:
-
<?php
-
$page_body = '<H1>Today Rocks!</H1>';
-
-
$allow_file_includes = true;
-
require_once('template.php');
-
?>
-
it includes template.php which has a check at the beginning:
-
<?php
-
if ($allow_file_includes !== true) {
-
header("Location: index.php");
-
exit();
-
}
-
-
echo $page_body;
-
?>
-
If someone visits template.php directly, they'll be redirected to index.php