Issue with 'hidden_dirs' | logical error

Hey,
if i have a hidden directory like this "$_CONFIG['hidden_dirs'] = array('private');" and i type in the in the searchbar the url: "localhost/?dir=private", i'm able to get in the folder and can do what ever i want to.

Is it possible to forbid the access recursive to the directory, just like "localhost/?dir=private/subfolder"?

When I access the private folder like this "localhost/private/subfolder" i catch it with a password from the apache2 settings in /etc/apache2/httpd.conf.

I really appreciate any given answers.

Ps.: Really like encode-explorer and sorry for the bad english, #i'mfromaustria 😄