You could always make a fake index.html/php whatever and throw it into the directories you want blocked off, it is a cheap and flawed method, but it turns back most people. Another method is to password protect directories or set up redirection. It depends on your web server, be it the Apache web server, a Microsoft one, or some other httpd.