How about keeping all .php-files except for index.php above the web root? No need for any rewrite rules or programmatic kludges.
Adding the includes-folder to your include path will then help to keep things simple, no need to use absolute paths etc.