The title should be "../" but the site felt like change it

Hello, I'm trying to make my _PRIVATE folder not accessible for the users, only if they type a URL I have choice

Here is the file structure I'm using

  / 
     -- .htaccess #1 
     -- _PUBLIC/ 
         -- .htaccess #2 
         -- images/ 
         -- javascripts/ 
         -- styles/ 
     -- _PRIVATE/ 
         -- pages/ 
             -- login.php 

So this have 2 cases,
1: / is docroot by apache
2: _PUBLIC is docroot by apache


if 1 is true
.htaccess #1
* -> /_PUBLIC/* (just point everything to _PUBLIC)

.htaccess #2
user/login -> /../_PRIVATE/pages/login.php (This ain't working)



if 2 is true
.htaccess #2
user/login -> /../_PRIVATE/pages/login.php (This ain't working)




This is how my .htaccess files looks like now
.htaccess #1
RewriteCond $1 !^_PUBLIC
RewriteRule ^(.*)$ /_PUBLIC/$1 [L]


.htaccess #2
RewriteRule ^user/login/? /../_PRIVATE/pages/login.php [L]




So the only way to access login.php is to send /user/login, normaly the user could also access it from /_PRIVATE/pages/login.php(if docroot setup #1 is true)

So, how do I tell .htaccess #2 to point to a ../ directory?

Or is there another way to only access .php scripts I have choice in the .htaccess?