Installing and upgrading help

Do you have access to httpd.conf?  Or are you on shared system?
# lines below are comments from a dedicated machine (not shared) and are
comments in the config file for apache on CentOS/RHEL/Fedora flavored boxes:

# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

#    
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

For <Directory "/var/www/html">

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
    AllowOverride All

#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all

</Directory>

Then one could use certain directives in .htaccess files.
The .htaccess file found at your document root takes precedence over
any subdirectory .htaccess.

If your moodledata folder is in apache root ... on systems mentioned above that is /var/www/  then apache has access to moodledata and all that it contains.   Web server document root is /var/www/html/ (unless one configures the server to host multiple domains ... your's appears to be configured that way).  *IF* your moodledata folder is in 'document root' Apache would serve out anything in it via direct access (ie, browser URL).   It's in that case that a .htaccess file with restrictions becomes necessary.   moodledata should be seen/written to only by the user under which apache runs ... ie, no direct access via URL line from any browser.

http://httpd.apache.org/docs/current/mod/core.html#allowoverride

http://httpd.apache.org/docs/current/howto/htaccess.html

'spirit of sharing', Ken