If you throw
.htaccess deny from allinto the folder with includes, then
JScan’t pull it out either. How to organize protection?
More precisely, how to protect those files that are called by means of an AJAX request. So that through the site you can call the page and directly give out that there is an error or a redirect to put ..
Answer 1, authority 100%
Permissions on files called by AJAX, set to 644
When calling an include file, check DEFINE first. For example, make an Ajax request to the index.php file, and in index.php – define a variable.
<?php define ('DEFTEST', true); .... ?>
check DEFTEST in uclud files:
<?php if (!defined("DEFTEST")) die("Access denied!"); .... ?>
You can put all include in a separate directory and throw .htaccess (deny from all) into it.
And to use them via Ajax, create a separate router at the root (ajax.php), which itself will send and receive data from the handlers in the include.