How to protect an include file from being called directly?

If you throw .htaccess deny from allinto the folder with includes, then JScan’t pull it out either. How to organize protection?

More precisely, how to protect those files that are called by means of an AJAX request. So that through the site you can call the page and directly give out that there is an error or a redirect to put ..


Answer 1, authority 100%

Permissions on files called by AJAX, set to 644


Answer 2

When calling an include file, check DEFINE first. For example, make an Ajax request to the index.php file, and in index.php – define a variable.

index.php

<?php
define ('DEFTEST', true);
....
?>

check DEFTEST in uclud files:

<?php
 if (!defined("DEFTEST")) die("Access denied!");
....
?>

Answer 3

You can put all include in a separate directory and throw .htaccess (deny from all) into it.
And to use them via Ajax, create a separate router at the root (ajax.php), which itself will send and receive data from the handlers in the include.