If you throw .htaccess deny from all
into the folder with the clues, then JS
, also can not pull it from there. How to organize protection?
More precisely, how to protect those files that are invoked via an AJAX request. So that through the site it was possible to call the page and directly give out that error or redirect to put ..