How do I go about placing this directory in my folder structure?

In my folder structure, I have a public folder where public users can have access to. However, I have a directory called “proc” that contains php files where ajax requests are sent to. Essentially, this proc directory contains php files that process the data the user sends to them via ajax. I don’t want users to access them directly by typing the uri in the address bar.

Currently, this proc directory sits above the public directory, but I feel I may run into access issues when I deploy it, especially when I modify the .htaccess file to send requests to the public directory.

If the ajax requests are write-only, then you can forbid a GET like so:

  // or whatever methods you allow
  header('Method not allowed', true, 405);

If they do utilize GET, there’s very little you can do. You could check for a lack of a query string or whatever else the get request needs, or possibly check the HTTP referer header (assuming the ajax request even sends that).