php - 如何拒绝直接访问网站文件但允许网站文件通过包含'file.php'相互访问？

You do this by having the PHP files outside of your webroot. Your scripts that actually need to be accessible need to be in or beneath your webroot. You typically see PHP projects these days that have a structure like this:

/projectname
            /app
            /src
            /web

The use of composer for dependency/component library management is the state of the art these days and if you are using it it will create other directories like vendor.

So your front controller or other web accessible scripts go into projectname/web and this is what you set your webroot to.

Your other scripts go into the /projectname/src.

Your include/require statements need a filesystem path, so you can reference them either via relative addressing or using a full path.

Typically people will have a bootstrapping include or use a front controller (everything goes through index.php) where include paths are setup. With component libraries you also want your class loader to be instantiated to resolve any libraries you might be using in your project.

Again the use of composer is highly recommended and will generate your class loader for you, and then it's just a matter of making sure it is included.