If I use ACL to deny access to an action called ajaxAction for anonymous users, it only will deny it when I type it in the URL or also when using AJAX?
Both. As far as the server is concerned, an AJAX request is the same as a regular browser request (well, there may be some extra headers sent, but they're relatively inconsequential)
Yeah, I thinked the same, but I wanted to ask before for a minimun of hope to not waste time xD. Thanks.