htaccess prevent access to .php and allow only with RewriteRule

Question

I have a file .htaccess with these RewriteRules:

RewriteEngine On
RewriteRule ^login$ login.php [L]
RewriteRule ^index$ index.php [L]
RewriteRule ^page/([^/]+)/?$ page.php?id=$1 [L,QSA]

It's possible to prevent direct access to all these files, but allow access only with RewriteRule

For example if someone call: "domain.com/login" should see the page.

But if someone call "domain.com/login.php" should not (in this case should see a 403 or 404 error)

anubhava · Accepted Answer · 2014-10-07T12:32:38.727

2

You can have an additional rule for blocking direct access to .php files:

RewriteEngine On

RewriteCond %{THE_REQUEST} /.+?\.php[\s?] [NC]
RewriteRule ^ - [F]

RewriteRule ^page/([^/]+)/?$ page.php?id=$1 [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/$1\.php -f [NC]
RewriteRule ^(.+?)/?$ /$1.php [L]

edited Oct 07 '14 at 12:32

answered Oct 07 '14 at 09:39

anubhava

713,503
59
514
593

thx, because i have to prevent access in many many pages, is possibile to have a single rule for each page or a single rule for all php pages? – ipel Oct 07 '14 at 10:50

the91end · Answer 2 · 2014-10-08T02:02:15.880

0

You can add this line

RewriteRule login.php$ 403.php

EDIT:

I'm sorry this won't work because of Internal Redirection

Try this

RewriteCond %{ENV:REDIRECT_STATUS} !200
RewriteRule login.php$ 403.php [L]

edited Oct 08 '14 at 02:02

answered Oct 07 '14 at 09:46

the91end

91
1
7

whit this rule the page "login.php" will be blocked, but the page "login" too :( – ipel Oct 07 '14 at 11:10

htaccess prevent access to .php and allow only with RewriteRule

2 Answers2

Linked