How can htaccess block php extension if someone types it?

Question

In my htaccess i have this rule.

RewriteEngine On
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteCond %{REQUEST_URI} !/$
RewriteRule ^(.*)$ $1\.php

My php extension now is off from my urls.

But the thing is..

If a user types down .php in the end it will load the page.

Is there a way that i can block .php from url?

Possible duplicate of [Rewrite file extension BUT deny direct access to file](http://stackoverflow.com/questions/7623725/rewrite-file-extension-but-deny-direct-access-to-file) — cteski, Jan 27 '17 at 18:36
You whant that if somebody types in "example.com/index.php" he opens "example.com/index" ? — mirzak, Jan 27 '17 at 18:36

score 4 · Accepted Answer · answered Jan 27 '17 at 19:00

You can use an additional rule with THE_REQUEST variable to send forbidden error if client sends direct request for .php files:

RewriteEngine On

RewriteCond %{THE_REQUEST} \.php[/\s?] [NC]
RewriteRule ^ - [F]

RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+?)/?$ $1.php [L]

score 2 · Answer 2 · answered Jan 27 '17 at 18:39

2

Add this

RewriteRule ^.*?\.php$ forbidden [F,L]

answered Jan 27 '17 at 18:39

mirzak

1,043
4
15
30

2

That will make OP's rule also fail. – anubhava Jan 27 '17 at 19:04

score 0 · Answer 3 · answered Jan 27 '17 at 19:49

0

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^.*?\.php$ forbidden [F,L]

</IfModule>

answered Jan 27 '17 at 19:49

Manohar Godase

109
4

How can htaccess block php extension if someone types it?

3 Answers3