-1

Just got a new dedicated server from a reputable hosting company for my new website project.

It runs Centos 7.9/WHM with Apache 2.4+PHP 7.4 Package. PHP-FPM as handler.

I ran some test with some php files in my website folder and I noticed that any .php files is accessible without his extension. Without any .htaccess file!

"https://www.example.com/myinfo.php" is Accessible.

"https://www.example.com/myinfo" Should be inaccessible without any .htaccess + rules.

It's annoying me a lot because I know it's gonna bring me some issues during my website project.

Where could these rule be as I am not using any htaccess file?

Thanks for any information you can give me.

joe
  • 1
  • 1
  • Does this answer your question? [Removing the .php extension with mod\_rewrite](https://stackoverflow.com/questions/4908122/removing-the-php-extension-with-mod-rewrite) – Karol Dabrowski Jan 04 '21 at 16:11
  • 3
    Sounds like you could be having [multiviews](https://httpd.apache.org/docs/2.4/content-negotiation.html#multiviews) enabled in your vhost. Try turning them off, restart apache and check if the issue is resolved. There could also be rewrite rules directly in your vhost. – M. Eriksson Jan 04 '21 at 16:17
  • Multiviews must be the problem. Or atleast a rewrite rule. –  Jan 05 '21 at 07:13

1 Answers1

0

As Magnus Eriksson said: You could be having multiviews enabled in your vhost. Try turning them off, restart apache and check if the issue is resolved. There could also be rewrite rules directly in your vhost.

As you have cPanel installed, my guess is the /etc/httpd/httpd.conf, and /var/cpanel/templates/apache2_4/ea4_main.default. Before you edit the ea4_main.default, copy it to ea4_main.local: cp -a /var/cpanel/templates/apache2_4/ea4_main.default /var/cpanel/templates/apache2_4/ea4_main.local, and only edit the ea4_main.local file. Please be careful when editing it, as it could mess up a lot of things. I would suggest you to ask questions on cPanel Forums if you are using cPanel, because this must be a cPanel related issue. And, I am not responsible if any problems occur, I have warned you already.

Edit:

Since you linked your httpd.conf file, I found this:

<Directory "/">
    
      AllowOverride All
    
    Options MultiViews FollowSymLinks IncludesNOEXEC Indexes ExecCGI
</Directory>

Change it to:

<Directory "/">
    
      AllowOverride All
    
    Options -MultiViews +FollowSymLinks +IncludesNOEXEC +Indexes +ExecCGI
</Directory>
Example person
  • 3,198
  • 3
  • 18
  • 45
  • Thanks for your answer. I already had a look at Multiviews but It doesn't change anything. I also checked the httpd.conf and ea4_main.default files as you suggested me but I can't really see wha't wrong inside. How that kind of custom rule looks like? I am not a server guy. I am gonna post my question on cPanel Forum too, thanks for the advice. – joe Jan 04 '21 at 17:37
  • @joe, you probably cannot get an answer other than this. Because MultiViews is the only culprit visible. Provide the httpd.conf file in your question. And also ea4.conf.local. – Example person Jan 04 '21 at 18:07
  • @joe, I request you to post the cpanel forums thread here, so that I can assist you better there. – Example person Jan 04 '21 at 18:09
  • @joe, see https://stackoverflow.com/questions/16956810/how-do-i-find-all-files-containing-specific-text-on-linux, it might help you find which file has the MultiViews setting. – Example person Jan 04 '21 at 18:13
  • Here is my httpd.conf https://controlc.com/de0a7ad4 and ea4_main.default https://controlc.com/05228245 – joe Jan 05 '21 at 05:59
  • Didn't you see this: `Options MultiViews FollowSymLinks IncludesNOEXEC Indexes ExecCGI`. Remove MultiViews from httpd.conf. It is in about line 60 in httpd.conf. – Example person Jan 05 '21 at 06:05