Block direct access to PHP files

Question

My present htaccess file contains mod_rewrite rules to perform this:

www.mysite.com/articles/jkr/harrypotter --> www.mysite.com/index.php?p=articles&author=jkr&book=harrypotter

www.mysite.com/articles/jkr --> www.mysite.com/index.php?p=articles&author=jkr

www.mysite.com/articles --> www.mysite.com/index.php?p=articles

In my root directory, I have some PHP files like: index.php, pre.php, view.php, etc.

What I want: block direct access to php files.

Eg:

www.mysite.com/index.php --> "404 - Page Not Found" or "File not exist"

www.mysite.com/view.php --> "404 - Page Not Found" or "File not exist"

I have tried a code that I found on searching. It uses "f" flag. But i did not understand it. When I used it do not show the home page also. So, I removed everything that I was testing. My htaccess file now contains three rules only(to accept page, author, book).

Please help.

Answer 1

I saw another question that was previous asked in here : mod_rewrite error 404 if .php

A change that I made to it is, added [NC] flag. Otherwise, if we put the uppercase letter in extension(say, "index.PHP") it will load.

So, SOLUTION:

RewriteCond %{THE_REQUEST} \.php[\ /?].*HTTP/ [NC]
RewriteRule ^.*$ - [R=404,L]

thank you

Answer 2

Create a simple 404.php that throws a 404 error, then rewrite index.php to 404.php etc.

Answer 3

You can also do this at your script level. If you add a rule within your index.php to check whether you have been passed GET variables or just called the page without any parameters like so:

<?

    if(empty($_GET)) 
        header('Location: http://www.yoursite.com/404.php');
    else 
       //your usual script

?>

Then you have control to either redirect people to a 404 error or show something more helpful, like a landing page with an index or some form of website navigation.