Block access to pages containing ". php" with HTACCESS

Asked

Viewed 2,002 times

3

I want to block direct access to files that end with the extension .php.

Suppose I have a page called teste.php. If the user tries to access it by teste.php it will receive a 404. The only way for the page to be accessed would be teste, without the extension .php.

You could do that with . HTACCESS?


EDIT 1

Folder structure:

 .htaccess
 index.php
 contact.php
 error
  │ 404.php
  │ 500.php
  │ ops.php
  • you don’t think you should redirect it with a simple header("Location") at the top of each page . php?

  • I also have this doubt, I find it more convenient to put the 404 error page.

  • @Andreicoelho It would be better to go to the 404 same.

  • I don’t know much about htacces... so I wonder if it could be in a way and such... well... And what do you think about parsing the url and checking if there is a .php.. extension if it exists, show the 404 page

  • It’s perfectly possible, although the best would be 403 which means restricted access. You want to direct all access to index.php?

  • @Guilhermenascimento may also be for the index.

Show 1 more comment

3 answers

2

Try one of these options:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*)$ $1.php [NC,L]

or that:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteCond %{REQUEST_FILENAME}\.php -f 
RewriteRule !.*\.php$ %{REQUEST_FILENAME}.php [L, QSA]

And this one I use on ZF2 might set an example:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteCond %{REQUEST_URI}::$1 ^(/.+)(.+)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteRule ^(.*)$ %{ENV:BASE}index.php [NC,L]
  • None of these worked... :(

  • It has how to post folder and file structure?

2


options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteRule ^([^\.]+)$ $1.php [NC,L]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [L]

RewriteCond %{THE_REQUEST} ^(?:GET|POST)\ /.*\.php\ HTTP.*$ [NC]
RewriteRule ^(.*)\.php$ http://seusite.com/erro404 [R=301,L]
  • 1

    The one that came the closest to an acceptable result. Thank you very much!

1

You can also do this in PHP itself, so you can choose whether or not to display the file.

Example:

if (basename($_SERVER["PHP_SELF"]) == "nome_do_arquivo.php") {

    echo "acesso nao permitido..."; //ou um header("location $url_destino");

} else {

    //mostra o conteudo

}

Browser other questions tagged

You are not signed in. Login or sign up in order to post.