Block access to pages containing ". php" with HTACCESS

Question

Block access to pages containing ". php" with HTACCESS

Asked 9 years ago

Viewed 2,002 times

3

I want to block direct access to files that end with the extension .php.

Suppose I have a page called teste.php. If the user tries to access it by teste.php it will receive a 404. The only way for the page to be accessed would be teste, without the extension .php.

You could do that with . HTACCESS?

EDIT 1

Folder structure:

 .htaccess
 index.php
 contact.php
 error
  │ 404.php
  │ 500.php
  │ ops.php

you don’t think you should redirect it with a simple header("Location") at the top of each page . php?

– Andrei Coelho

2015/06/04 at 18:24
I also have this doubt, I find it more convenient to put the 404 error page.

– Israel Sousa

2015/06/04 at 18:48
@Andreicoelho It would be better to go to the 404 same.

– hsbpedro

2015/06/04 at 20:28
I don’t know much about htacces... so I wonder if it could be in a way and such... well... And what do you think about parsing the url and checking if there is a .php.. extension if it exists, show the 404 page

– Andrei Coelho

2015/06/04 at 22:07
It’s perfectly possible, although the best would be 403 which means restricted access. You want to direct all access to index.php?

– Guilherme Nascimento

2015/06/05 at 01:23
@Guilhermenascimento may also be for the index.

– hsbpedro

2015/06/05 at 14:40

Show 1 more comment

3 answers

2

options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteRule ^([^\.]+)$ $1.php [NC,L]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [L]

RewriteCond %{THE_REQUEST} ^(?:GET|POST)\ /.*\.php\ HTTP.*$ [NC]
RewriteRule ^(.*)\.php$ http://seusite.com/erro404 [R=301,L]

1

The one that came the closest to an acceptable result. Thank you very much!

– hsbpedro

2015/06/07 at 04:41

Browser other questions tagged php htaccess

You are not signed in. Login or sign up in order to post.

by rafaelphp • **582** points · Answer 1 · 2015-06-05T01:19:05+00:00

Try one of these options:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*)$ $1.php [NC,L]

or that:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteCond %{REQUEST_FILENAME}\.php -f 
RewriteRule !.*\.php$ %{REQUEST_FILENAME}.php [L, QSA]

And this one I use on ZF2 might set an example:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteCond %{REQUEST_URI}::$1 ^(/.+)(.+)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteRule ^(.*)$ %{ENV:BASE}index.php [NC,L]

by Vitalves • 31 points · Answer 2 · 2016-08-26T01:45:10+00:00

You can also do this in PHP itself, so you can choose whether or not to display the file.

Example:

if (basename($_SERVER["PHP_SELF"]) == "nome_do_arquivo.php") {

    echo "acesso nao permitido..."; //ou um header("location $url_destino");

} else {

    //mostra o conteudo

}