Hello, i have an content management system installed and i would like to secure my site by forbidding anyone to call php script with .php extension directly i mean so example i cant open in webbrowser: mysite.com/script.php i have prety urls (mod rewrite) on the forum so its not needed for anyone to open .php directly. i want it as protection from malware files that might be injected can i use .htaccess for this, please how? i found this post: https://www.apachelounge.com/viewtopic.php?p=22816#22816 thank you, Vit
You might be able to use something like this: RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /[^\ ]+\.php($|\ ) RewriteRule \.php$ / [F,L]
thanks alot, Your rule works exactly as needed. It do not allow executing .php file directly in webbrowser, via wget, via curl, via php, results in 403 error. But normal php website works (one just need not to open .php file directly. if one want to exclude certain php file, one can add this line: RewriteCond %{REQUEST_URI} !index.php (index.php is excluded) thx again for sharing the rule PS: if hacker who inject malicious .php file use "file.php?=imallowed" i think he will execute file without issues, so it is not 100% protection i assume..