I want to block direct access to files ending with the .php extension.
Let's say I have a page called teste.php . If the user tries to access it by teste.php it will receive a 404. The only way the page can be accessed would be teste , without the .php extension.
Would you like to do this with .HTACCESS?
Folder structure:
.htaccess
index.php
contact.php
error
│ 404.php
│ 500.php
│ ops.php
options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteRule ^([^\.]+)$ $1.php [NC,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [L]
RewriteCond %{THE_REQUEST} ^(?:GET|POST)\ /.*\.php\ HTTP.*$ [NC]
RewriteRule ^(.*)\.php$ http://seusite.com/erro404 [R=301,L]
Try one of these options:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*)$ $1.php [NC,L]
or this:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule !.*\.php$ %{REQUEST_FILENAME}.php [L, QSA]
This one I use in ZF2 might take something as an example:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteCond %{REQUEST_URI}::$1 ^(/.+)(.+)::$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteRule ^(.*)$ %{ENV:BASE}index.php [NC,L]
You can also do this in PHP itself, so you can choose whether or not to display the file.
Example:
if (basename($_SERVER["PHP_SELF"]) == "nome_do_arquivo.php") {
echo "acesso nao permitido..."; //ou um header("location $url_destino");
} else {
//mostra o conteudo
}