I would like to prevent direct access to .php files using .htaccess file . I know of other measures like taking the files out of the public folder or using code in each file, but for me this is the most comfortable.
By prevent access to files .php
I mean accessing any URL using .php
the end of the URL, since all other URLs are dynamic (they don't have .php
the end) In a nutshell, allow access to URLs like ejemplo.com/login
but not toejemplo.com/functions.php
This is what I've tried, but it doesn't work for me:
# Prevenir acceso a archivos php
<FilesMatch "\.(php)$">
Require all denied
<FilesMatch>
Mistake:
Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request.
If you are only interested in blocking outside access to all files
.php
except forindex.php
, you can use%{THE_REQUEST}
, since it is the original request, which persists even after redirects.The condition is for any
THE_REQUEST
url that ends with.php
, and the rule applies to any url that does not matchindex.php
. The flag[F]
makes it not allow access ( HTTP 403 ).A very effective strategy that some applications use is that they create a blank index.html in each folder, so you avoid scanning the entire directory.
Now if you want to remove the .php extension from your pages, try the following script in the htaccess
I hope this helps you and was able to answer your question. Cheers!
You can include the following in your .htaccess:
This will allow access to any file such as index.php, index2.php, etc., but will disallow access of any kind to other .php files. It will not affect other types of files.
Reference: https://stackoverrun.com/es/q/250197