douxieti6851 2014-10-07 09:21
浏览 236
已采纳

htaccess阻止访问.php并仅允许使用RewriteRule

I have a file .htaccess with these RewriteRules:

RewriteEngine On
RewriteRule ^login$ login.php [L]
RewriteRule ^index$ index.php [L]
RewriteRule ^page/([^/]+)/?$ page.php?id=$1 [L,QSA]

It's possible to prevent direct access to all these files, but allow access only with RewriteRule

For example if someone call: "domain.com/login" should see the page.

But if someone call "domain.com/login.php" should not (in this case should see a 403 or 404 error)

  • 写回答

2条回答 默认 最新

  • doulun1666 2014-10-07 09:39
    关注

    You can have an additional rule for blocking direct access to .php files:

    RewriteEngine On

RewriteCond %{THE_REQUEST} /.+?\.php[\s?] [NC]
RewriteRule ^ - [F]

RewriteRule ^page/([^/]+)/?$ page.php?id=$1 [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/$1\.php -f [NC]
RewriteRule ^(.+?)/?$ /$1.php [L]
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?