I'm taking a wild guess and assume the code snippet is your rewriterule handler. (That's what the last comment suggests). If so, then you might already succeed with:
if (!strstr($_GET["wurl"], ".html")){ //or just "." instead of ".html"
exit(header("Location: /404NotFound.php"));
}
Try that before your existing if
block. Should it not work, say so, and someone else can make a lucky code suggestion.
PS: It would be better if you just tested for the existence of the files. (I also surmise you do an unfiltered include there..)