问题
I have a file .htaccess with these RewriteRules:
RewriteEngine On
RewriteRule ^login$ login.php [L]
RewriteRule ^index$ index.php [L]
RewriteRule ^page/([^/]+)/?$ page.php?id=$1 [L,QSA]
It's possible to prevent direct access to all these files, but allow access only with RewriteRule
For example if someone call: "domain.com/login" should see the page.
But if someone call "domain.com/login.php" should not (in this case should see a 403 or 404 error)
回答1:
You can have an additional rule for blocking direct access to .php files:
RewriteEngine On
RewriteCond %{THE_REQUEST} /.+?\.php[\s?] [NC]
RewriteRule ^ - [F]
RewriteRule ^page/([^/]+)/?$ page.php?id=$1 [L,QSA]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/$1\.php -f [NC]
RewriteRule ^(.+?)/?$ /$1.php [L]
回答2:
You can add this line
RewriteRule login.php$ 403.php
EDIT:
I'm sorry this won't work because of Internal Redirection
Try this
RewriteCond %{ENV:REDIRECT_STATUS} !200
RewriteRule login.php$ 403.php [L]
来源:https://stackoverflow.com/questions/26232693/htaccess-prevent-access-to-php-and-allow-only-with-rewriterule