htaccess prevent direct .php files except index.php

Question

I want to prevent direct .php file access. This below 2 lines works fine

RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^(.+)\.php - [F,L]

But, it won't open index.php file. I want to prevent direct .php file access except index.php file

Possible duplicate of [Deny direct access to all .php files except index.php](http://stackoverflow.com/questions/1340001/deny-direct-access-to-all-php-files-except-index-php) — mister martin, Apr 26 '16 at 16:47

score 1 · Answer 1 · answered Apr 26 '16 at 16:47

1

Add a condition to not apply the rule to the specific file:

RewriteCond $1 !^(index\.php)$

answered Apr 26 '16 at 16:47

Paul

8,974
3
28
48

score 1 · Answer 2 · answered Apr 26 '16 at 16:50

To prevent direct access to all .php files except index.php you can use this rule:

RewriteCond %{THE_REQUEST} \.php[?/] [NC]
RewriteRule !^index\.php$ - [F,L,NC]

You need to use %{THE_REQUEST} variable for this. THE_REQUEST variable represents original request received by Apache from your browser and it doesn't get overwritten after execution of some rewrite rules.

Cesar Bielich · Answer 3 · 2016-04-26T16:55:32.907

0

RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule !^index\.php$ - [F,L]

edited Apr 26 '16 at 16:55

answered Apr 26 '16 at 16:47

Cesar Bielich

4,754
9
39
81

score 0 · Answer 4 · answered Apr 26 '16 at 17:11

Options +FollowSymlinks
RewriteEngine On 
RewriteCond %{REQUEST_FILENAME} !^(.+).css$ 
RewriteCond %{REQUEST_FILENAME} !^(.+).js$ 
RewriteCond %{REQUEST_FILENAME} !index.php$ 
RewriteRule ^(.+)$ /deny/ [nc]

Access to files "CSS" and "JS" and "index.php" will be there. Other requests will be redirect to "Deny" folders.

htaccess prevent direct .php files except index.php

4 Answers4