0

I have recently been able to hide the file extensions on my website using .htaccess , however I need to make sure that no one can visit any php/html file using the file extension on the url

Currently, my ..htaccess file looks like this

    RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^/]+)/$ $1.php
RewriteRule ^([^/]+)/([^/]+)/$ /$1/$2.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$
RewriteRule (.*)$ /$1/ [R=301,L]
Browyn Louis
  • 218
  • 3
  • 14
  • My recommendation would be to switch to a single simple router script, and then use something like [this](https://stackoverflow.com/a/11711319/231316) to only allow that file. – Chris Haas Mar 09 '22 at 04:15
  • @ChrisHaas I want them to be able to visit the php/html files but without using the file extension – Browyn Louis Mar 09 '22 at 07:42
  • Does this answer your question? [Redirecting all URLs that end in .php to no extension](https://stackoverflow.com/questions/6795590/redirecting-all-urls-that-end-in-php-to-no-extension) – CBroe Mar 09 '22 at 09:50
  • @CBroe this method worked.. but however it doesn't submit any form on the site on submit – Browyn Louis Mar 09 '22 at 13:42
  • If you make an external redirect with 301/302/303 status code, then you will lose any POST data, because the browser will follow up by making a GET request. You could use 307 instead, in that case clients are not supposed to change the request method. But how is this an issue in the first place, do you need to receive data from forms that are _not_ under your control? In the ones that you are in control of, you should of course change `action="processingScript.php"` to `action="processingScript"` to begin with now. – CBroe Mar 09 '22 at 13:48
  • I am making use of this `action=""` – Browyn Louis Mar 09 '22 at 14:22

0 Answers0