I want to prevent people from accessing my php pages directly using .htaccess

Posted by asdasdasd on Stack Overflow See other posts from Stack Overflow or by asdasdasd
Published on 2010-05-06T21:26:03Z Indexed on 2010/05/06 21:28 UTC
Read the original article Hit count: 109

Filed under:

mod-rewrite

|

redirect

|

php

I have a site that is made up of php pages, but they are served to the user through includes based on what I think they need. if they can guess the name of a php file, they can access those pages. while this is not a security risk at all, i would rather have a way to catch this and redirect them to somewhere else.

i really want everything to go through the index page unless it is a file that exists (exeption being for any file ending with .php).

I tried this, didnt work:

RewriteEngine on
RewriteCond %{REQUEST_URI} !(.*\.php$) [NC]
RewriteCond %{REQUEST_FILENAME} !-f [NC]
RewriteRule .* /n/index.php [NC]

© Stack Overflow or respective owner

Related posts about mod-rewrite

Why won't this Apache modrewrite RewriteRule work?

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to get Apache mod rewrite to work on my local machine. I'm running OSX with PHP 5 and the Apache mod rewrite module is enabled. I have a directory called localhost/~Jason/hfh/admin with various PHP includes called based on a $_GET variable. I want to let users type (in theory) localhost/~Jason/hfh/admin/pages and… >>> More
Mod Rewrite Help - Pseudo-Subdirectories

as seen on Server Fault - Search for 'Server Fault'
I am dealing with a frustrating problem with Joomla that is going to require some url trickery. The idea is straight-forward but after reading a bunch of guides for mod-rewrite, I still can't seem to get it work. Let's say my site is www.mysite.com. Joomla is already performing some rewriting for… >>> More
mod-rewrite: Replacing some characters in a url

as seen on Server Fault - Search for 'Server Fault'
Is it possible to replace some forward slashes (/) of a URL to dots (.) in a RewriteRule? It doesn't have to be done exclusively with a RewriteRule, but definitely not with a script. Example 1: INPUT: /document/my/document.html OUTPUT: /document-my.document.html Example 2: INPUT: /document/depth/of/path/can/vary… >>> More
Mod rewrite for fake subdomains?

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I really tried tons of methods but i'm not successful. I want a .Htaccess code to do the following : I want to rename this : http://www.mydomain.com/media -- http://media.mydomain.com So, By example instead of calling this : http://www.mydomain.com/media/XXX/picture.jpg i will call : http://media… >>> More
Using ModRewrite to get rid of extentions

as seen on Stack Overflow - Search for 'Stack Overflow'
I would like to get rid of all the file extensions on my site. Except when they are on the index i would like it to say nothing... change this foo.com/index.html to this foo.com/ and when the user goes to another page like foo.com/contact-us.html it will be foo.com/contact-us RewriteEngine On RewriteRule… >>> More

Related posts about redirect

ajax redirect dillema, how to get redirect URL OR how to set properties for redirect request

as seen on Stack Overflow - Search for 'Stack Overflow'
First, I'm working in Google Chrome, if that helps. Here is the behavior: I send an xhr request via jquery to a remote site (this is a chrome Extension, and I've set all of the cross-site settings...): $.ajax({ type: "POST", contentType : "text/xml", url: some_url, data: some_xml… >>> More
.htaccess file size causes 500 Internal Server Error

as seen on Pro Webmasters - Search for 'Pro Webmasters'
As soon as my .htaccess goes over approx 8410 bytes, I get a 500 Internal Server Error. I don't think this is due to a bad redirect, as I have experimented with redirects in the .htaccess and then with just text that is commented out #. (no actual commands in the .htaccess file) Is there anything… >>> More
ASP.Net FormsAuthentication Redirect Loses the cookie between Redirect and Application_AuthenticateR

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a FormsAuthentication cookie that is persistent and works independently in a development, test, and production environment. I have a user that can authenticate, the user object is created, the authentication cookie is added to the response: 'Custom object to grab the TLD from the url authCookie… >>> More
How to avoid open-redirect vulnerability and safely redirect on successful login (HINT: ASP.NET MVC

as seen on Stack Overflow - Search for 'Stack Overflow'
Normally, when a site requires that you are logged in before you can access a certain page, you are taken to the login screen and after successfully authenticating yourself, you are redirected back to the originally requested page. This is great for usability - but without careful scrutiny, this feature… >>> More
Redirect with htaccess for images onto another server without redirect looping

as seen on Stack Overflow - Search for 'Stack Overflow'
Hey guys, I currently have a host where my main site is hosted on. I have set up nginx on another server to mirror/cache files being requested if it doesn't have it already, in particular images and flv videos. For example: www.domain.com is my main site. www.domain.com/video/video.flv www.domain… >>> More