Skip to main content

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

3
  • Thanks, I understand what you mean, in my case my only goal is to block any user who enters directly by .php, but I can not make it work, I found codes that blocks the .php but when I enter my domain .com/, I get the 403 warning. So I started to look for some extra solution. in this case I found that code that I mentioned at the beginning. To be precise, is there any code that works as I mentioned now? That blocks all .php to the user that enters directly, but that works to those who enter by domain domain .com/
    – Razyit
    Commented Mar 7, 2022 at 19:10
  • @Razyit Users don't "enter" a site via any particular route. The browser makes requests to the server, and the server responds. Every request is separate. You can handle different URLs differently, and you can serve content based on cookies (e.g. by giving them a session ID when they log in) but you can't tell how they loaded a page.
    – IMSoP
    Commented Mar 7, 2022 at 19:12
  • I understand, I just added. RewriteCond %{REQUEST_URI} !index.php$ RewriteCond %{REQUEST_URI} !ajax-details.php$ RewriteRule .php$ - [F] I get the whole page in 403.
    – Razyit
    Commented Mar 7, 2022 at 19:22