0

I want to prevent direct access to php files to prevent bot attack

It is completely shut down with the following htaccess code. it didn't work for me

RewriteEngine on 
RewriteCond %{THE_REQUEST} \.php[\ /?].*HTTP/ 
(.*)\.php$ /index.html [L]
Improve this question
7
  • 1
    How are humans gonna access those .php files if you prevent direct access?
    – brombeer
    Commented May 2, 2019 at 6:53
  • You should only have access with url. /folder/folder/example.php instead the orientation /example
    – Z.Kirik
    Commented May 2, 2019 at 7:01
  • You missed the RewriteRule syntex in the third line. ? It should be RewriteRule (.*)\.php$ /index.html [L]
    – Amit Verma
    Commented May 2, 2019 at 7:03
  • php code with this code cannot access each other.
    – Z.Kirik
    Commented May 2, 2019 at 7:08
  • Sorry I didn't get that. Could you please be a bit specific?
    – Amit Verma
    Commented May 2, 2019 at 7:10

1 Answer 1

Reset to default
1

If you want that just the server has access to your php files you can use this:

<Filesmatch "\.(php)$">
    Require local
</FilesMatch>
Improve this answer
3
  • Never saw Required used with that keyword before, is this documented anywhere? Can’t find anything about this on httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require (I think this might only be a partial solution, and local is supposed to be an environment variable here maybe? Then that would have to be set somewhere depending on where the request came from, I don’t think this is a standard/default one …?)
    – 04FS
    Commented May 2, 2019 at 14:06
  • you are right. I couldnt find it too. but years ago i found it somewhere and it should test if it is the local server by ip.but its working on my site
    – TheBlueOne
    Commented May 2, 2019 at 17:15
  • 1
    I found the documentation
    – TheBlueOne
    Commented May 3, 2019 at 10:43

Not the answer you're looking for? Browse other questions tagged or ask your own question.