I want to prevent direct access to php files to prevent bot attack
It is completely shut down with the following htaccess code. it didn't work for me
RewriteEngine on
RewriteCond %{THE_REQUEST} \.php[\ /?].*HTTP/
(.*)\.php$ /index.html [L]
If you want that just the server has access to your php files you can use this:
<Filesmatch "\.(php)$">
Require local
</FilesMatch>
local
is supposed to be an environment variable here maybe? Then that would have to be set somewhere depending on where the request came from, I don’t think this is a standard/default one …?)
RewriteRule
syntex in the third line. ? It should beRewriteRule (.*)\.php$ /index.html [L]