views:

1346

answers:

2

I've figured out how to write something like www.test.com/test to www.test.com/test.php. This is useful to give a simpler browsing experience and obscure the use of the PHP. However, I'd like to go farther and disallow access to www.test.com/test.php completely, and allow access only through www.test.com/test in order to prevent people from discovering the use of PHP by simply trying it in a URL.

The problem is that if I disallow access to www.test.com/test.php, then www.test.com/test no longer works, since the disallow rule is triggered after the rewrite to www.test.com/test.php is done.

Is this possible to do? Any alternative suggestions for hiding the programming language used are welcome.

A: 

Have a look at the "last rule" and "no continue" flag.

http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html

This is an example to block certain domains from hotlinking to your images.
You could apply it to your case (the NC flags is important) :

    RewriteCond %{HTTP_REFERER} !^http://(www\.)?leech_site\.com/ [NC]
    RewriteRule \.(gif|jpg|png)$ - [F,L]
Kalmi
+1  A: 

One thing you could do is locate the PHP files somewhere outside of the document root and use an AliasMatch directive. If your PHP files are in /var/www-php/www.test.com try

AliasMatch ^(.*)$ /var/www-php/www.test.com/$1.php

Usually when you want to disallow access to files except under specific conditions, moving them outside the document root is a good way to do that.

David Zaslavsky