Hide *.inc.php from website visitors

Posted by Ghostrider on Stack Overflow See other posts from Stack Overflow or by Ghostrider
Published on 2010-05-21T00:48:34Z Indexed on 2010/05/21 0:50 UTC
Read the original article Hit count: 331

Filed under:
|
|

I have a script myscript.inc.php which handles all urls that look like /script-blah I accomplish this by using following .htaccess

RewriteEngine On 
RewriteRule ^script-(.*)$ myscript.inc.php?s=$1 [QSA,L]

However users could also access it this way by typing /myscript.inc.php?s=blah I would like to prevent that. I tried

<Files ~ "\.inc\.php$">
 Order deny,allow
 Deny from all
</Files>

and

RewriteCond %{REQUEST_URI} \.inc\.php
RewriteRule .* - [F,L,NS]

They both prevent users from viewing /myscript.inc.php?s=blah but they also cause /script-blah to return 403...

Is there a way to do this correctly?

© Stack Overflow or respective owner

Related posts about apache

Related posts about mod-rewrite