0

I want to prevent direct access to php files to prevent bot attack

It is completely shut down with the following htaccess code. it didn't work for me

RewriteEngine on 
RewriteCond %{THE_REQUEST} \.php[\ /?].*HTTP/ 
(.*)\.php$ /index.html [L]
brombeer
  • 8,716
  • 5
  • 21
  • 27
Z.Kirik
  • 121
  • 1
  • 1
  • 10

1 Answers1

1

If you want that just the server has access to your php files you can use this:

<Filesmatch "\.(php)$">
    Require local
</FilesMatch>
TheBlueOne
  • 486
  • 5
  • 13
  • Never saw Required used with that keyword before, is this documented anywhere? Can’t find anything about this on https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require (I think this might only be a partial solution, and `local` is supposed to be an environment variable here maybe? Then that would have to be set somewhere depending on where the request came from, I don’t think this is a standard/default one …?) – 04FS May 02 '19 at 14:06
  • you are right. I couldnt find it too. but years ago i found it somewhere and it should test if it is the local server by ip.but its working on my site – TheBlueOne May 02 '19 at 17:15
  • 1
    I found the [documentation](http://httpd.apache.org/docs/current/mod/mod_authz_host.html) – TheBlueOne May 03 '19 at 10:43