Home/ Questions/Q 3794538
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T12:56:41+00:00

I have a .htaccess file – looks something like this: RewriteEngine On <FilesMatch ^.*\.php.*$>

  • 0

I have a .htaccess file – looks something like this:

RewriteEngine On

<FilesMatch ^.*\.php.*$>
 Order allow,deny
 Deny from all
 Satisfy All
</FilesMatch>

RewriteRule ^help$ scripts/help.php [L]
#more rewrites here...

What I’d like to be able to do is allow a URL such as http://example.com/help to be rewritten (as per the rule there) and handled by the help.php script in the scripts directory, but at the same time, deny people from directly running the script by using http://example.com/scripts/help.php. The problem is, when I use these statements, both URLs return a 403 Forbidden. I’m not even sure if what I’m trying to do is possible…

Unfortunately, I cannot place files outside/above of the root web directory (which is why I’m asking this), nor do I have access to the httpd.conf file.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If /help is requested, it gets rewritten to /scripts/help.php internally that then fulfills the pattern of <FilesMatch>. That’s why the access to /help is also forbidden.

    But you can use mod_rewrite to only forbid the access to /scripts/help.php if it was requested directly by checking the request line:

    RewriteCond %{THE_REQUEST} ^[A-Z]+\ /[^?\ ]*\.php[/? \]
RewriteRule .*\.php.*$ - [F]

    Here ^[A-Z]+\ /[^?\ ]*\.php[/? \] tests whether there is a .php in the requested URI path (it might only be preceded by any character except ? and a space) and is either followed by a / (path segment separator), a ? (indicator for the URI query) or a space (end of the URI).

    • 0