I rewrite the file name of php files with below htaccess code :
ErrorDocument 404 /notfound.html
AddType application/x-httpd-php .cgi
RewriteEngine on
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [F,L]
RewriteRule ^(.*)\.cgi $1\.php
What I want to do : can I restrict access to php files too ? for example if visitor want to see page.php get the 404 error and when want to see main.cgi page can see the page without error , is it possible ?
if I can’t do this with just htaccess , what’s the best solution ?
You could achieve what you want by having the php files outside of your public folder, than have your index.php file include them
and in index.php something like
Though I would question why you need to use the .cgi extension at all, is that something to do with your host, or a legacy requirement? because with htaccess you can have clean urls like
mydomain.com/products/widget/