I’m trying to use htaccess to deny direct access to all .php files from

Question

0

Asked: June 14, 20262026-06-14T17:02:07+00:00 2026-06-14T17:02:07+00:00

I’m trying to use htaccess to deny direct access to all .php files from

0

I’m trying to use htaccess to deny direct access to all .php files from any domain other than our domain. So i’ve added php to the rule below. But is this the right way? Or is there any other “correct way to do this”

#No Hotlinking
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://mydomain\.com/.*$ [NC]
RewriteRule \.(gif|jpe?g|png|js|css|php)$ - [F]

So:

http://www.mydomain.com/page.php -> OK. Display the page.
http://www.evildomain.com/page.php -> Deny!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-14T17:02:14+00:00

Editorial Team

2026-06-14T17:02:14+00:00Added an answer on June 14, 2026 at 5:02 pm

This seems fine to me, unless you’d rather use a $_SERVER[‘HTTP_REFERER’] check in your PHP pages directly:

<?php
if ($_SERVER['HTTP_REFERER'] != 'mydomain.com') {
header("Location: goaway.php");
}

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m trying to use htaccess to deny direct access to all .php files from

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply