0

I want to hide the .php extension from all files and my regex is not working properly, it is redirecting the following /path/to/script.php?param1=test.php -> /path/to/script?param1=test

It is removing the ".php" from both the %{REQUEST_URI} and the %{parameters}.

Is there a way to stop at the first occurrence of the .php and replace just that?

Thanks.

Here is my .conf file:

<IfModule mod_rewrite.c>
    RewriteEngine On
    DirectorySlash On

    # GET /path/to/script.php q=343434
    RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
    RewriteRule ^ %1 [R,L,NC]

    # append .php to all paths
    RewriteCond %{REQUEST_FILENAME} !-d 
    RewriteCond %{REQUEST_FILENAME} !-f 
    RewriteCond %{REQUEST_FILENAME}\.php -f 
    RewriteRule (.*) $1.php [L,QSA]
    </IfModule>
Everydaypanos
  • 1
  • 3

1 Answers1

0

Using mod-rewrite, which happens AFTER a request is made, won't hide anything. Although "security by obscurity" is generally not regarded as something that should be central to your security plans, you can hide the php extension by giving your "php" files a different file extension (e.g., change index.php to index.xxx) and then setting the handler for that "new" extension, for example (check php program identifier against your particular install): 

 AddType application/x-httpd-php xxx

If you want NO extension at all, then set the default handler to php:

 DefaultType application/x-httpd-php
Colt
  • 2,029
  • 6
  • 21
  • 27
  • That would defeat the purpose of beautiful urls. The ultimate goal is to have no extensions at all and this to be handled at a file level without using auto_prepend scripts etc :) – Everydaypanos Apr 06 '16 at 11:32
  • Well, then get rid of them and set the default handler to php: `DefaultType application/x-httpd-php`. – Colt Apr 06 '16 at 12:01
  • How would I edit the code? Is there some way to tell Brackets/Atom etc to handle non extension files as PHP? – Everydaypanos Apr 06 '16 at 13:01
  • The [DefaultType directive](http://httpd.apache.org/docs/2.2/mod/core.html#defaulttype) is an Apache 2.2 core feature, with context in server config, virtual host, directory, and .htaccess. You need to add the configuration line in either the server config file or, if appropriate, the virtual host config file. If you do not have access to these files, your only option is to place it in a .htaccess file among your web content files. If .htaccess is not permitted by your hosting company, or you do not know what these files are, you need to contact your hosting company. – Colt Apr 06 '16 at 13:09