Reputation: 15583
I'm working on a server who has the tendency to execute scripts even when I don't add .php So lets say my page is activities.php then I can execute my script with :
www.example.com/activities.php
www.example.com/activities
and even www.example.com/activities/
I've tried to bypass the problem with something like :
if ($_SERVER['REQUEST_URI'] != $_SERVER['SCRIPT_NAME']) header('Location: '. $_SERVER['SCRIPT_NAME']);
which works fine, well untill I need to post some data. There is nothing in my htaccess files which explains this behavior (no mod_rewrite stuff or anything). How can I turn this off ?
Server info :
Linux Linux1 3.2.0-24-generic #39-Ubuntu SMP Mon May 21 16:52:17 UTC 2012 x86_64
Apache Version Apache/2.2.22 (Ubuntu)
Apache API Version 20051115
Thanks in advance
EDIT : .htaccess file
php_flag display_errors on
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_Host} ^domain.be [NC]
RewriteRule ^(.*)$ http://www.domain.be/$1 [L,R=301]
Upvotes: 1
Views: 236
Reputation: 20929
It is possible that your server has MultiViews (Apache Content Negotiation) enabled; when it is enabled and a file cannot be found apache will look for the same file but with any extension. To disable this you can add -MultiViews
to Options (if your host allows it)...
Options +FollowSymLinks -MultiViews
I would question why this is a problem for you though, if you do not link to any of your scripts without the .php
then how will people find them? Canonical URLs are only really an issue if there are links to these other pages.
Additionally, you could improve your php-based redirect to check the current request method and not redirect on POST requests, by inspecting $_SERVER['REQUEST_METHOD']
...
if ($_SERVER['REQUEST_URI'] != $_SERVER['SCRIPT_NAME'] and $_SERVER['REQUEST_METHOD'] != 'POST') header('Location: '. $_SERVER['SCRIPT_NAME']);
Upvotes: 3