Rewrite URL's .htaccess

Question

I believe it might be a possible duplicate. But I tried my best to search for such a thing that will suit my needs and I found, none. So here's basically what I have so far, and I will explain what I need modified.

# Forbidden Access
ErrorDocument 403 /403.php

# Not Found
ErrorDocument 404 /404.php


<IfModule mod_rewrite.c>
    Options +FollowSymlinks
    RewriteEngine On
    RewriteBase /
</IfModule>


<IfModule mod_rewrite.c>
    # Strip off .php extension if it exists
    RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
    RewriteRule ^ %1 [R,L,NC]

    # Unless directory, remove trailing slash
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^([^/]+)/$ /403.php$1 [R=301,L]

    # Resolve .php file for extensionless php urls
    RewriteRule ^([^/.]+)$ $1.php [L]
</IfModule>

Now this seems to be working flawlessly. But it has one error. Let me explain first.

1) It does automatically strip-off .php extension if it exists. Not sure if it strip off .php if it is url of an external request. Forgot to check, but maybe you already know so you can tell me ?

2) When I type this... "http://website.dev/img/" it does give me an "403 Forbidden Access". So that's all good.

3) When I try this... "http://website.dev/index" it does load the page even if there is .php extension manually added it will strip it off. So All good in here too...

4) When I try random path like this... "http://website.dev/asdasd" it does give me an "404 Not Found". So we're good in here as well.

But the main problem is here...

5) When I try following... "http://website.dev/dashboard/index" it give me an 404 Not Found even tho it should be loading without issues. It appears for all pages within dashboard directory.

Can you help me to modify that htaccess above please ? I am really tired of searching and I don't know regex at all.

Answer 1

Here's my translation of you rules:

# Strip off .php extension if it exists
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]

Bad comment. You regexp means: strip off all files that have 3 uppercase first and and dot php in it. Maybe you've forgotten the ending $?

# Unless directory, remove trailing slash
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+)/$ /403.php$1 [R=301,L]

Why is that? Just do a redirect, and Apache will handle the 301 it for you:

RewriteRule .* - [L,R=403]

And then last question: why you strip off .php extension, if you re-add it later on? (°_o)

So here's what you should do, with some examples, and adapt them you fit your needs:

First test if the file has no special treatment. If so, stop immediately, like this:

RewriteRule ^/(robots\.txt|404\.php|403\.php)$ - 

Then test if someone is trying to hack. If so, redirect to whatever you want:

RewriteRule (.*)test.php - [QSA,L]
RewriteRule (.*)setup.php http://noobs.land.com/ [NC,R,L]
RewriteRule (.*)admin(.*) http://noobs.land.com/ [NC,R,L]
RewriteRule (.*)trackback(.*) http://noobs.land.com/ [NC,R,L]

Then, only after this, forbid the php extension:

RewriteRule (.*)php$ - [L,R=404]

Then, accept all static "known" file extension, and stop if it matches:

RewriteRule (.*)(\.(css|js|htc|pdf|jpg|jpeg|gif|png|ico|mpg|mp3|ogg|wav|otf|eot|svg|ttf|woff)){1}$ $1$2 [QSA,L]

Now you can do some testing. If the URI ends with a 'aabb/', test if you have a file named aabb.php, and if so, go for it:

RewriteCond %{REQUEST_URI} (\/([^\/]+))\/$
RewriteCond %{DOCUMENT_ROOT}/%1.php -f
RewriteRule (.*) %{DOCUMENT_ROOT}/%1.php [QSA,L]

If nothing is handled, and you get here, it's a problem, so stop it:

RewriteRule .* - [L,R=404]

FYI, all those sample rules are deeply tested on a production server.

And now with that, you have all what you need to do something good & working.

Answer 2

That is because of the faulty regex used in your very last rule to silently add .php extension. Change last rule to:

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI}\.php -f [NC]
RewriteRule ^(.+?)/?$ /$1.php [L]