How to stop direct execution of a php page using htaccess rules?

Question

In my .htaccess file I have defined the following rule to make my register page URL as http://example.com/register/

RewriteRule register/ /register.php

The above rule is perfectly fine but I can access my register page from http://example.com/register/ as well as from http://example.com/register.php.

I don't want that user will be able to access the URL from http://example.com/register.php URL, is there any RULE which I can define in .htaccess to stop execution of register.php URL or simply redirect any direct register.php request to /register/

Answer 1

If you are doing this to avoid getting multiple links to the same content, you can simply don't use "register.php" anywhere on your page. I think no search engine will "guess" for a certain file type and if there are no security concerns you are on the safe side, because in my opinion no user will link to this file either. However if you want to be certain just reroute all your functionality through an index.php via one line in your .htaccess which should be placed inside your www-root directory:

RewriteEngine on
RewriteRule ^(.*?)$ index.php?file=$1

In your index.php you can then simply choose which function/file to invoke by breaking down and checking the $_GET["file"] parameter. To make 100% certain no one can access your register.php file directly just move it (and all your others) to a separate directory and include a .htaccess file with the following line:

DENY from all 

There are a couple of other options to prevent direct access. Just define() a variable somewhere in your index.php and at the top of your register.php just put

defined('access') or die('Intruder alert!');

at the top. Another way could be to be honest and simply tell search engines that your content has been moved and that they no longer should use the old link:

header("Status: 301"); /* Content moved permanently */
header("Location: http://yourserver/Register/");
exit;

Update

Just one more thing that crossed my mind, you can also check $_SERVER["REQUEST_URI"], whether the user attached any ".php" and act accordingly by either denying access completely or just redirecting to the new location.