htaccess prevent access to .php and allow only with RewriteRule

Question

I have a file .htaccess with these RewriteRules:

RewriteEngine On
RewriteRule ^login$ login.php [L]
RewriteRule ^index$ index.php [L]
RewriteRule ^page/([^/]+)/?$ page.php?id=$1 [L,QSA]

It's possible to prevent direct access to all these files, but allow access only with RewriteRule

For example if someone call: "domain.com/login" should see the page.

But if someone call "domain.com/login.php" should not (in this case should see a 403 or 404 error)

Answer 1

You can have an additional rule for blocking direct access to .php files:

RewriteEngine On

RewriteCond %{THE_REQUEST} /.+?\.php[\s?] [NC]
RewriteRule ^ - [F]

RewriteRule ^page/([^/]+)/?$ page.php?id=$1 [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/$1\.php -f [NC]
RewriteRule ^(.+?)/?$ /$1.php [L]