It's currently possible to find out if a certain php file exist, regardless of the output.
What I'd like to point, is that it would be great to prevent direct access to php files using mod rewrite. 2 simple rules would allow only to access index.php
The problem is that this solution cuts out the ability to administrate the website, because menu links in admin panel point directly to .php files.
Adding exceptions to allow rule makes it unusable.
Would you consider to change a little bit backend, to include admin php files rather than loading them directly, so htaccess could prevent direct access to all php files except index.php ?
What I'd like to point, is that it would be great to prevent direct access to php files using mod rewrite. 2 simple rules would allow only to access index.php
Code:
<FilesMatch "\.php$">
Order Allow,Deny
Deny from all
</FilesMatch>
<FilesMatch "index\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>
The problem is that this solution cuts out the ability to administrate the website, because menu links in admin panel point directly to .php files.
Adding exceptions to allow rule makes it unusable.
Would you consider to change a little bit backend, to include admin php files rather than loading them directly, so htaccess could prevent direct access to all php files except index.php ?
Addons: blue business theme, Online Visitors, Notepad