使用htaccess将PHP文件名重写为cgi，并拒绝访问php文件

Question

I rewrite the file name of php files with below htaccess code :

ErrorDocument 404 /notfound.html

AddType application/x-httpd-php .cgi
RewriteEngine on 
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [F,L]
RewriteRule ^(.*)\.cgi $1\.php 

What I want to do : can I restrict access to php files too ? for example if visitor want to see page.php get the 404 error and when want to see main.cgi page can see the page without error , is it possible ?
if I can't do this with just htaccess , what's the best solution ?

Answer 1

You could achieve what you want by having the php files outside of your public folder, than have your index.php file include them

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [F,L]

and in index.php something like

$validFiles = array('page', 'about', 'gallery');

$requestedFile = str_replace('.cgi', '', trim($_SERVER['REQUEST_URI'], '/');

if(in_array($requestedFile, $validFiles ))
{
    // ../ goes into the parent folder, and code is a sibling of your public folder
    include '../code/'.$requestedFile.'.php';
}
else
{
    // file not found stuff or index here
}

Though I would question why you need to use the .cgi extension at all, is that something to do with your host, or a legacy requirement? because with htaccess you can have clean urls like

mydomain.com/products/widget/