Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

mod_rewrite && (open)litespeed: how to return 404 for all files with php extension?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

mod_rewrite && (open)litespeed: how to return 404 for all files with php extension?

Steve81Steve81 Member
in Help

Hello,
I'm having some trouble in a simple (at least I think so) rewrite rule:
I want to return 404 for all php files.

But I should also take in care that they can have a path info (so something like http://www.example.com/foo.php/bar).

I've noticed that, on apache, I can easily do that using ${LA-U:REQUEST_FILENAME} but litespeed doesn't support it.

Someone have some ideas on how I can do that in litespeed? Even without rewrite rules, ofc.

Regards.

Comments

  • natestammnatestamm Member
    edited July 2013

    @Steve81 I am not sure if this helps



    RewriteEngine on
RewriteRule ^(.*)\.php/(.*)$ - [R=404]
RewriteRule \.php$ - [R=404]



    I am just using regex/htaccess. My guess is this is probably not what you want But I am no litespeed or regex Pro :D


    Hope some one else can help you or you can engineer this to what you need!




    Or why not just do it all in one..

    RewriteRule ^(.*)\.php(.*)$ - [R=404]





    This should 404 any combo of...


    /foo.php


    foo.php?bar=


    foo.php/bar

  • Steve81Steve81 Member

    Thank you @natestamm, litespeed support htaccess (well, at least I can put those rule in the config file).
    But your RewriteRule would return 404 to something like that:
    /foo.php/bar/img.jpg
    where foo.php is a directory

    It's odd, but I prefer also to check the existence of the file before return 404.

  • natestammnatestamm Member
    edited July 2013

    @Steve81 Ah that's my fault I thought that was a file and you might be doing some dispatching or routing there and you needed to block it.



    RewriteEngine on
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)\.php$ - [R=404]





    I believe this rule should work for most cases. Check any thing up to a "dot PHP"-is a file, not a directory. I checked this quick on subdirectories that are formatted like you specify and it will allow that also-404 on just actualy PHP files. Still feel like I'm missing it. I just thought also if you ever wanted to allow PHP files in the middle of your path because of dispatching or routing then you'd want to actually check that there is an additional path directory or file following, But my first rules above are just blocking any .php in the path.




    But try this out it might be good.

Sign In or Register to comment.