mod_rewrite, clean URLs, htacess: prevent direct access to script

Hi All,

I have started to play around with mod_rewrite on Apache to make "clean URLs" such as http://site/products/12/ instead of http://site/products.php?pid=12

I can set up the rewrite rules for the likes of above in a .htaccess file and it works well but I was reading on a blog that I should also prevent direct access to the .php scripts and only allow access through the clean URLs.

What I did was to check in the php for the REQUEST_URI and allow or deny access based on that. I was basically checking if the uri ended in .php (direct access) and allowing or denying based on that.

I'd just like to know if this is an acceptable way of doing things or if I'm missing something and should be doing it in a better way.

Thanks,

Baz.

Sully

Do a search, I posted up a solution on this a few weeks ago.

Thanks Sully, I think we are doing slightly different things but I think I got a few ideas from looking at your .htaccess

I was initially looking to send a 301 back to anyone who tried to access the php directly but now I think I'll use one of the tricks from your one to send them to a relevant base, depending on where they are poking around in.

Cheers!