At first, I wanted to directly prohibit URLs with php suffix from being accessed in the rewrite rules. But later it was discovered that the rewrite rules are called recursively. If php is directly prohibited in the rewrite rules, the rules rewritten to the php file will also be invalid. RewriteEngineOn
Recursive calls are really scary. When you first access /test, the URL rewrite is checked once, and then if ^test$ is matched, it will be redirected internally to /test.php. However, the internal redirection will also trigger URL rewriting, so Check again, it matches ^test.php$ and is forced to operate directly [F] (Forbidden), so it becomes a 403 error. In this case, you must determine whether it has been redirected by the server. At this time, there is a REDIRECT_URL in the server variable that can be used, so I tried to use this to make a judgment.
RewriteRule.*$0[F,L] still gets 403 when writing access to /test. After a little inspection, I found that %{REDIRECT_URL} in RewriteCond is always empty, which is really annoying. In this case, it is not included in the rewrite rules. The solution is to ban php directly. But it can be achieved in less flashy ways. Just judge the REDIRECT_URL in the php file. Although this method can be implemented, it feels very inferior, but so far I haven't found any better way.
If you modify this PHP code and throw it into a global reference, there will basically be no problem. Although it is not a perfect solution, it is at least solved. Maybe you will find a better method in the future.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
