Tag Archives: Hiding PHP extension in IIS using URL rewrite module

Hiding PHP extension in IIS using URL rewrite module

We have some situations in which we need to hide the extension of a webpage to the end users. Mostly this is concerned with the server security. Here we discuss about hiding the PHP extension of a wepage deployed in an IIS server .

We can easily implement this in Linux using codes passed via .htaccess file. In the case of Windows we will use URL-rewrite module to achieve the same. By default, this module is not installed alongside IIS, so we need to install it via Microsoft Web Platform Installer (WPI).

After the installation of URL-rewrite module, we need to edit the web.conf file in the root directory.

Say for example, we have a php website ‘www.abc.com’ and its root folder is C:/inetpub/wwwroot/www.abc.com. We need to hide the php extension of the page, www.abc.com/test.php. That is, we need to rewrite this url into www.abc.com/test. Lets now edit the web.conf file located at the root folder of the site (C:/inetpub/wwwroot/www.abc.com).

Attaching a sample web.conf file to make it clear :

<?xml version=”1.0″ encoding=”utf-8″ ?>

<configuration>

<system.webServer>

   <rewrite>

     <rules>

         <rule name=”test rule” enabled=”false” stopProcessing=”true”>

              <match url=”^gif” />

               <action type=”Rewrite” url=”{R:0}.aspx” />

         </rule>  

     </rules>

     </rewrite>

</system.webServer>

</configuration>

In our case look for the <rewrite> option in the web.conf file. After finding <rewrite> tag, copy the below mentioned configuration and paste it under the <rewrite> tag.

<rule name=”PHP Hiding”>

     <match url=”(.*)” />

         <conditions logicalGrouping=”MatchAll”>

             <add input=”{REQUEST_FILENAME}” matchType=”IsFile” negate=”true” />

             <add input=”{REQUEST_FILENAME}” matchType=”IsDirectory” negate=”true” />

         </conditions>

     <action type=”Rewrite” url=”{R:1}.php” />

</rule>

After this, the webpage will always be displayed as www.abc.com/test instead of www.abc.com/test.php