AddDefaultCharset UTF-8
AddCharset UTF-8 .css
RewriteEngine on
-RewriteRule ^[^/.]*$ /wfpl_main.php [L]
-# Close loophole in security restriction/exception below
-RewriteRule ^.*/.*wfpl_main.php$ /error_404 [L,R]
+RewriteRule ^[^/.]*$ /wfpl_main.php [L]
<FilesMatch "\.(css|jpg|png)$">
ExpiresActive On
Options SymlinksIfOwnerMatch
php_flag engine off
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
-# Exception: allow access to wfpl_main.php
-#
-# this allows access to any files named "wfpl_main.php" anywhere, so there's a
-# rewrite rule above to use the top-level one, no matter which was requested.
+# code execution exception: allow only /wfpl_main.php
+# <Files> matches regardless of directory/path, so rewrite php in subdirs
+RewriteRule ^.*/.*\.php$ - [L,R=404]
<Files "wfpl_main.php">
php_flag engine on
SetHandler application/x-httpd-php
--- /dev/null
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <title>~$title show {~404: File Not Found~}~</title>
+</head>
+<body>
+ <!--~$body show {~-->
+ <h1>404: File Not Found</h1>
+
+ <p>Oops, we don't have a page at <code>~path html~</code></p>
+
+ <p>If you got here by clicking a link on this site, please let us know where we can find that broken link.</p>
+ <!--~}~-->
+
+</body>
+</html>