I've noticed a surge in 403 errors in my server logs, particularly for requests ending with `foo.php/` (including the trailing slash). Most of these requests seem to come from bots, but there are a few from genuine users too. I've already reviewed several Apache configuration files but haven't figured out the source of this issue yet. It's possible that something going on with Cloudflare might be causing it. Would it be a bad idea to implement a 301 redirect for all requests with `.php/` to just `.php`? My reasoning is that this could fix the issue for legitimate users, but I'm concerned it might also increase traffic from the bots.
4 Answers
You should stick to a consistent pattern for your URIs to avoid SEO and caching issues. Ideally, paths that lead to directories have a trailing slash, but with modern web setups, it's often unnecessary. So having `.php/` in the URL structure just seems incorrect.
Be cautious about using a 301 redirect. While it might fix the issue for real users, it could also double your bot traffic since they’ll just hit a new endpoint. You may want to investigate further to see how often legit users are hitting these URLs. If it's rare, leaving the 403 might be better, and focusing on the root cause could save you future headaches.
If there are legitimate users asking for these URLs, check your application's code for any mistakes that might be appending the trailing slash. On the other hand, if it’s just bots, letting them hit a 403 is fine; they aren’t worth the trouble!
I’d question the visibility of `.php` in your URLs altogether. I don't know too many PHP developers who let `.php` show up. Consider blocking those requests at the Cloudflare level since they usually come from bots.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads