RewriteRule ^site/index$ site/index.php [NC,L]
this line does hide the extension successfully. Now I do not want the page with the extension to be accessible; if one tries to access that page with the extension, it must show an error. Only the one that has the extension hidden that must be accessible.
@MrWhite gave an answer that showed how to throw an error message like you asked, but why would you want to throw an error message instead of just redirecting example.com/page.php to example.com/page? Here is the .htaccess code for that:
RewriteEngine on
RewriteRule ^(.+)\.php$ /$1 [R,L]
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*?)/?$ /$1.php [NC,END]
This makes sure that both /page and /page.php go to the same url (/page) and serve the same page/file (/page.php)
it must show an error.
To return a 403 Forbidden when accessing /site/index.php you could do the following before the existing rewrite:
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^site/index\.php$ - [F]
The condition that checks against the REDIRECT_STATUS is necessary in order to prevent the rewritten URL also triggering a 403.
However, it would be more SEO-friendly to redirect/correct such requests instead.
Aside:
this line does hide the extension successfully.
Just wording I guess, but "this line" doesn't "hide" anything. It specifically adds the extension back. (The extension is already hidden in the initial request.)
