So, if I understand it correctly:
- If someone tries to access the URL
/submit, the filesubmit.phpshould be loaded. - If someone tries to access the URL
/submit.php, they should get a 403 Forbidden response.
Is this correct?
If so, you’ll need to make a number of changes:
For starters, remove all the FilesMatch stuff. You don’t want to block access .php files, you want to block access to .php URLs. FilesMatch works on files, not URLs, so you don’t want this.
This will redirect URLs with the extension to the URL without. If you wan to block the request instead, you can replace R=301 with F.
This doesn’t really make sense. You can’t take a URL and redirect it to both .php and .html. You’ll probably want to do one or the other, depending on which file is available.
So, off the cuff, the code could look something like this:
# Redirect URL to the .php extension if a .php file exists.
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^([^.]+)$ $1.php [L]
# Redirect URL to the .html extension if a .html file exists.
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^([^.]+)$ $1.html [L]