Forbid access via "/index.php/" in url

As you know, after enabling pretty uls and disabling showing script name user can still access controllers via index.php in url:


still works, like


This doubling is not good.

In Yii 1.1.x you could forbid such access by extending “init” function in parent Controller component:

public function init()


	if (strpos(Yii::app()->request->requestUri, '/index.php') !== false){

		throw new CHttpException(404);



Does Yii2 have more elegant solutions?

similar thing is possible with yii2. We have no option to avoid that directly. You may also disallow this in your .htaccess file somehow which is maybe a better place for it.

Wouldn’t$enableStrictParsing-detail help in this case?

Yes, i like it too. Let me left .htaccess code here for someone who will look for it:

RewriteEngine on

# if a directory or a file exists, use it directly

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

# otherwise forward it to index.php

RewriteRule . index.php

# forbid acccess with /index.php/ in url

RewriteCond %{REQUEST_URI} ^/index\.php/

RewriteRule . - [F]