We Keep Coding

Apache Server Attempting to Display Contents of Non-existent Subdirectory After "index.php"

Problem
I'm running an Apache server off of an Amazon EC2 instance running Amazon Linux and running into the following issue. For example, when I enter the URL(s):
"https://example.com/index.php/some-directory"
or "https://example.com/about/index.php/some-directory"
Rather than 404ing out as I would expect, the page is attempting to load what looks like the parent folder's contents. For instance, in the second example, it's trying to haphazardly load the "about" folder's contents.
I've never seen this happen before. I have a feeling it must be something I've mis-configured in the .htaccess or the root configurations of the server.
Desired Outcome
Ideally, my outcome would be the above examples to, at least, end up showing a 404.
Steps I've Thus Far Taken
I've been scouring the .conf and .htaccess configurations, and I'm sure I'm missing something, but I'm unsure as to what even the erroneous config might look like.
Primary Contents of .htaccess File
<IfModule mod_headers.c>
<Files *.mp4>
Header set Accept-Ranges bytes
</Files>
</IfModule>
# Enable Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
</IfModule>
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
# Leverage Browser Caching
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 day"
ExpiresByType image/jpeg "access 1 day"
ExpiresByType image/gif "access 1 years"
ExpiresByType image/webp "access 1 day"
ExpiresByType image/png "access 1 years"
ExpiresByType text/css "access 1 day"
ExpiresByType text/html "access 10 minute"
ExpiresByType application/pdf "access 1 week"
ExpiresByType text/x-javascript "access 1 day"
ExpiresByType application/x-shockwave-flash "access 1 years"
ExpiresByType image/x-icon "access 1 years"
ExpiresDefault "access 1 day"
</IfModule>
<IfModule mod_headers.c>
<filesmatch "\.(ico|flv|jpg|jpeg|png|gif|css|swf|svg|mp4|mpeg|webp|woff2|ttf)$">
Header set Cache-Control "max-age=86400, public"
</filesmatch>
<filesmatch "\.(html|htm|php)$">
Header set Cache-Control "max-age=600, public, must-revalidate"
</filesmatch>
<filesmatch "\.(pdf)$">
Header set Cache-Control "max-age=86400, public"
</filesmatch>
<filesmatch "\.(js)$">
Header set Cache-Control "max-age=86400, public"
</filesmatch>
</IfModule>
ErrorDocument 300 /404/index.php
ErrorDocument 403 /404/index.php
ErrorDocument 404 /404/index.php
Options +FollowSymLinks
RewriteEngine On
#Allow for case-flexible directories
#The mod_speling module must be activated within the EC2 server itself prior to this working
<IfModule mod_speling.c>
CheckSpelling On
CheckCaseOnly On
</IfModule>
<IfModule mod_brotli.c>
AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript
</IfModule>
RewriteEngine On
# match any URL with www and rewrite it to https without the www
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
# match urls that are non https (without the www)
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^(www\.)(.*) [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Follow-up, Further Investigation
It looks like this may be similar to: What happens when i put a slash (/) after a .php url?
It appears to be related to a unique setting when you've got an Apache server serving PHP pages, "AcceptPathInfo." I'm going to attempt to disable this completely to see if this allows the page to 404 as I would hope via:
AcceptPathInfo Off
The above should disable the issue described, but won't allow me to use the PATH_INFO within PHP.
Further Investigation Update 2:
Digging deeper, it seems that the problem might lie with Apache's MultiViews option and the PHP/Apache AcceptPathInfo configuration.
I've tried turning both of them off; however, the problem still persists and any directory after index.php, such as https://example.com/index.php/this-for-example/ still returns a broken attempt at rendering, in that example, the home page of the website.
Update 3
Looking deeper, I've also found that MultiViews might be a portion of the issue? I've attempted to turn that off as well, using explicit -MultiViews directives in both the .htaccess and the root httpd.conf (I know I shouldn't leverage .htaccess if I have root httpd.conf access; this is due to specific client needs) -- this still hasn't fixed the issue.

stop wordpress from modifying/removing a specific directive .htaccess

I have those lines in the .htaccess file.
# BEGIN WordPress
# The directives (lines) between BEGIN WordPress and END WordPress are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^file-pdf.php$ wp-content/themes/astra-child/filepdf.php [QSA,L,NC]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
The line number 4 is extremely important because this is an alias that, on click, it takes to another file. I MUST maintain this line where she is.
Line N°4
RewriteRule ^file-pdf.php$ wp-content/themes/astra-child/filepdf.php [QSA,L,NC]
I do use just a few plugins, but it happens that this specific line it`s been removed from the .htaccess and this breaks the application functionality.
I have read some points in this online tutorial, i did not find a solution for my case.
online Tutorial
What should I do please to maintain this line in this block of code without to be removed from any plugin update or even the future wordpress releases updates?
As I said. this line is actually an alias that leads to another file and I haven't found a better way to make an alias. So I need to keep this line at that block position. Or use another alternative that I don't know, but that might work.
Thank you so much in advance.
Here it follows the whole code from the .htaccess file in use.
# 1° - Deny access to anyone surfing for it - 15:15 09.03.2021
<files wp-config.php>
order allow,deny
deny from all
</files>
# BEGIN LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
<IfModule LiteSpeed>
RewriteEngine on
CacheLookup on
RewriteRule .* - [E=Cache-Control:no-autoflush]
RewriteRule \.litespeed_conf\.dat - [F,L]
### marker FAVICON start ###
RewriteRule favicon\.ico$ - [E=cache-control:max-age=86400]
### marker FAVICON end ###
### marker DROPQS start ###
CacheKeyModify -qs:fbclid
CacheKeyModify -qs:gclid
CacheKeyModify -qs:utm*
CacheKeyModify -qs:_ga
### marker DROPQS end ###
</IfModule>
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END LSCACHE
# BEGIN LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END LSCACHE
# BEGIN NON_LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
### marker BROWSER CACHE start ###
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType application/pdf A31557600
ExpiresByType image/x-icon A31557600
ExpiresByType image/vnd.microsoft.icon A31557600
ExpiresByType image/svg+xml A31557600
ExpiresByType image/jpg A31557600
ExpiresByType image/jpeg A31557600
ExpiresByType image/png A31557600
ExpiresByType image/gif A31557600
ExpiresByType image/webp A31557600
ExpiresByType video/ogg A31557600
ExpiresByType audio/ogg A31557600
ExpiresByType video/mp4 A31557600
ExpiresByType video/webm A31557600
ExpiresByType text/css A31557600
ExpiresByType text/javascript A31557600
ExpiresByType application/javascript A31557600
ExpiresByType application/x-javascript A31557600
ExpiresByType application/x-font-ttf A31557600
ExpiresByType application/x-font-woff A31557600
ExpiresByType application/font-woff A31557600
ExpiresByType application/font-woff2 A31557600
ExpiresByType application/vnd.ms-fontobject A31557600
ExpiresByType font/ttf A31557600
ExpiresByType font/otf A31557600
ExpiresByType font/woff A31557600
ExpiresByType font/woff2 A31557600
</IfModule>
### marker BROWSER CACHE end ###
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END NON_LSCACHE
# BEGIN WordPress
# The directives (lines) between BEGIN WordPress and END WordPress are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^pdf-one.php$ wp-content/themes/astra-child/convertpdf.php [QSA,L,NC]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# 3° - BEGIN BLOCK THE INCLUDE-ONLY FILES.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# END BLOCK THE INCLUDE-ONLY FILES.
# 4° - BEGIN STOPS BOTS TRYING TO REGISTER IN WORDPRESS SITES THAT HAVE REGISTRATION DISABLED
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ^action=register$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^.*registration=disabled$ [NC]
RewriteRule (.*) - [F]
</IfModule>
# 4° - END STOPS BOTS TRYING TO REGISTER IN WORDPRESS SITES THAT HAVE REGISTRATION DISABLED
# 5° - BEGIN BLOCK TRACE & TRACK REQUEST METHODS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)$
RewriteRule (.*) - [F]
</IfModule>
# 5° - END BLOCK TRACE & TRACK REQUEST METHODS
# 6° - BEGIN mod_deflate - website faster
<IfModule mod_deflate.c>
# Insert filters / compress text, html, javascript, css, xml:
# mod_deflate can be used for Apache v2 and later and is the recommended GZip mechanism to use
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/vtt
AddOutputFilterByType DEFLATE text/x-component
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/js
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/ld+json
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/font-sfnt
AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE font/sfnt
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
# Exception: Images
SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png)$ no-gzip dont-vary
# Drop problematic browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
</IfModule>
# 6° - END mod_deflate - website faster
# 7° START - EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 week"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/atom+xml "access plus 1 hour"
ExpiresByType application/rdf+xml "access plus 1 hour"
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/json "access plus 0 seconds"
ExpiresByType application/ld+json "access plus 0 seconds"
ExpiresByType application/schema+json "access plus 0 seconds"
ExpiresByType application/vnd.geo+json "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType image/vnd.microsoft.icon "access plus 1 month"
ExpiresByType text/html "access plus 1 minute"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 months"
ExpiresByType application/x-javascript "access plus 1 months"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType image/bmp "access plus 1 month"
ExpiresByType image/webp "access plus 1 month"
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
ExpiresByType text/plain "access plus 1 month"
ExpiresByType text/x-component "access plus 1 month"
ExpiresByType application/manifest+json "access plus 1 week"
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
ExpiresByType text/cache-manifest "access plus 0 seconds"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
ExpiresByType font/eot "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType application/font-woff "access plus 1 month"
ExpiresByType application/font-woff2 "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType font/woff "access plus 1 month"
</IfModule>
# 7° - END EXPIRES CACHING ##
# 8° - BEGIN Alternative caching using Apache's "mod_headers", if it's installed.
#Caching of common files - ENABLED
<IfModule mod_headers.c>
# 1 Month
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>
# 2 DAYS
<FilesMatch "\.(xml|txt)$">
Header set Cache-Control "max-age=172800, public, must-revalidate"
</FilesMatch>
# 2 HOURS
<FilesMatch "\.(html|htm)$">
Header set Cache-Control "max-age=7200, must-revalidate"
</FilesMatch>
</IfModule>
# 8° - END Alternative caching using Apache's "mod_headers", if it's installed.
# 9° BEGIN
<IfModule mod_headers.c>
<FilesMatch "\.(js|css|xml|gz|html|ttf)$">
Header append Vary: Accept-Encoding
</FilesMatch>
</IfModule>
# 9° END
# 10° - BEGIN Set Keep Alive Header
<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>
# 10° - END Set Keep Alive Header
# 11° - BEGIN If your server don't support ETags deactivate with "None" (and remove header)
<IfModule mod_expires.c>
<IfModule mod_headers.c>
Header unset ETag
</IfModule>
FileETag None
</IfModule>
# 11° - END If your server don't support ETags deactivate with "None" (and remove header)
# 14° - BEGIN adding font MIME types
<IfModule mod_mime.c>
AddType application/vnd.ms-fontobject .eot
AddType application/x-font-opentype .otf
AddType image/svg+xml .svg
AddType application/x-font-ttf .ttf
AddType application/font-woff .woff
AddType application/font-woff2 .woff2
</IfModule>
# 14° - END
# 15° BEGIN DS-XML-RPC-API
# BEGIN WordPress
# The directives (lines) between "BEGIN DS-XML-RPC-API" and "END DS-XML-RPC-API" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<Files xmlrpc.php>
order deny,allow
deny from all
Allow from 122.248.245.244/32
Allow from 54.217.201.243/32
Allow from 54.232.116.4/32
Allow from 192.0.80.0/20
Allow from 192.0.96.0/20
Allow from 192.0.112.0/20
Allow from 195.234.108.0/22
Allow from 192.0.96.202/32
Allow from 192.0.98.138/32
Allow from 192.0.102.71/32
Allow from 192.0.102.95/32
</Files>
# 15° END DS-XML-RPC-API
# 16° BEGIN SECURITY POLICIES HEADER PROTOCOL
#
<IfModule mod_headers.c>
Header always set Content-Security-Policy "
default-src 'self' 5pila.com 'unsafe-inline';
script-src 'unsafe-eval';
# script-src 'self' https://m.addthis.com/live/red_lojson/300lo.json https://s7.addthis.com/js/300/addthis_widget.js https://z.moatads.com/addthismoatframe568911941483/moatframe.js;
# script-src-elem 'self' https://s7.addthis.com/js/300/addthis_widget.js?ver=80f4fcb896a389b28de3cdecff635a74;
script-src 'self' google-analytics.com ajax.googleapis.com;
script-src 'self' https://5pila.com/wp-content/themes/astra-child/assets/js/jquery-3.5.1.min.js?ver=1.0.0;
script-src 'self' https://5pila.com/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/main.js?ver=4.4.6;
script-src 'unsafe-inline';
font-src 'self' https://fonts.gstatic.com;
font-src 'self' https://5pila.com/wp-content/themes/astra-child/assets/css/fonts/Roboto-Thin.woff?ver=2.4.5.1592433682;
font-src 'self' https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2;
font-src 'self' https://fonts.googleapis.com/css?family=Raleway:400,300,200,500,600,700;
font-src 'self' https://fonts.googleapis.com/css?family=Roboto+Condensed:300,300italic,regular,italic,700,700italic&subset=latin-ext,greek-ext,cyrillic-ext,greek,vietnamese,latin,cyrillic;
base-uri 'self';
worker-src 'none';
img-src 'self' 5pila.com;
img-src https://5pila.com;
";
</IfModule>
# 16° END SECURITY POLICIES HEADER PROTOCOL
#
## 17° BEGIN
<IfModule mod_headers.c>
Header always set Permissions-Policy "geolocation=(),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=(),sync-xhr=(),accelerometer=()"
##Header always set Permissions-Policy "geolocation=();midi=();notifications=();push=();sync-xhr=();accelerometer=();gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);"
##Header always set Permissions-Policy "geolocation=(), midi=(),accelerometer=(), gyroscope=(), magnetometer=(), payment=(), camera=(), microphone=(), usb=()"
</IfModule>
## 17° END
## 18° BEGIN
<IfModule mod_headers.c>
Header always set Upgrade-Insecure-Requests: 1
</IfModule>
## 18° END
## 19° BEGIN
<IfModule mod_headers.c>
Header always set Cross-Origin-Embedder-Policy: "unsafe-none"
</IfModule>
## 19° END
## 20° BEGIN
<IfModule mod_headers.c>
Header always set Cross-Origin-Opener-Policy "same-origin"
</IfModule>
## 20° END
## 21° BEGIN
<IfModule mod_headers.c>
Header always set Cross-Origin-Resource-Policy "same-site"
</IfModule>
## 21° END
## 22° BEGIN
<IfModule mod_headers.c>
Header always set NEL "{}"
</IfModule>
## 22° END
## 23° BEGIN
<IfModule mod_headers.c>
Header always set Report_to "{}"
</IfModule>
## 23° END
## 24° BEGIN
<IfModule mod_headers.c>
Header always set Expect-CT "max-age=7776000, enforce, report-uri=https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
</IfModule>
## 24° END
## 25° BEGIN
<IfModule mod_headers.c>
Header always set Alt-Svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
</IfModule>
## 25° END
## 26° BEGIN
# off: Esta diretiva desativa a pré-busca de DNS.
# Isso é útil se você não monitora a referência das páginas
# ou se sabe que não deseja vazar informações para esses sites
<IfModule mod_headers.c>
Header always set X-DNS-Prefetch-Control "off"
</IfModule>
## 26° END
# END SECURITY POLICIES HEADER PROTOCOL
#
## 27° BEGIN
# BEGIN HARDEN YOUR .HTACCESS AND WP-CONFIG.PHP FILES
<files wp-config.php>
order allow,deny
deny from all
</files>
## 27° END
## 28° BEGIN
<Files .htaccess>
order allow,deny
deny from all
</Files>
# END HARDEN YOUR .HTACCESS AND WP-CONFIG.PHP FILES
## 28° BEGIN
# 29° BEGIN REDIRECTING HTTP TO HTTPS TRAFFIC ON APACHE
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}
[L,R=301]
</IfModule>
# 29° END REDIRECTING HTTP TO HTTPS TRAFFIC ON APACHE
## 30° BEGIN
# Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file '/home/pilacom/public_html/wordfence-waf.php'
</IfModule>
<IfModule
lsapi_module>
php_value auto_prepend_file '/home/pilacom/public_html/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule
mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# 30° END Wordfence WAF
## 31° BEGIN
# Disable Directory Indexing and Browsing
Options -Indexes
## 31° END
# 32° - BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php7_module>
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 256M
php_value post_max_size 8M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php72"
php_value upload_max_filesize 2M
php_flag zlib.output_compression On
</IfModule>
<IfModule lsapi_module>
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 256M
php_value post_max_size 8M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php72"
php_value upload_max_filesize 2M
php_flag zlib.output_compression On
</IfModule>
# 32° - END cPanel-generated php ini directives, do not edit
## 33° BEGIN
## 33° END
# BEGIN DS-XML-RPC-API
# As diretrizes (linhas) entre "BEGIN DS-XML-RPC-API" e "END DS-XML-RPC-API" são
# geradas dinamicamente e só devem ser modificadas através de filtros do WordPress.
# Quaisquer alterações nas diretivas entre esses marcadores serão sobrescritas.
<Files xmlrpc.php>
order deny,allow
deny from all
Allow from 122.248.245.244/32
Allow from 54.217.201.243/32
Allow from 54.232.116.4/32
Allow from 192.0.80.0/20
Allow from 192.0.96.0/20
Allow from 192.0.112.0/20
Allow from 195.234.108.0/22
Allow from 192.0.96.202/32
Allow from 192.0.98.138/32
Allow from 192.0.102.71/32
Allow from 192.0.102.95/32
</Files>
# END DS-XML-RPC-API
# BEGIN PREVENT HOTLINKING
# RewriteEngine on
# RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?5pila.com [NC]
# RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
# END PREVENT HOTLINKING
# BEGIN DS-XML-RPC-FIX-HOTLINK
# As diretrizes (linhas) entre "BEGIN DS-XML-RPC-FIX-HOTLINK" e "END DS-XML-RPC-FIX-HOTLINK" são
# geradas dinamicamente e só devem ser modificadas através de filtros do WordPress.
# Quaisquer alterações nas diretivas entre esses marcadores serão sobrescritas.
# END DS-XML-RPC-FIX-HOTLINK
# sends all requests for “/” to “/Site/am/index.php”
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php72” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php72___lsphp .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

I MUST maintain this line where she is.
That directive does not need to go inside the WordPress code block. You should place that directive before the # BEGIN WordPress comment marker. And this will prevent it from being overwritten by WordPress. In fact, you could place your custom rules at the very top of the file to make them easier to find/maintain.
It will work exactly the same.
You do not need to enclose it in an <IfModule> container like the other directives. And you should not repeat the RewriteEngine On and RewriteBase / directives. (The order of these particular directives do not matter. In fact, the last instance "wins" and controls the entire file.)
For example:
# Custom rules
RewriteRule ^file-pdf\.php$ wp-content/themes/astra-child/filepdf.php [L,NC]
# BEGIN WordPress
:
Don't forget to backslash-escape literal dots in the RewriteRule pattern. The QSA flag is not required here.
Aside:
However, some of your other rules are in the wrong order and so are not working as they should be. For instance:
The section # 29° BEGIN REDIRECTING HTTP TO HTTPS should be near the top of the file, before the WordPress code block / front-controller. By placing this after the WP front-controller it's simply never going to be processed for anything other than static resources.
Sections # 4° and # 5° should also be before the WordPress code block, otherwise they are not going to block the requests they are supposed to block. Generally, blocking directives should be at the top.
You also have 3 blocks of caching directives that conflict/override each other. However, no one block would seem to be the "master" and your current caching scheme appears to be a mixture of all 3!

PHP script spawning requests to itself in endless loop

I'm not even sure if I'm describing this problem correctly. I think the main thing I want to know is how I can trace the source of these requests in the code.
The problem had occurred before and I "solved" it by adding a deny to .htaccess against the IP of the server itself.
The problem reoccurred suddenly and for no apparent reason. My .htaccess setting lost its magical protective power. No changes were made in the code. Around the time of the reccurrence, I changed a config setting to add a cookie domain. I tried changing it back to blank, and I tried deleting all session files (and Magento cache). If the sessions setting caused the recurrence, that should have fixed it but it didn't.
The only thing that "fixed" it was turning off the Magento setting for web server rewrites for "clean" urls along with commenting out this line in .htacces:
RewriteRule .* index.php [L]
The site now "works", with ugly urls and, mysteriously, incredibly degraded performance. 10-20 seconds for pages to load that used to take 1-2. PHP and MySQL appear to function normally now.
But with original setting after the problem happened, I was seeing a bunch of PHP instances in top from the command line. MySQL SHOW PROCESSLIST shoeds an ever-increasing quantity of sleeping processes. And my Magento website's session folder continuously added new sessions (about 1 new session per second, even though my client browser IP address was the ONLY one allowed by htaccess during this test).
From the browser on the client side, most requests time out, and rarely the page does load after a VERY long time (10+ minutes - PHP max_execution_time is long to allow for long import/export processes to complete).
A static index.php that just echoes "it works" loads without any weird errors.
I have no idea what the problem is. Is it malicious code? Is it some problem with session handling? Could it even be related to DNS? I could make progress solving the problem if I could trace the source of the "zombie" requests somehow.
EDIT: Here is my complete .htaccess file, with some things redacted ( I changed IP addresses)
############################################
## default index file
DirectoryIndex index.php
<IfModule mod_php5.c>
############################################
## adjust memory limit
# php_value memory_limit 512M
# php_value max_execution_time 10
php_value max_input_time 18000
############################################
## disable magic quotes for php request vars
php_flag magic_quotes_gpc off
############################################
## disable automatic session start
## before autoload was initialized
php_flag session.auto_start off
############################################
## enable resulting html compression
php_flag zlib.output_compression on
###########################################
# disable user agent verification to not break multiple image upload
php_flag suhosin.session.cryptua off
###########################################
# turn off compatibility with PHP4 when dealing with objects
php_flag zend.ze1_compatibility_mode Off
</IfModule>
<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
<IfModule mod_deflate.c>
############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip
# Insert filter
SetOutputFilter DEFLATE
# Netscape 4.x has some problemsÂ~E
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# DonÂ~Rt compress images
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Make sure proxies donÂ~Rt deliver the wrong content
Header append Vary User-Agent env=!dont-vary
# enable resulting html compression
#php_flag zlib.output_compression on
</IfModule>
<IfModule mod_ssl.c>
############################################
## make HTTPS env vars available for CGI mode
SSLOptions StdEnvVars
</IfModule>
<IfModule mod_rewrite.c>
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
############################################
## you can put here your magento root folder
## path relative to web root
# if site is at raw ip/user url like http://111.22.33.44/~users_folder/
# RewriteBase /~users_folder/
RewriteBase /
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## always send 404 on missing files in these folders
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead
AddDefaultCharset Off
#AddDefaultCharset UTF-8
<IfModule mod_expires.c>
############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires
ExpiresActive On
ExpiresDefault "access plus 1 year"
#ExpiresDefault "access plus 1 year"
</IfModule>
############################################
## By default allow all access
Order allow,deny
Allow from all
#try denying own ip. it seems like it is sending the requests!
#this server ip e.g. 111.22.33.44
# this hack "fixed" the problem a long time ago.
Deny from 111.22.33.44
# Order deny,allow
# Deny from all
# Allow from [particular IP for testing]
<FilesMatch "\.(?:inc|ini|txt|tar|gz|sql|sh|zip|htm|html|log)$|apc.php">
Order allow,deny
Deny from all
</FilesMatch>
############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags
FileETag none
Options All -Indexes
# 4 Weeks
<FilesMatch "\.(html|htm|phtml)$">
Header set Cache-Control "max-age=2419200, must-revalidate"
</FilesMatch>
<FilesMatch "\.(js|css|swf)$">
Header set Cache-Control "max-age=2419200"
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|PNG|JPEG|GIF|SWF|JPG)$">
Header set Cache-Control "max-age=2419200, public"
</FilesMatch>
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>
# compress text, HTML, JavaScript, CSS, and XML
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/phtml
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
# remove browser bugs
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On
# Default directive
ExpiresDefault "access plus 1 month"
# My favicon
ExpiresByType image/x-icon "access plus 1 year"
# Images
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/GIF "access plus 1 month"
ExpiresByType image/PNG "access plus 1 month"
ExpiresByType image/JPG "access plus 1 month"
ExpiresByType image/JPEG "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
# CSS
ExpiresByType text/css "access 1 month"
# Javascript
ExpiresByType application/javascript "access plus 1 year"
</IfModule>

Trouble with vanilla Bonfire/CI installation and .htaccess

OK, so my situation is rather simple (although not yet resolved).
I downloaded Bonfire (for CodeIgniter)
Created a new folder in my Sites folder, let's say bonfire (I'm using XAMPP for Mac)
I'm going to http://localhost/~drkameleon/bonfire (where the install page should appear based on the docs)
And I'm getting an error message
Server error!
The server encountered an internal error and was unable to complete
your request. Either the server is overloaded or there was an error in
a CGI script.
Now, I'm thinking that it may have something to do with the installation folder actually being a subfolder (I think it's mentioned somewhere in Bonfire's documentation, too). However, I still don't know what exactly to tweak in the huge .htaccess file that comes along with Bonfire.
So, here it is :
# ----------------------------------------------------------------------
# Webfont access
# ----------------------------------------------------------------------
# Allow access from all domains for webfonts.
# Alternatively you could only whitelist your
# subdomains like "subdomain.example.com".
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
# ----------------------------------------------------------------------
# Proper MIME type for all files
# ----------------------------------------------------------------------
# JavaScript
# Normalize to standard type (it's sniffed in IE anyways)
# tools.ietf.org/html/rfc4329#section-7.2
AddType application/javascript js
# Audio
AddType audio/ogg oga ogg
AddType audio/mp4 m4a
# Video
AddType video/ogg ogv
AddType video/mp4 mp4 m4v
AddType video/webm webm
# SVG
# Required for svg webfonts on iPad
# twitter.com/FontSquirrel/status/14855840545
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
# Webfonts
AddType application/vnd.ms-fontobject eot
AddType application/x-font-ttf ttf ttc
AddType font/opentype otf
AddType application/x-font-woff woff
# Assorted types
AddType image/x-icon ico
AddType image/webp webp
AddType text/cache-manifest appcache manifest
AddType text/x-component htc
AddType application/xml rss atom xml rdf
AddType application/x-chrome-extension crx
AddType application/x-opera-extension oex
AddType application/x-xpinstall xpi
AddType application/octet-stream safariextz
AddType application/x-web-app-manifest+json webapp
AddType text/x-vcard vcf
# ----------------------------------------------------------------------
# Gzip compression
# ----------------------------------------------------------------------
<IfModule mod_deflate.c>
# Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>
# HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
<IfModule filter_module>
FilterDeclare COMPRESS
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/x-component
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/javascript
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/json
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xml
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xhtml+xml
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/rss+xml
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/atom+xml
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/vnd.ms-fontobject
FilterProvider COMPRESS DEFLATE resp=Content-Type $image/svg+xml
FilterProvider COMPRESS DEFLATE resp=Content-Type $image/x-icon
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/x-font-ttf
FilterProvider COMPRESS DEFLATE resp=Content-Type $font/opentype
FilterChain COMPRESS
FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no
</IfModule>
<IfModule !mod_filter.c>
# Legacy versions of Apache
AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
</IfModule>
</IfModule>
# ----------------------------------------------------------------------
# Start rewrite engine
# ----------------------------------------------------------------------
# Turning on the rewrite engine is necessary for the following rules and features.
# FollowSymLinks must be enabled for this to work.
<IfModule mod_rewrite.c>
Options +FollowSymlinks -Indexes
RewriteEngine On
# If you installed Bonfire in a subfolder, you will need to
# change the following line to match the subfolder you need.
# http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase
RewriteBase /
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^bonfire/codeigniter.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
</IfModule>
# Rewrite "www.example.com -> example.com"
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
# ----------------------------------------------------------------------
# UTF-8 encoding
# ----------------------------------------------------------------------
# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8
# Force UTF-8 for a number of file formats
AddCharset utf-8 .css .js .xml .json .rss .atom
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or Git.
<IfModule mod_rewrite.c>
RewriteCond %{SCRIPT_FILENAME} -d
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 index.php
</IfModule>
If you've got any idea, I'd be more than happy to try it out.

In the 'Start rewrite engine' section:
# If you installed Bonfire in a subfolder, you will need to
# change the following line to match the subfolder you need.
# http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase
RewriteBase /
Try changing yours to
RewriteBase /~drkameleon/bonfire/
Also double check that you have the rewrite module activated in Apache using phpinfo()

zend router issue in some directories

I have an uploads directory in public path, but in some projects zend can't understand this is a directory and not a Controller.
when I open this folder, zend shows below error to me:
Invalid controller specified "uploads"
checked .htaccess and have no problem.
this is my htaccess code:
RewriteEngine On
AddDefaultCharset utf-8
Options +FollowSymLinks
<IfModule mod_expires.c>
<FilesMatch "\.(gif|jpg|jpeg|png|swf|css|js|html?|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 10 years"
</FilesMatch>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*\.(js|css))$ plugins/smartoptimizer/?$1
<IfModule mod_expires.c>
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^(.*\.(js|css|html?|xml|txt))$ plugins/smartoptimizer/?$1
</IfModule>
</IfModule>
<IfModule !mod_expires.c>
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^(.*\.(gif|jpg|jpeg|png|swf|css|js|html?|xml|txt))$ plugins/smartoptimizer/?$1
</IfModule>
<FilesMatch "\.(gif|jpg|jpeg|png|swf|css|js|html?|xml|txt)$">
FileETag none
</FilesMatch>
#
# If Apache is compiled with built in mod_deflade/GZIP support
# then GZIP Javascript, CSS, HTML and XML so they're sent to
# the client faster.
#
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/x-javascript text/css text/html text/xml
</IfModule>
#enabling gzip----------------------------
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
# cache images and flash content for one month
<filesmatch ".(flv|gif|jpg|jpeg|png|ico|swf)$">
Header set Cache-Control "max-age=2592000"
</filesmatch>
# cache text, css, and javascript files for one week
<filesmatch ".(js|css|pdf|txt)$">
Header set Cache-Control "max-age=604800"
</filesmatch>
# cache html and htm files for one day
<filesmatch ".(html|htm)$">
Header set Cache-Control "max-age=43200"
</filesmatch>
# implement minimal caching during site development
<filesmatch "\.(flv|gif|jpg|jpeg|png|ico|js|css|pdf|swf|html|htm|txt)$">
Header set Cache-Control "max-age=5"
</filesmatch>
# explicitly disable caching for scripts and other dynamic files
<filesmatch "\.(pl|php|cgi|spl|scgi|fcgi)$">
Header unset Cache-Control
</filesmatch>
SetEnv APPLICATION_ENV development
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]