We Keep Coding

Apache with PHP serves a base file instead of 404

Problem: Suppose a URL is requesting a file that doesn't exist, e.g. mydomain.com/index.php/bogus
There is no folder named 'bogus' so I expect a '404 not found' response, but instead Apache sends the request to /index.php (which does exist). Why? How do I change it to respond '404 not found'?
I suppose that, in theory, Apache does this to let me generate a custom index page for the folder 'bogus' (which however does not exist). But in practice, by returning a page with 200 response, it is causing confusion to search engines and accidental visitors. My PHP code in 'index.php' is not expecting this URL and so it generates broken links in its dynamic navigation routines.
I've tried to disable indexes (Option -Indexes) and directory indexing (DirectoryIndex disabled) and removed .htaccess (AllowOverride None). None of these changed the response. I've searched stackoverflow and it has plenty of "how to serve a file instead of 404" but this is the opposite: I want Apache to return 404 instead of serving a PHP file from higher up in the file system.
My server environment is Windows Server 2008, Apache 2.2.22, and PHP 5.3. No mod_rewrite.

The solution that works is to add AcceptPathInfo Off to the Apache config file.
This directive controls whether requests that contain trailing pathname information that follows an actual filename (or non-existent file in an existing directory) will be accepted or rejected. The trailing pathname information can be made available to scripts through the CGI (common gateway interface) specifications.
When AcceptPathInfo is 'Off', the CGI parsing will keep the URL as one long string and look for a file in your filesystem to match.
When AcceptPathInfo is 'On', the CGI will separates the URL into a script name PLUS the following characters are information made available to the script.
The Apache core docs have more info: http://httpd.apache.org/docs/2.0/mod/core.html#acceptpathinfo

You don't have a folder named index.php, you have a file with that name. I think apache finds the file and decides it's found what was requested, so it serves the file.
In your index.php file, you can check that $_SERVER['REQUEST_URI'] is a valid request for index.php. If it isn't a valid request, you can use the PHP http_response_code(404) or header() functions to make your index.php return 404 for invalid URLs.

How to protect my php files on the server from being requested

I'm very new to php and web , now I'm learning about oop in php and how to divide my program into classes each in .php file. before now all I know about php program, that I may have these files into my root folder
home.php
about.php
products.php
contact.php
So, whenever the client requests any of that in the browser
http://www.example.com/home.php
http://www.example.com/about.php
http://www.example.com/products.php
http://www.example.com/contact.php
No problem, the files will output the proper page to the client.
Now, I have a problem. I also have files like these in the root folder
class1.php
class2.php
resources/myFunctions.php
resources/otherFunctions.php
how to prevent the user from requesting these files by typing something like this in the browser ?
http://www.example.com/resources/myFunctions.php
The ways that I have been thinking of is by adding this line on top of every file of them exit;
Or, I know there is something called .htaccess that is an Apache configuration file that effect the way that the Apache works.
What do real life applications do to solve this problem ?

You would indeed use whatever server side configuration options are available to you.
Depending on how your hosting is set up you could either modify the include path for PHP (http://php.net/manual/en/ini.core.php#ini.include-path) or restricting the various documents/directories to specific hosts/subnets/no access in the Apache site configuration (https://httpd.apache.org/docs/2.4/howto/access.html).
If you are on shared hosting, this level of lock down isn't usually possible, so you are stuck with using the Apache rewrite rules using a combination of a easy to handle file naming convention (ie, classFoo.inc.php and classBar.inc.php), the .htaccess file and using the FilesMatch directive to block access to *.inc.php - http://www.askapache.com/htaccess/using-filesmatch-and-files-in-htaccess/
FWIW all else being equal the Apache foundation says it is better/more efficient to do it in server side config vs. using .htaccess IF that option is available to you.

A real-life application often uses a so-called public/ or webroot/ folder in the root of the project where all files to be requested over the web reside in.
This .htaccess file then forwards all HTTP requests to this folder with internal URL rewrites like the following:
RewriteRule ^$ webroot/ [L] # match either nothing (www.mydomain.com)
RewriteRule ^(.*)$ webroot/$1 [L] # or anything else (www.mydomain.com/home.php)
.htaccess uses regular expressions to match the request URI (everything in the URL after the hostname) and prepends that with webroot/, in this example.
www.mydomain.com/home.php becomes www.mydomain.com/webroot/home.php,
www.mydomain.com/folder/file.php becomes www.mydomain.com/webroot/folder/file.php
Note: this will not be visible in the url in the browser.
When configured properly, all files that are placed outside of this folder can not be accessed by a regular HTTP request. Your application however (your php scripts), can still access those private files, because PHP runs on your server, so it has filesystem access to those files.

Recall .htaccess

I need to know if after creating the .htaccess file I have to call it within the index page, knowing that the main page is unique (only index.php) and all pages are taken from a database.
The web server that I use Apache.

The file with filename .htaccess is an extension to the webserver configuration (most commonly httpd.conf) that is loaded automatically by Apache when a file or script is loaded or executed in the directory, or any child-directories, where the .htaccess file is placed.
Furthermore, php scripts (or any scripts for that matter) have no knowledge at all of the existence of a .htaccess, nor should they care. They can be depended on configuration settings however, eg. any rewrite rules that pipe all incoming requests through a so-called front-controller (most commonly index.php), but they do not know of it's existence. Any configuration could also be placed somewhere else in the configuration tree.
For further info I'd advise you to read about Apache, or webservers in general, and learn how a common (http) request is fulfilled. It'll give you some understanding of what the .htaccess file exactly does, and does not, and how it is related, or unrelated, to any scripts.

You don't need to explicitly call the htaccess file from any of the php pages
htaccess rules will automatically apply to all the files and sub folders within the specific folder where htaccess file is placed

You cannot call the .htaccess file, it is an instruction set to the server on how to handle requests (amongst other things). You should place it in the root directory and Apache will look for it automatically when a request to the server is made for any webpage or other file.
You can also have a .htaccess flie in each folder (directory) to control requests specific to it.

Apache does not generate a 404

if I have /faq.php on the server it can also be accessed via /faq.php/nonexistant.gif why? I have made sure MultiViews are disabled. Why does the contents of /faq.php get shown when I access the URI /faq.php/randomstuff.gif? FYI, I have no htaccess file in the same directory.

/nonexistant.gif will be HTTP "PATH_INFO": http://www.ietf.org/rfc/rfc3875, section 4.1.5
Basically, the webserver will scan "down" a url until it hits an actual file. Anything after that file in the url becomes PATH_INFO.
http://example.com/some/path/leading/to/realfile.php/extra/stuff/that/becomes/path/info
^^^^^^^^^^^^^^^^^^^^--- real directories
^^^^^^^^^^^^--actual file, scanning stops here
^^-----onwards = path_info

That is called path_info. You can disable it using AcceptPathInfo Off in the apache config. People generally use it as a fake mod rewrite when mod rewrite is not availalble.
http://httpd.apache.org/docs/2.2/mod/core.html#acceptpathinfo

PHP index.php include file

I would like to include external php files into my index.php without using:
index.php?p=pagetoinclude.php
I have it like this now: index.php?page=home <- that will include home.php but I have completely forgotten how to do it like this:
index.php/home/ without "?" but using "/" slash instead.

Use mod_rewrite
And I should point out that including a page passed in via GET parameter could be extremely insecure unless you're doing the proper checks.

It looks like you're trying to use fake clear urls.
On index.php you would get the URL, split it at index.php/ and then parse the rest of the string as necessary.

Apache named this kind of feature AcceptPathInfo:
This directive controls whether requests that contain trailing pathname information that follows an actual filename (or non-existent file in an existing directory) will be accepted or rejected. The trailing pathname information can be made available to scripts in the PATH_INFO environment variable.
For example, assume the location /test/ points to a directory that contains only the single file here.html. Then requests for /test/here.html/more and /test/nothere.html/more both collect /more as PATH_INFO.
You can access that environment variable with $_SERVER['PATH_INFO']:
Contains any client-provided pathname information trailing the actual script filename but preceding the query string, if available. For instance, if the current script was accessed via the URL http://www.example.com/php/path_info.php/some/stuff?foo=bar, then $_SERVER['PATH_INFO'] would contain /some/stuff.
If you don’t have an Apache web server or can’t use AcceptPathInfo, you probably can use other mechanisms to rewrite such requests to your file and get the path info part from the requested URI somehow.