It's likely you have some other code, either in this file or elsewhere, that is responsible for rewriting static URL requests to your script.

The problem is that this rewrite is being applied first, and then the redirect is being applied, thus 'exposing' your script rewrite.

So the trick is to identify that other code and its location. Then work out how to control the order of execution to prevent the script URL from being exposed. Since the other code is likely to use mod_rewrite, the easiest solution would probably be to re-code your 301 Redirect into mod_rewrire code, put the two pieces of code into the same file, and then put them in the correct order to force the redirect to always happen first.

Note that the directives handled by each Apache module are executed in per-module order. For example, all mod_rewrite directives in a file will be processed before all mod_alias directives in the same file, regardless of how you intermix them in the file. The order of module execution determines the order that the directives will be executed. So, the easiest way to control the order of execution for a function using a mix of mod_rewrite and mod_alias directives is to only use one of those modules to perform the function.

Order of module execution in Apache 1.x is controlled by the LoadModule list order. Modules are executed in the *reverse* order that that appear in the list. In Apache 2.x, an iternal module prioritization scheme is used.

Hopefully, this info will put you on the right track.

Jim