I'm currently using a rewrite to accept requests for files without including the .php extension, however, I can't find out how to have the requests with .php either be denied or redirected to the friendly version.

For example, this is what I want to accomplish: /contact.php REDIRECT /contact /contact.php (/contact.php exists, but only accessible via /contact) would result in a 403 error

Current config:

location / {
try_files $uri $uri/ @extensionless-php;
index index.php;
}

location ~ .php {
try_files $uri =404;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

location @extensionless-php {
rewrite ^(.*)$ $1.php last;
}

Provided that what you have already works, I think what you're looking for is this part:

if ($request_uri ~ ^/(.*)\.php$) {  return 301 /$1;  }

Or, if you're using query parameters, too:

if ($request_uri ~ ^/([^?]*)\.php($|\?)) {  return 301 /$1?$args;  }

You should place it within your \.php$ location (which you should rename from your present .php). Trust me, it's NOT going to generate an infinite loop!

Some more explanation was provided in https://serverfault.com/questions/568569/nginx-url-rewrite-rule/568902#568902.