This is something that frameworks like CodeIgniter and Zend accomplish with ease, but can still be accomplished with just Apache's mod_rewrite, as others have suggested. Basically, use a .htaccess like this to direct all traffic to a one page:

<IfModule mod_rewrite.c>
    RewriteEngine On

        RewriteCond                     %{REQUEST_FILENAME} !-f
        RewriteCond                     %{REQUEST_FILENAME} !-d
    RewriteRule                 ^(.*)$ index.php?_url=$1 [QSA,L]
</IfModule>

Once you get on that page you can parse that _url variable, which can be whatever format you want, and handle the request appropriately.

For me this code work:

in "/etc/apache2/sites-available/default" or "httpd.conf"

you must have (at least) these options in the default directory

...
    <Directory />
        ...
        Options FollowSymLinks
        AllowOverride All
        ...
    </Directory>
...

OR in the site specific site directory

...
    <Directory "/var/www/my-site">
        ...
        Options FollowSymLinks
        AllowOverride All
        ...
    </Directory>
...

and create (it may not exist, make sure it is readable by apache) or edit the ".htaccess" in the directory of the site (for example "/var/www/my-site/.htaccess") and add this code:

AddType application/x-httpd-php htm html php
AddHandler application/x-httpd-php .htm .html

RewriteEngine On 
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

Create .htaccess file in your web root and enter following there:

Options +FollowSymLinks
RewriteEngine on

RewriteRule ^product/([0-9]+)$ product.php?id=$1

If you don't want to use mod_rewrite (I didn't) and the other answers didn't seem to work for you (they didn't for me). Then you might try this is you're running on Apache 2.4+.

The more insecure version: make anything without an extension run as a PHP file (this isn't so bad if, like my implementation you only have a single file for the whole server, but would still leave you open to arbitrary execution if someone were able to write a file into that directory... then again, if they can write a file, they could give it a PHP extension, so not really sure if this truly broadens your exposure.)

<FilesMatch "^[^.]+$">
    ForceType application/x-httpd-php
</FilesMatch>

Put this in either an .htaccess file for your directory (assuming you have those enabled) or put it directly in the piece in your host definition.

If you want to make it more specific (and maybe more secure) you can just replace the regex with something more concrete:

<FilesMatch "^MySingleFileWithNoExension$">
    ForceType application/x-httpd-php
</FilesMatch>

Then just restart Apache and you're good to go!

Instead of using mod_rewrite you can also use following in your .htaccess:

 DefaultType application/x-httpd-php 

And just name your script product on the server (without .php file extension).

So you can invoke it directly and would receive any appended string as $_SERVER["PATH_INFO"]

I did this for years using the following to execute a file named "Support" (NOT Support.php, I did NOT want two ways to gain access to the file).

<Files Support>
    SetHandler php-script
</Files>

However, I've started running into trouble with this when using Plesk to execute scripts as PHP 7.0. The root (.com/index.php) would run as PHP 7 just fine but any of my php-script files (.com/Support) would run as my version of Plesk's default PHP 5.4. I've yet to figure out why it's doing that, but it does get around the problem of setting a default handler.