The point of the htaccess I was working on was to attempt to prevent xss where others try to embed my php in their code on their server.
I also tighted up my code, but I figured the more I can do to secure the website, the better. I'm not relying on this alone. I'm also scrubbing data in the php files and in the javascript files. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Konstantin Rozinov Sent: Saturday, November 29, 2008 6:50 PM To: NYPHP Talk Subject: Re: [nyphp-talk] htaccess & php > I'm trying to lock out remote call to the php files. what do you mean by that? Aren't your php files processed by apache/php and then the output returned to the user? On Fri, Nov 28, 2008 at 3:02 PM, Michele Waldman <[EMAIL PROTECTED]> wrote: > This is not working for me > > > > RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mydomain\.com/ [NC] > > RewriteCond %{HTTP_REFERER} !^$ > > RewriteRule .*\.(jpe?g|gif|bmp|png)$ /image/nolink.jpg [L] > > RewriteRule .file1\.php(\?*)?$ stub.php [L] > > RewriteRule .type1_*\.php(\?*)?$ stub.php [L] > > > > All of the php files are referred to in the html as: > > > > Src="../../file1.php" or > > > > Src="../../type1_file2.php?arg1=blah > > > > In the case of file1, I'm just getting the stub.php > > > > In the case of type1_file2.php the file is being call. I think because my > string didn't match. > > > > I'm trying to lock out remote call to the php files. > > > > Michele > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php
