NYCPHP Meetup

[nycphp-talk] htaccess & php

Elijah Insua tmpvar at gmail.com
Fri Nov 28 15:05:03 EST 2008


if you really want to remove the possibility of people hitting these php's
you should
move them out of your webroot.

On Fri, Nov 28, 2008 at 3:02 PM, Michele Waldman <mmwaldman at nyc.rr.com>wrote:

>  This is not working for me
>
>
>
> RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mydomain\.com/ [NC]
>
> RewriteCond %{HTTP_REFERER} !^$
>
> RewriteRule .*\.(jpe?g|gif|bmp|png)$ /image/nolink.jpg [L]
>
> RewriteRule .file1\.php(\?*)?$ stub.php [L]
>
> RewriteRule .type1_*\.php(\?*)?$ stub.php [L]
>
>
>
> All of the php files are referred to in the html as:
>
>
>
> Src="../../file1.php"  or
>
>
>
> Src="../../type1_file2.php?arg1=blah
>
>
>
> In the case of file1, I'm just getting the stub.php
>
>
>
> In the case of type1_file2.php the file is being call.  I think because my
> string didn't match.
>
>
>
> I'm trying to lock out remote call to the php files.
>
>
>
> Michele
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081128/84bfb079/attachment.html>


More information about the talk mailing list