[nycphp-talk] htaccess & php

Michele Waldman mmwaldman at
Fri Nov 28 15:31:27 EST 2008

They aren't in my webroot.



From: talk-bounces at [mailto:talk-bounces at] On
Behalf Of Elijah Insua
Sent: Friday, November 28, 2008 3:05 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] htaccess & php


if you really want to remove the possibility of people hitting these php's
you should
move them out of your webroot.

On Fri, Nov 28, 2008 at 3:02 PM, Michele Waldman <mmwaldman at>

This is not working for me


RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mydomain\.com/ [NC]

RewriteCond %{HTTP_REFERER} !^$

RewriteRule .*\.(jpe?g|gif|bmp|png)$ /image/nolink.jpg [L]

RewriteRule .file1\.php(\?*)?$ stub.php [L]

RewriteRule .type1_*\.php(\?*)?$ stub.php [L]


All of the php files are referred to in the html as:


Src="../../file1.php"  or




In the case of file1, I'm just getting the stub.php


In the case of type1_file2.php the file is being call.  I think because my
string didn't match.


I'm trying to lock out remote call to the php files.



New York PHP User Group Community Talk Mailing List


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the talk mailing list