NYCPHP Meetup

[Michele Waldman]

The point of the htaccess I was working on was to attempt to prevent xss
where others try to embed my php in their code on their server.

I also tighted up my code, but I figured the more I can do to secure the
website, the better.

I'm not relying on this alone.

I'm also scrubbing data in the php files and in the javascript files.

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Konstantin Rozinov
Sent: Saturday, November 29, 2008 6:50 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] htaccess & php

> I'm trying to lock out remote call to the php files.

what do you mean by that?  Aren't your php files processed by
apache/php and then the output returned to the user?



On Fri, Nov 28, 2008 at 3:02 PM, Michele Waldman <mmwaldman at nyc.rr.com>
wrote:
> This is not working for me
>
>
>
> RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mydomain\.com/ [NC]
>
> RewriteCond %{HTTP_REFERER} !^$
>
> RewriteRule .*\.(jpe?g|gif|bmp|png)$ /image/nolink.jpg [L]
>
> RewriteRule .file1\.php(\?*)?$ stub.php [L]
>
> RewriteRule .type1_*\.php(\?*)?$ stub.php [L]
>
>
>
> All of the php files are referred to in the html as:
>
>
>
> Src="../../file1.php"  or
>
>
>
> Src="../../type1_file2.php?arg1=blah
>
>
>
> In the case of file1, I'm just getting the stub.php
>
>
>
> In the case of type1_file2.php the file is being call.  I think because my
> string didn't match.
>
>
>
> I'm trying to lock out remote call to the php files.
>
>
>
> Michele
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

http://www.nyphp.org/show_participation.php