NYCPHP Meetup

NYPHP.org

[nycphp-talk] htaccess & php

Elijah Insua tmpvar at gmail.com
Sun Nov 30 00:00:31 EST 2008 

Michelle, this post is completely misleading.. refer to your other posts for
better results.


basically.. you give more you get more.. kthxbbq

On Sat, Nov 29, 2008 at 9:13 PM, Michele Waldman <mmwaldman at nyc.rr.com>wrote:

> The point of the htaccess I was working on was to attempt to prevent xss
> where others try to embed my php in their code on their server.
>
> I also tighted up my code, but I figured the more I can do to secure the
> website, the better.
>
> I'm not relying on this alone.
>
> I'm also scrubbing data in the php files and in the javascript files.
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
> On
> Behalf Of Konstantin Rozinov
> Sent: Saturday, November 29, 2008 6:50 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] htaccess & php
>
> > I'm trying to lock out remote call to the php files.
>
> what do you mean by that?  Aren't your php files processed by
> apache/php and then the output returned to the user?
>
>
>
> On Fri, Nov 28, 2008 at 3:02 PM, Michele Waldman <mmwaldman at nyc.rr.com>
> wrote:
> > This is not working for me
> >
> >
> >
> > RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mydomain\.com/ [NC]
> >
> > RewriteCond %{HTTP_REFERER} !^$
> >
> > RewriteRule .*\.(jpe?g|gif|bmp|png)$ /image/nolink.jpg [L]
> >
> > RewriteRule .file1\.php(\?*)?$ stub.php [L]
> >
> > RewriteRule .type1_*\.php(\?*)?$ stub.php [L]
> >
> >
> >
> > All of the php files are referred to in the html as:
> >
> >
> >
> > Src="../../file1.php"  or
> >
> >
> >
> > Src="../../type1_file2.php?arg1=blah
> >
> >
> >
> > In the case of file1, I'm just getting the stub.php
> >
> >
> >
> > In the case of type1_file2.php the file is being call.  I think because
> my
> > string didn't match.
> >
> >
> >
> > I'm trying to lock out remote call to the php files.
> >
> >
> >
> > Michele
> >
> > _______________________________________________
> > New York PHP User Group Community Talk Mailing List
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> > http://www.nyphp.org/show_participation.php
> >
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081130/e884134a/attachment.html>

More information about the talk mailing list