<br>Michelle, this post is completely misleading.. refer to your other posts for better results.<br><br><br>basically.. you give more you get more.. kthxbbq<br><br><div class="gmail_quote">On Sat, Nov 29, 2008 at 9:13 PM, Michele Waldman <span dir="ltr">&lt;<a href="mailto:mmwaldman@nyc.rr.com">mmwaldman@nyc.rr.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">The point of the htaccess I was working on was to attempt to prevent xss<br>
where others try to embed my php in their code on their server.<br>
<br>
I also tighted up my code, but I figured the more I can do to secure the<br>
website, the better.<br>
<br>
I&#39;m not relying on this alone.<br>
<br>
I&#39;m also scrubbing data in the php files and in the javascript files.<br>
<div class="Ih2E3d"><br>
-----Original Message-----<br>
From: <a href="mailto:talk-bounces@lists.nyphp.org">talk-bounces@lists.nyphp.org</a> [mailto:<a href="mailto:talk-bounces@lists.nyphp.org">talk-bounces@lists.nyphp.org</a>] On<br>
</div><div class="Ih2E3d">Behalf Of Konstantin Rozinov<br>
Sent: Saturday, November 29, 2008 6:50 PM<br>
To: NYPHP Talk<br>
Subject: Re: [nycphp-talk] htaccess &amp; php<br>
<br>
</div><div><div></div><div class="Wj3C7c">&gt; I&#39;m trying to lock out remote call to the php files.<br>
<br>
what do you mean by that? &nbsp;Aren&#39;t your php files processed by<br>
apache/php and then the output returned to the user?<br>
<br>
<br>
<br>
On Fri, Nov 28, 2008 at 3:02 PM, Michele Waldman &lt;<a href="mailto:mmwaldman@nyc.rr.com">mmwaldman@nyc.rr.com</a>&gt;<br>
wrote:<br>
&gt; This is not working for me<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mydomain\.com/ [NC]<br>
&gt;<br>
&gt; RewriteCond %{HTTP_REFERER} !^$<br>
&gt;<br>
&gt; RewriteRule .*\.(jpe?g|gif|bmp|png)$ /image/nolink.jpg [L]<br>
&gt;<br>
&gt; RewriteRule .file1\.php(\?*)?$ stub.php [L]<br>
&gt;<br>
&gt; RewriteRule .type1_*\.php(\?*)?$ stub.php [L]<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; All of the php files are referred to in the html as:<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; Src=&quot;../../file1.php&quot; &nbsp;or<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; Src=&quot;../../type1_file2.php?arg1=blah<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; In the case of file1, I&#39;m just getting the stub.php<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; In the case of type1_file2.php the file is being call. &nbsp;I think because my<br>
&gt; string didn&#39;t match.<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; I&#39;m trying to lock out remote call to the php files.<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; Michele<br>
&gt;<br>
&gt; _______________________________________________<br>
&gt; New York PHP User Group Community Talk Mailing List<br>
&gt; <a href="http://lists.nyphp.org/mailman/listinfo/talk" target="_blank">http://lists.nyphp.org/mailman/listinfo/talk</a><br>
&gt;<br>
&gt; <a href="http://www.nyphp.org/show_participation.php" target="_blank">http://www.nyphp.org/show_participation.php</a><br>
&gt;<br>
_______________________________________________<br>
New York PHP User Group Community Talk Mailing List<br>
<a href="http://lists.nyphp.org/mailman/listinfo/talk" target="_blank">http://lists.nyphp.org/mailman/listinfo/talk</a><br>
<br>
<a href="http://www.nyphp.org/show_participation.php" target="_blank">http://www.nyphp.org/show_participation.php</a><br>
<br>
_______________________________________________<br>
New York PHP User Group Community Talk Mailing List<br>
<a href="http://lists.nyphp.org/mailman/listinfo/talk" target="_blank">http://lists.nyphp.org/mailman/listinfo/talk</a><br>
<br>
<a href="http://www.nyphp.org/show_participation.php" target="_blank">http://www.nyphp.org/show_participation.php</a><br>
</div></div></blockquote></div><br>