NYCPHP Meetup

NYPHP.org

[nycphp-talk] htaccess & php

Michele Waldman mmwaldman at nyc.rr.com
Fri Nov 28 15:31:27 EST 2008


They aren't in my webroot.

 

  _____  

From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Elijah Insua
Sent: Friday, November 28, 2008 3:05 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] htaccess & php

 

if you really want to remove the possibility of people hitting these php's
you should
move them out of your webroot.

On Fri, Nov 28, 2008 at 3:02 PM, Michele Waldman <mmwaldman at nyc.rr.com>
wrote:

This is not working for me

 

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mydomain\.com/ [NC]

RewriteCond %{HTTP_REFERER} !^$

RewriteRule .*\.(jpe?g|gif|bmp|png)$ /image/nolink.jpg [L]

RewriteRule .file1\.php(\?*)?$ stub.php [L]

RewriteRule .type1_*\.php(\?*)?$ stub.php [L]

 

All of the php files are referred to in the html as:

 

Src="../../file1.php"  or

 

Src="../../type1_file2.php?arg1=blah

 

In the case of file1, I'm just getting the stub.php

 

In the case of type1_file2.php the file is being call.  I think because my
string didn't match.

 

I'm trying to lock out remote call to the php files.

 

Michele


_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

http://www.nyphp.org/show_participation.php

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081128/1ce63f68/attachment.html>


More information about the talk mailing list