I want to block users from directly viewing my CSS & JS files, etc. In searching the forum, I found this thread:
[
webmasterworld.com...]
which suggests the code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite\.net
RewriteRule \.(js|css)$ - [F]
But, as I finally learned through jdMorgan's persistent advice, this allows users to view the file through the address bar, exactly what the poster in the above thread (and me) want to block. I verified this in testing. So I suppose the same 'hole' exists here as with image protection? If I'm missing something; please fill me in.
As an alternative for this method, I also came across this:
[
webmasterworld.com...]
Is it fairly easy to deliver these files via PHP, then deny HTTP access from all?
