Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to use .htaccess to allow page access in my iframe but not directly?

I have a site made with iframes. I have a page I want to show in my own iframes, but I want to deny direct access. How can I protect it that way in my .htaccess?

like image 677
Damager Thedon Avatar asked Oct 17 '25 10:10

Damager Thedon


1 Answers

You can use Referer HTTP header to check if a request came from a link on your website (or img src / or iframe src for that matter):

RewriteEngine On
RewriteCond %{HTTP_REFERER} !example.com
RewriteCond %{REQUEST_URI} ^/path/to/protected/page$
RewriteRule . - [F]

Where example.com is your domain name, and /path/to/protected/page is the paht you want to protect

However, note that this approach can be fooled, as HTTP headers can be constructed by remote user (treat http headers as user input - do not trust them ;) )

like image 179
poncha Avatar answered Oct 19 '25 10:10

poncha