How to use .htaccess to allow page access in my iframe but not directly?
12,930
You can use Referer
HTTP header to check if a request came from a link on your website (or img src / or iframe src for that matter):
RewriteEngine On
RewriteCond %{HTTP_REFERER} !example.com
RewriteCond %{REQUEST_URI} ^/path/to/protected/page$
RewriteRule . - [F]
Where example.com
is your domain name, and /path/to/protected/page
is the paht you want to protect
However, note that this approach can be fooled, as HTTP headers can be constructed by remote user (treat http headers as user input - do not trust them ;) )
Author by
Damager Thedon
Updated on June 07, 2022Comments
-
Damager Thedon almost 2 years
I have a site made with iframes. I have a page I want to show in my own iframes, but I want to deny direct access. How can I protect it that way in my
.htaccess
?