How to use .htaccess to allow page access in my iframe but not directly?

.htaccess iframe access-control
12,930

You can use Referer HTTP header to check if a request came from a link on your website (or img src / or iframe src for that matter):

RewriteEngine On
RewriteCond %{HTTP_REFERER} !example.com
RewriteCond %{REQUEST_URI} ^/path/to/protected/page$
RewriteRule . - [F]

Where example.com is your domain name, and /path/to/protected/page is the paht you want to protect

However, note that this approach can be fooled, as HTTP headers can be constructed by remote user (treat http headers as user input - do not trust them ;) )

Share:
12,930
Damager Thedon
Author by

Damager Thedon

Updated on June 07, 2022

Comments

  • Damager Thedon
    Damager Thedon almost 2 years

    I have a site made with iframes. I have a page I want to show in my own iframes, but I want to deny direct access. How can I protect it that way in my .htaccess?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to access htpasswd-protected page automatically
Error: Permission denied to access property "document"
PHP: How can I block direct URL access to a file, but still allow it to be downloaded by logged in users?
Flutter web 404 Not Found
Flutter Web listen to Events posted through iFrame
How do I trigger a function when using HtmlElementView Widget?
How to execute iframe function from flutter web's HtmlElementView
301 redirection remove parameters
How to Add Expires headers
Separate CodeIgniter public folder