-3

I have some pages ( live stream ) which i use in iframe in other place, example : subdomain.mydomain. com/original.php www.mydomain .com/iframe.html Some people where using iframe too so i restricted for external domains using htaccess 

  RewriteEngine on
RewriteRule  %{HTTP_REFERER} - [R,NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !mydomain [NC]
RewriteRule \.* image url [R,NC]

the problem that there still some people are using the direct access to my content from their computers! so is there any idea to prevent them from using my original pages only if they were acceeding from the pages where i made the iframe ? log file

DZ SAT
  • 3
  • 5
  • possible duplicate of http://stackoverflow.com/questions/395034/how-to-prevent-deep-linking-to-files-on-my-website – Calimero Nov 20 '15 at 14:06
  • 1
    That's probably because `['HTTP_REFERER']` isn't reliable. Read this http://stackoverflow.com/a/6023980/ – Funk Forty Niner Nov 20 '15 at 14:11
  • why did you tag as javascript? and where is your other code for the iframe? – Funk Forty Niner Nov 20 '15 at 14:12
  • tagged as javascript cause some one told me that i can do it using javascript but unfortunately they didn't tell me how ! – DZ SAT Nov 20 '15 at 14:15
  • see [htaccess - Deny requests from unauthorized domains](http://stackoverflow.com/questions/13872892/htaccess-deny-requests-from-unauthorized-domains) – Mazaka Nov 20 '15 at 14:15
  • well, I hope that that person who said you could do it in JS, also told you to use that in conjunction with a serverside method. Think about it; what if the user disables JS? ;-) – Funk Forty Niner Nov 20 '15 at 14:18
  • thank you @Mazaka but the problem here is that they use direct access from their computers not from their websites and this is a part of my hsot log `IP - - [20/Nov/2015:15:16:10 +0100] "GET /hd3/ HTTP/1.1" 200 1085 "http://MYDOMAIN/p/IFRAMEPAGE.html" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0" 105.109.6.135 - - [20/Nov/2015:15:15:09 +0100] "GET /OVP.xap HTTP/1.1" 200 254877 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"` – DZ SAT Nov 20 '15 at 14:20
  • must you use an iframe? why not just an "include" or use `strpos()`. That's what I use. Or an include in the iframe with `strpos()`. you can also use sessions/token. – Funk Forty Niner Nov 20 '15 at 14:21
  • 1
    Your log file entries look like the requests simply did not include any referrer at all (and therefor your `RewriteCond %{HTTP_REFERER} !^$` makes the following RewriteRule not applicable) . // If you want to prevent people from (i)framing your content on their sites, then you should rather look into the `X-Frame-Options` header. – CBroe Nov 20 '15 at 14:25
  • I think @CBroe's idea is a good one. Look up https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options – Funk Forty Niner Nov 20 '15 at 14:26
  • Please people i'm ,ot talking about iframing here .. i'm asking about a method which makes direct access disabled to my content unless it was iframed from my own domain – DZ SAT Nov 20 '15 at 14:27
  • ...that is exactly what @CBroe suggested. you want to limit people from accessing the iframe directly. What am I not grasping here? – Funk Forty Niner Nov 20 '15 at 14:30
  • lol .. not to the iframe .. i want to limit them from using the original page – DZ SAT Nov 20 '15 at 14:33
  • If you don’t want users to be able to access your content when they call the URL you want displayed inside your iframe _directly_ in their browser (by typing it into the address bar, or following a link to it from somewhere) – then `X-Frame-Options` indeed can not help, because no frames are involved in the first place. In that case, it would be possible to use JavaScript to check if the document is displayed inside of any kind of (i)frame. (How that can be accomplished, should be easy enough to research … you’re not the first one trying to do something like this.) – CBroe Nov 20 '15 at 14:34
  • @CBroe that's exactly what i was talking about but i was searching for this script from early morning and i didn't succeed . maybe cause i didn't use the exact words to describe .. so may you please give me some help – DZ SAT Nov 20 '15 at 14:41
  • thankkkk you @CBroe problem resolved with a very simple code after your comment `if (self == top) { window.location = "iframelocation"; }` – DZ SAT Nov 20 '15 at 14:52

1 Answers1

-1

What if in your contents folders you create a index.php file like this:

<?php
    header("location: ../");
?>
dayxhep
  • 5
  • 5