如何阻止某人访问iframe外部的文件? [英] How to stop someone from accessing a file outside an iframe?

问题描述

我正在使用iframe在我的页面上显示一门课程.

I´m using an iframe to show an one course on my page.

在线课程的文件位于 http://www.domain.com/coursefiles 而iframe如下所示:

The files for the online course is located in http://www.domain.com/coursefiles and the iframe looks like this:

<iframe src="http://www.domain.com/coursefiles/index.php" width="100%" height="670"></iframe>

现在，关于我如何拒绝直接访问课程文件夹，但让用户仅通过iframe通过页面访问它，是否有人知道任何htaccess命令?

Now, does anyone know any htaccess command on how I can deny direct access to the course folder, but let the users only access it trough the page with the iframe?

对不起的英语感到抱歉":)

"sorry for the bad english" :)

推荐答案

除了使用 Referer:标头，网络服务器无法知道是否在iframe中请求了页面，可以被欺骗.但是，您可以通过将其放入/coursefiles/目录中的htaccess文件中来轻松完成此操作:

The webserver has no way to know whether a page was requested inside an iframe or not, other than using the Referer: header, which can be spoofed. But you can do that pretty easily by putting this in the htaccess file in the /coursefiles/ directory:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !www\.domain\.com/page-where-iframe-is.html [NC]
RewriteRule ^ - [F,L]

因此，除非引荐来源网址中包含 www.domain.com/page-where-iframe-is.html ，否则将禁止访问该目录.

So unless the referer contains a www.domain.com/page-where-iframe-is.html in it, access to this directory will be forbidden.

这篇关于如何阻止某人访问iframe外部的文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！