在PHP中限制IFRAME访问 [英] Restricting IFRAME access in PHP

问题描述

我正在使用PHP创建一个小网页，该网页将作为来自几个网站的IFRAME进行访问。我想限制访问此网站只能在已批准的网站内工作，而不能在其他网站上工作或直接访问。有没有人有什么建议？这有可能吗？ PHP站点将是Apache，而内容可能是.NET。

I am creating a small web page using PHP that will be accessed as an IFRAME from a couple of sites. I'm wanting to restrict access to this site to work ONLY within the "approved" sites, and not other sites or accessed directly. Does anyone have any suggestions? Is this even possible? The PHP site will be Apache, and the sites iframing the content will probably be .NET.

只是为了澄清，任何站点都可以查看页面，只要它是iframe在经批准的网站内。我想阻止人们直接访问它。我认为cookies可能是一个解决方案，但我不确定。

Just to clarify, any site can view the page, as long as it's iframe'd within an approved site. I want to block people from accessing it directly. I'm thinking cookies might be a solution, but I'm not sure.

推荐答案

感谢所有好主意！我认为我将要使用的解决方案是由批准的iframing网站设置的会话cookie。有人真正决定仍然可以获得内容，但我认为我可以通过基于双方的某种共享秘密提出一个体面的秘密算法来防止大多数滥用，并且批准的网站设置为会话cookie将由我的PHP站点读取。如果cookie有效且符合我的标准，我将显示内容，否则我不会。我正在保护的信息不是关键任务，我只是想阻止它被滥用。

Thanks for all the great ideas! I think the solution I'm going to go with is a session cookie set by the approved "iframing" site. Someone really determined will still be able to get the content, but I think I can prevent most of the abuse by coming up with a decent "secret" algorithm based on some sort of shared secret on both sides, and have the approved site set a session cookie that will be read by my PHP site. If the cookie is valid and meets my criteria, I'll display the contents, otherwise I won't. The information I'm protecting isn't mission-critical, I'm just trying to prevent it from being abused.

这篇关于在PHP中限制IFRAME访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！