如何使用.htaccess在我的iframe中允许页面访问但不能直接访问？ [英] How to use .htaccess to allow page access in my iframe but not directly?

问题描述

我有一个用iframe制作的网站。我有一个页面，我想在我自己的iframe中显示，但我想拒绝直接访问。如何在我的 .htaccess 中保护它？

I have a site made with iframes. I have a page I want to show in my own iframes, but I want to deny direct access. How can I protect it that way in my .htaccess?

推荐答案

您可以使用 Referer HTTP标头来检查请求是否来自您网站上的链接（或img src /或iframe src）：

You can use Referer HTTP header to check if a request came from a link on your website (or img src / or iframe src for that matter):

RewriteEngine On
RewriteCond %{HTTP_REFERER} !example.com
RewriteCond %{REQUEST_URI} ^/path/to/protected/page$
RewriteRule . - [F]

其中 example.com 是您的域名， / path / to / protected / page 是您要保护的内容

Where example.com is your domain name, and /path/to/protected/page is the paht you want to protect

但是，请注意，这种方法可能会被欺骗，因为HTTP标头可以由远程用户构建（将http标头视为用户输入 - 不信任它们;）

However, note that this approach can be fooled, as HTTP headers can be constructed by remote user (treat http headers as user input - do not trust them ;) )

这篇关于如何使用.htaccess在我的iframe中允许页面访问但不能直接访问？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！