问题描述
我正在使用iframe在我的页面上显示一门课程.
I´m using an iframe to show an one course on my page.
在线课程的文件位于 http://www.domain.com/coursefiles 而iframe如下所示:
The files for the online course is located in http://www.domain.com/coursefiles and the iframe looks like this:
<iframe src="http://www.domain.com/coursefiles/index.php" width="100%" height="670"></iframe>
现在,关于我如何拒绝直接访问课程文件夹,但让用户仅通过iframe通过页面访问它,是否有人知道任何htaccess命令?
Now, does anyone know any htaccess command on how I can deny direct access to the course folder, but let the users only access it trough the page with the iframe?
对不起的英语感到抱歉":)
"sorry for the bad english" :)
推荐答案
除了使用 Referer:标头,网络服务器无法知道是否在iframe中请求了页面,可以被欺骗.但是,您可以通过将其放入/coursefiles/
目录中的htaccess文件中来轻松完成此操作:
The webserver has no way to know whether a page was requested inside an iframe or not, other than using the Referer: header, which can be spoofed. But you can do that pretty easily by putting this in the htaccess file in the /coursefiles/
directory:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !www\.domain\.com/page-where-iframe-is.html [NC]
RewriteRule ^ - [F,L]
因此,除非引荐来源网址中包含 www.domain.com/page-where-iframe-is.html
,否则将禁止访问该目录.
So unless the referer contains a www.domain.com/page-where-iframe-is.html
in it, access to this directory will be forbidden.
这篇关于如何阻止某人访问iframe外部的文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!