Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Apr 2006
    Posts
    31
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Disable access to directory, only allow through iframe?

    I'm guessing that the best way to do this would be with Apache, so I am posting it here.

    I have a directory that has thousands of small HTML files. These files can be viewed through a search and are pulled into a PHP page by dynamically changing the iframe source path.

    I want to make it so that these files can only be accessed by this page (view.php) and cannot be accessed directly by the user, example.com/html/file1.html.

    Thanks!

  • #2
    Senior Coder timgolding's Avatar
    Join Date
    Aug 2006
    Location
    Southampton
    Posts
    1,517
    Thanks
    114
    Thanked 110 Times in 109 Posts
    I don't think you can. I pretty sure the request sent by an iframe will be the same as a direct request. The answere here is don't use iframes. Use includes instead. Then you can block access to the folder with an htaccess file.
    You can not say you know how to do something, until you can teach it to someone else.

  • #3
    New Coder
    Join Date
    Apr 2006
    Posts
    31
    Thanks
    2
    Thanked 0 Times in 0 Posts
    I know using iframes is bad, but the HTML files I am pulling in sometimes have body and CSS that can interfere with the container page's tags and styling. And I don't want to remove those pieces from the HTML files.

  • #4
    Senior Coder timgolding's Avatar
    Join Date
    Aug 2006
    Location
    Southampton
    Posts
    1,517
    Thanks
    114
    Thanked 110 Times in 109 Posts
    Then I'm not sure what to suggest. You could have separate styles for the iframes?

    If you are really adamant that you want to continue using iframes then i might be able to suggest something using sessions in php. Provided you have php running on your server?
    You can not say you know how to do something, until you can teach it to someone else.

  • #5
    New Coder
    Join Date
    Apr 2006
    Posts
    31
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Yes, I have PHP installed and full access to the dedicated server.

  • #6
    Senior Coder timgolding's Avatar
    Join Date
    Aug 2006
    Location
    Southampton
    Posts
    1,517
    Thanks
    114
    Thanked 110 Times in 109 Posts
    Well you could have a session variable that defines which iframes are allowed to be viewed then the iframe will only display if that user has them listed in there array

    parent file
    PHP Code:
    <?php
    // first thing on page (before any output)
    session_start();

    $_SESSION["pages"]["iframe1.php"] = true;
    $_SESSION["pages"]["iframe2.php"] = true;
    ?>
    then the iframe file
    PHP Code:
    <?php
    // assuming this frame is iframe1.php
    session_start();
    if(isset(
    $_SESSION["pages"]["iframe1.php"]))
    {
       
    // Render Page
        
    echo "Page";
       unset(
    $_SESSION["pages"]["iframe1.php"]);
      
    }
    else
      die(
    "You do not have permission to access this page.");
    ?>
    Last edited by timgolding; 08-10-2010 at 03:16 PM.
    You can not say you know how to do something, until you can teach it to someone else.

  • #7
    New Coder
    Join Date
    Apr 2006
    Posts
    31
    Thanks
    2
    Thanked 0 Times in 0 Posts
    I get that, but it still doesn't protect the HTML files from being viewed directly. Somehow, I need to disable access to all of the files in there, UNLESS they are view through the iframe on view.php.

  • #8
    Senior Coder timgolding's Avatar
    Join Date
    Aug 2006
    Location
    Southampton
    Posts
    1,517
    Thanks
    114
    Thanked 110 Times in 109 Posts
    If they're are not viewing it through view.php they will get

    "You do not have permission to access this page."

    Only a person going on to view.php and setting the session data will be able to see those files.

    If you require more security consider not using iframes
    You can not say you know how to do something, until you can teach it to someone else.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •