View Full Version : Disable access to directory, only allow through iframe?

08-09-2010, 03:55 PM
I'm guessing that the best way to do this would be with Apache, so I am posting it here.

I have a directory that has thousands of small HTML files. These files can be viewed through a search and are pulled into a PHP page by dynamically changing the iframe source path.

I want to make it so that these files can only be accessed by this page (view.php) and cannot be accessed directly by the user, example.com/html/file1.html.


08-09-2010, 04:20 PM
I don't think you can. I pretty sure the request sent by an iframe will be the same as a direct request. The answere here is don't use iframes. Use includes instead. Then you can block access to the folder with an htaccess file.

08-09-2010, 05:06 PM
I know using iframes is bad, but the HTML files I am pulling in sometimes have body and CSS that can interfere with the container page's tags and styling. And I don't want to remove those pieces from the HTML files.

08-09-2010, 05:51 PM
Then I'm not sure what to suggest. You could have separate styles for the iframes?

If you are really adamant that you want to continue using iframes then i might be able to suggest something using sessions in php. Provided you have php running on your server?

08-09-2010, 06:02 PM
Yes, I have PHP installed and full access to the dedicated server.

08-10-2010, 04:07 PM
Well you could have a session variable that defines which iframes are allowed to be viewed then the iframe will only display if that user has them listed in there array

parent file

// first thing on page (before any output)

$_SESSION["pages"]["iframe1.php"] = true;
$_SESSION["pages"]["iframe2.php"] = true;

then the iframe file

// assuming this frame is iframe1.php
// Render Page
echo "Page";

die("You do not have permission to access this page.");

08-10-2010, 04:17 PM
I get that, but it still doesn't protect the HTML files from being viewed directly. Somehow, I need to disable access to all of the files in there, UNLESS they are view through the iframe on view.php.

08-10-2010, 04:24 PM
If they're are not viewing it through view.php they will get

"You do not have permission to access this page."

Only a person going on to view.php and setting the session data will be able to see those files.

If you require more security consider not using iframes