How to use .htaccess to allow page access in my iframe but not directly?

Question

I have a site made with iframes. I have a page I want to show in my own iframes, but I want to deny direct access. How can I protect it that way in my .htaccess?

Answer 1

You can use Referer HTTP header to check if a request came from a link on your website (or img src / or iframe src for that matter):

RewriteEngine On
RewriteCond %{HTTP_REFERER} !example.com
RewriteCond %{REQUEST_URI} ^/path/to/protected/page$
RewriteRule . - [F]

Where example.com is your domain name, and /path/to/protected/page is the paht you want to protect

However, note that this approach can be fooled, as HTTP headers can be constructed by remote user (treat http headers as user input - do not trust them ;) )