cross frame security

  • whueylin
  • Born
  • Born
  • whueylin
  • Posts: 3

Post 3+ Months Ago

I have a page using iframe to get a page abc.htm
Is there anyway I can prevent other people from using the same method on their website by using iframe to get my page abc.htm?
I had tried searching around, and this microsoft link seems to give some clue on it but I'm still not sure how to make it.
http://msdn.microsoft.com/library/defau ... cument.asp

Any advice is appreciated. Thank you.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Managedlinks
  • Proficient
  • Proficient
  • Managedlinks
  • Posts: 294

Post 3+ Months Ago

if I get your question you want to stop people loading your page and pretending it is theirs?

In this case the best bet is to server side script it and test the referrer. if the referre is not valid then serve a warning or blank page or something

you can also add a frame breaker to your page.

If this identifies itself as being in a frame and breaks out
  • whueylin
  • Born
  • Born
  • whueylin
  • Posts: 3

Post 3+ Months Ago

First of all, thank you very much for your reply.
Yes, you got my question right.

I am aware that for Apache web server, we are able to use the .htaccess to overcome this problem like this:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://mydomain.com [NC]

but what if I'm using an IIS server?

I read something about ISAPI filter and found this inside the IIS WWW Service Master Properties, there's a "Add" button, but not sure how to make it compatible with .htaccess

As for your suggestion "frame breaker", hm.... not too sure how to do it ...
  • Managedlinks
  • Proficient
  • Proficient
  • Managedlinks
  • Posts: 294

Post 3+ Months Ago

Sorry not that flash on IIS. perhaps others have more insight

if it is just one (or a few) page then make the page an asp page and do it there

I also found this
http://www.michaelbrumm.com/leechblocker.html

be aware though that any attempt to prevent access based on referrers will stop some legitimate people from acessing your site.

many firewalls block the referrer information and so your server does not have access to it.

if thats the case the safest route is to allow the data to be served.

type "framebreaker javascript" into your favorite search engine
  • whueylin
  • Born
  • Born
  • whueylin
  • Posts: 3

Post 3+ Months Ago

Thanks again for your great reply. :D

Post Information

  • Total Posts in this topic: 5 posts
  • Users browsing this forum: No registered users and 58 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.