Hello!I have an problem may be someone can help me about it,I put in folder swf-s and i am protecting them with htaccess. I give access some websites,my problem is to block some urls who are geting iframe embed from website have access.Is possible to block swf players dont appeard in their iframe website?Thank you in advance

Recommended Answers

All 3 Replies

Hi,

I haven't tested this but I think you could use mod_actions with X-Frame-Options SAMEORIGIN, this header is used to define if an external website can include your pages through an iframe. It has three statements:

The third option would be perfect for you but is not supported by all browsers. The actions module instead allows you to run a script when a defined type of file is requested, so, in your case a SWF file. The idea is to check if the referrer is in the whitelist array. If the condition is satisfied we simply set an environment variable (readable by Apache) and block the setting of the X-Frame-Options header.

So, set these lines in the .htaccess file:

Actions application/x-shockwave-flash /cgi-bin/swf.cgi
Header append X-FRAME-OPTIONS SAMEORIGIN env=!SWF_ALLOWED

And, as example of the swf.cgi script, write:

#!/usr/bin/env php
echo "Content-type: text/html\n\n";

$whitelist = array(
    'domainA.tld',
    'domainB.tld',
);

$ref = get_env('HTTP_REFERER');

if($ref && in_array($ref, $whitelist)) 
    apache_setenv("SWF_ALLOWED", "TRUE");

More information here:

Thank you for your answer,but is getting error in htaccess. In cgi when can i put websites allowed here?
'domainA.tld','domainB.tld',

For troubleshooting errors about the script & .htaccess check the Apache documentation, here's the link:

In cgi when can i put websites allowed here?

The content of the whitelist array can be hardcoded (as in my example) or dynamic: let say you use memcached to save the list (through an update script) in RAM and pull it at request or, instead of memcached, you could use a database connection. It's up to you.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.