I need help or input on below. I have two VPS server. One VPS is main server having Live website named www.example.com while the other VPS server is having Live Help & Live Chat on it with URL www.mychat.com. This www.mychat.com/index.php?userid is getting called from www.example.com via a iframe. I want to secure www.mychat.com so that if it gets called from IP of www.example.com then only it should work else direct getting called from any browser, it should not work. I mean it should be html called or src or href from example.com then only www.mychat.com/index.php?userid should work. I have two options 1. In Apache on www.mychat.com/index.php?userid , I should allow only IP of www.example.com 2. In Iptable of www.mychat.com/index.php?userid, I should allow only IP of www.example.com Please advice with all the details.
Wow! You own example.com? I would program a PHP script to check the location the browser was directed from, which an IP address or URI can be used to do. For example: <?php $address = "http://www.mychat.com"; if($_SERVER['HTTP_REFERER'] != $address) header("location: www.elsewhere.com"); ?> PHP:
Well, great input for the thread and OP, rNet4. Just a few more of those posts and you'll reach 10! ...
you can use this rule to allow traffic from 8.8.8.8 to 8.8.4.4 on port 80: iptables -A INPUT -s 8.8.8.8 -d 8.8.4.4 -p tcp --dport 80 -j ACCEPT Code (markup):
Boy O Boy!!! That's impossible.... Ok for a normal users the Solution by BRUm is possible, but talking about a Programmer, that's impossible. We do have a feature named "curl" and that can do anything you have never thought. Though talking about more feature, you must add a script: <script> if(top.location!="http://www.example.com") top.location="http://www.example.com"; </script> Code (markup): But that's not enough... Getting the content via cUrl and changing certain Snippet of code to do the work is very easy... @insanecrash, well the system you used is great to disable firewall for ceratin IP, but the OP is asking about a IFRAME call from a IP... ADVICE: the code by BRUm and the JS(HTML IFRAME KILLER) can do a fine job but that's impossible to block that completely...
You can restrict it using .htaccess files. Replace "xx.xx.xx.xx" with the IP you want to allow access to. order deny,allow deny from all allow from xx.xx.xx.xx Code (markup): On second thought though I think I may be misunderstanding what you're trying to do =pÂ
any IP restriction technique on the webserver is going to fail in this case because the iframe is NOT called by the server of original domain (example.com) but directly by the user's browser. What Iframe does is simply pass the URL of the to-be-framed page to the client's browser. I even doubt if you will be able to see the example.com in your logs as a referrer, but even if you do - be sure that LOT of browser's won't support that, which means LOT of users won't be able to see the content of your frame. In other words, <iframe> is not a server-to-server communication. In order to do any restrictions, you need a server-to-server communication here where one server knows the exact IP of the other. As one of the guys pointed above, you can achieve this by using CURL or file_get_contents() so .. instead of your <iframe>, try something like this <?php echo file_get_contents('http://www.mychat.com/chatpage.php') ?> and only after that you can go ahead and restrict any ip on mychat.com leaving only the ip of example.com open