How To Stop Users from Displaying a Frame Outside Its Frameset in Active Server Pages (159977)

SUMMARY

Microsoft Active Server Pages can be used to prevent Web browsers from calling a document that is supposed to be displayed as a part of a frameset.

back to the top

Stop Users by Redirecting Requests

Web documents that are part of a frameset are often not designed for individual display. To prevent users from viewing these documents outside of their appropriate frameset, you can use the Internet Information Server (IIS) Active Server Pages (ASP) "Response.Redirect" and "Request.ServerVariables" methods to redirect Hypertext Transfer Protocol (HTTP) requests to the frameset page.

Assuming the following document structure:

   Frameset Page (mainfrm.htm)
      Frame 1 (frame1.asp)
      Frame 2 (frame2.asp)

place the following code in frame1.asp or frame2.asp before the opening <HTML> tag:

   <%
   If (Request.ServerVariables("HTTP_REFERER") = "") Or _
      (Left(Request.ServerVariables("HTTP_REFERER"),42) <> _
      "http://www.myserver.com/AppDir/mainfrm.htm") Then
      Response.Redirect "http://www.myserver.com/AppDir/mainfrm.htm"
   End If
   %>

NOTE: You must put this code at the beginning of your document because "Response.Redirect" does not work if any HTML code occurs before it. For more information on this, please see the following article in the Microsoft Knowledge Base:

159402 How To Use Response.Redirect in a Server Script

In this code, the first part of the If statement (Request.ServerVariables("HTTP_REFERER")= "") checks to see if you connected to the page directly by typing the URL into the browser. If you connect to the page this way, a "referer" is not found in the header and the browser is redirected to the main page that contains the frameset.

The second half of the If statement is (Left(Request.ServerVariables("HTTP_REFERER"),42) <> "http://www.myserver.com/AppDir/mainfrm.htm"). This line checks to see that you connected to frame1.asp from the frameset page(mainfrm.htm). If not, the browser is redirected to the main page containing the frameset.

The line:

   Response.Redirect "http://www.myserver.com/AppDir/mainfrm.htm"

redirects the browser to the following page:

http://www.myserver.com/AppDir/mainfrm.htm.

You can use the following code to demonstrate this. Save each in a separate file and use the names indicated below. Also, you need to make the following modifications to the code in the frame1.asp file:

Change the two instances of http://www.myserver.com/AppDir/mainfrm.htm in the If statement to point to the correct virtual root and directory on your server.
Change the value in the Left() function from 42, to the number of characters in the path you just modified in step 1.

File: Mainfrm.htm

   <HTML>
   <HEAD><TITLE>MAINFRM</TITLE></HEAD>
   <BODY>
   <FRAMESET ROWS="400,*">
      <FRAME SCROLLING="no" NORESIZE SRC="frame1.asp">
      <FRAME SCROLLING="no" NORESIZE SRC="frame2.asp">
   </FRAMESET>
   </BODY>
   </HTML>

File: Frame1.asp

   <%
   If (Request.ServerVariables("HTTP_REFERER") = "") Or
   (Left(Request.ServerVariables("HTTP_REFERER"),42) <>
   "http://www.myserver.com/AppDir/mainfrm.htm") Then
      Response.Redirect "http://www.myserver.com/AppDir/mainfrm.htm"
   End If
   %>

   <HTML>
   <HEAD><TITLE>FRAME1</TITLE></HEAD>
   <BODY>
   In Frame 1.
   </BODY>
   </HTML>

File: Frame2.asp

   <HTML>
   <HEAD><TITLE>FRAME2</TITLE></HEAD>
   <BODY>
   In Frame 2.
   </BODY>
   </HTML>

back to the top