Microsoft KB Archive/159977

= How To Stop Users from Displaying a Frame Outside Its Frameset in Active Server Pages =

Article ID: 159977

Article Last Modified on 5/2/2006

-

APPLIES TO


 * Microsoft Active Server Pages 4.0

-



This article was previously published under Q159977





IN THIS TASK
SUMMARY
 * Stop Users by Redirecting Requests

REFERENCES



SUMMARY
Microsoft Active Server Pages can be used to prevent Web browsers from calling a document that is supposed to be displayed as a part of a frameset.

back to the top

Stop Users by Redirecting Requests
Web documents that are part of a frameset are often not designed for individual display. To prevent users from viewing these documents outside of their appropriate frameset, you can use the Internet Information Server (IIS) Active Server Pages (ASP) "Response.Redirect" and "Request.ServerVariables" methods to redirect Hypertext Transfer Protocol (HTTP) requests to the frameset page.

Assuming the following document structure:   Frameset Page (mainfrm.htm) Frame 1 (frame1.asp) Frame 2 (frame2.asp) place the following code in frame1.asp or frame2.asp before the opening  tag: <%  If (Request.ServerVariables("HTTP_REFERER") = "") Or _ (Left(Request.ServerVariables("HTTP_REFERER"),42) <> _     "http://www.myserver.com/AppDir/mainfrm.htm") Then Response.Redirect "http://www.myserver.com/AppDir/mainfrm.htm" End If  %> NOTE: You must put this code at the beginning of your document because "Response.Redirect" does not work if any HTML code occurs before it. For more information on this, please see the following article in the Microsoft Knowledge Base:

159402 How To Use Response.Redirect in a Server Script

In this code, the first part of the If statement (Request.ServerVariables("HTTP_REFERER")= "") checks to see if you connected to the page directly by typing the URL into the browser. If you connect to the page this way, a "referer" is not found in the header and the browser is redirected to the main page that contains the frameset.

The second half of the If statement is (Left(Request.ServerVariables("HTTP_REFERER"),42) <> "http://www.myserver.com/AppDir/mainfrm.htm"). This line checks to see that you connected to frame1.asp from the frameset page(mainfrm.htm). If not, the browser is redirected to the main page containing the frameset.

The line: Response.Redirect "http://www.myserver.com/AppDir/mainfrm.htm"

redirects the browser to the following page:

http://www.myserver.com/AppDir/mainfrm.htm.

You can use the following code to demonstrate this. Save each in a separate file and use the names indicated below. Also, you need to make the following modifications to the code in the frame1.asp file:


 * 1) Change the two instances of http://www.myserver.com/AppDir/mainfrm.htm in the If statement to point to the correct virtual root and directory on your server.
 * 2) Change the value in the Left function from 42, to the number of characters in the path you just modified in step 1.

File: Mainfrm.htm
 MAINFRM      </BODY> </HTML>

File: Frame1.asp
<%  If (Request.ServerVariables("HTTP_REFERER") = "") Or   (Left(Request.ServerVariables("HTTP_REFERER"),42) <>   "http://www.myserver.com/AppDir/mainfrm.htm") Then Response.Redirect "http://www.myserver.com/AppDir/mainfrm.htm" End If  %>

<HTML> FRAME1</TITLE></HEAD> <BODY> In Frame 1. </BODY> </HTML>

File: Frame2.asp
<HTML> FRAME2</TITLE></HEAD> <BODY> In Frame 2. </BODY> </HTML> back to the top

<div class="references_section">