.htaccess redirect unless in iframe

When creating websites, I like to let my clients view the work in progress. At the moment I do this by uploading their website to a directory, and use .htaccess to password protect that directory. But keeping track of passwords and ensuring the directory is still protected after an update is becoming an issue.

I have now created a user login system for my clients where they can login and be redirected to a preview of their site (in an iframe on the page preview.php?c=clientName).

I have looked into various ways of redirecting the client site to the preview page and the easiest has been using .htaccess, but this redirect still affects the site when in an iframe.

Is there any way to stop the .htaccess redirect when the site is in an iframe?


You could test against the "Referer" header, you can't really rely on that but it's the best possible.

E.g. http://jsfiddle.net/QmnKR/

one of the headers will be Referer: http:// fiddle.jshell.net/QmnKR/show/light/


  • How do you generate small, high-density linear barcodes that scan reliably?
  • How to do nonblocking input from stdin in C [duplicate]
  • Implement Iterator design pattern using JDBC
  • Import Drupal user accounts into Rails without requiring users change their passwords
  • Where Federation authentication token is saved [WIF STS]?
  • How to redirect to home page after session timeout
  • How can I detect if a URL is redirected to another one?
  • RewriteCond and RewriteRule in .htaccess
  • How to return a HashTable from a WebService?
  • protecting sql server database file
  • yii2 create translated URLs
  • ASP Net Core - Mixing External Identity Provider with Individual User Accounts for Audit Tracking
  • finding symmetric difference/unique elements in multiple arrays in javascript
  • Change color of row programmatically in WatchKit
  • Keep Sql Connection open for iterating many requests? Or close each step?
  • Index.php as custom error page
  • Binary Tree Traversal Sum Of Each Depth
  • Base64 as method of sanitizing user input for Mysql
  • get passwords from chrome
  • Stitching 2 images (OpenCV)
  • read values from form post in jquery or javascript
  • What is the correct way to synchronize a shared, static object in Java?
  • Possible to get mouse events fired when cursor is outside page?
  • Laravel: Getting Session ID oddly truncates when using foreach
  • Bypass multiple inheritance in Java
  • Recording logins for password protected directories
  • how to do an event when i swipe from fragment to the other
  • Display issues when we change from one jquery mobile page to another in firefox
  • Different response to non-authenticated users and AJAX calls
  • Arrow is showed instead of the material design version hamburger icon. Why doesn't syncState in
  • Timeout for blocking function call, i.e., how to stop waiting for user input after X seconds?
  • Data Validation Drop Down Box Arrow Disappearing
  • retrieve vertices with no linked edge in arangodb
  • using conditional logic : check if record exists; if it does, update it, if not, create it
  • Windows forms listbox.selecteditem displaying “System.Data.DataRowView” instead of actual value
  • Revoking OAuth Access Token Results in 404 Not Found
  • Proper folder structure for lots of source files
  • Understanding cpu registers
  • How does Linux kernel interrupt the application?
  • Add sale price programmatically to product variations