I have a website, decided to serve some gaming pages.
So I made a subdomain with it's own server and IP.
I'm using cloudflare on my games subdomain and my main domain and apache server.
I want to only allow my website to render or be able to use "iframe" tag to render the pages from the subdomain.
Restrict any other IP to render these pages.
So I tried many solutions like .httaccess file or making rules. Is this doable?
And I need to know even it's not on cloudflare or proxied.
If I only allow website's IP address to access the subdomain, when the user request this page, is the request come from the user's IP or the website's IP?
Wouldn't that make a conflict?
Thanks
I think what you need is to set up appropriate X-Frame-Options response headers, as well as Content Security Policies so that you can instruct the browser on what resources can be loaded from the main HTML document containing your iframe.
Then you'll also want, in your iframe content page, to check whether it is being loaded within your main page or not. If not, redirect the user to the main page.
You won't be able to "restrict by visitor IP" since you don't know beforehand which IPs end users will have (assuming you are dealing with a public website)