I am trying to implement a third-party site in iFrame. The site allows you to embed through X-Frame-Options, but, unfortunately, they have introduced CloudFlare DDos protection recently, and the protection site is installed in X-Frame-Options "sameorigin".
When I first open the site in a new browser window and then open my page, the iframe works because the cloud flash cookie is present, but without this step the iframe call is blocked. As a rule, it would be inappropriate to configure a reverse proxy server and display the site in this way. But CloudFlare's workflow is a little different. I see a protection page in my iFrame, but CloudFlare is redirecting with some URL parameters, such as:
cdn-cgi/l/chk_jschl?jschl_vc=d55e98eeffc3e37c0ccd85ac671e8412&pass=1513704935.144-pnDsJgDXQX&jschl_answer=11218735
And I canβt redirect this back to a third-party site so that the protection cookies are set correctly so that the page opens.
I am using IIS and my web.config looks like this:
<rewrite>
<rules>
<rule name="Reverse Proxy" stopProcessing="true">
<match url="^redirect/(.*)" />
<action type="Rewrite" url="https://3rd-party-page.com/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="RewriteRelativePaths" preCondition="ResponseIsHtml" enabled="true" stopProcessing="false">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^/(.*)" />
<action type="Rewrite" value="http://localhost/redirect/{R:1}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
Can I run it and run it?
source
share