I'm trying to embed a third party site in an iFrame. The site allows embedding via X-Frame-Options but unfortunately they implemented a CloudFlare DDos protection recenty and the protection site is set to X-Frame-Options 'sameorigin'.
When I open the site in a new browser window first and then open my page the iframe works, because the cloudflare cookies a present but without this step the iframe call is blocked.
Normally it would be no problem to set up a reverse proxy and display the site this way. But the CloudFlare workflow is a little bit different. I can see the protection page in my iFrame but then the CloudFlare is doing a redirect with some URL parameters like this:
cdn-cgi/l/chk_jschl?jschl_vc=d55e98eeffc3e37c0ccd85ac671e8412&pass=1513704935.144-pnDsJgDXQX&jschl_answer=11218735
And I am not able to redirect this back to 3rd party site so that the protection cookies are set correctly so that the page could open.
I'm using an IIS and my web.config looks like this:
<rewrite> <rules> <rule name="Reverse Proxy" stopProcessing="true"> <match url="^redirect/(.*)" /> <action type="Rewrite" url="https://3rd-party-page.com/{R:1}" /> </rule> </rules> <outboundRules> <rule name="RewriteRelativePaths" preCondition="ResponseIsHtml" enabled="true" stopProcessing="false"> <match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^/(.*)" /> <action type="Rewrite" value="http://localhost/redirect/{R:1}" /> </rule> <preConditions> <preCondition name="ResponseIsHtml"> <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" /> </preCondition> </preConditions> </outboundRules> </rewrite>
Is it possible to get it up and running?
0 comments:
Post a Comment