We have many gaming websites, among them I am hosting exclusive games on my server, and i don't want to access my games to other websites from my server. I want to restrict them accessing my content from my server.

For Example, assume I am having a website called www.abc.com, at source path like www.abc.com/games/abcgame.swf in which I have hosted my exclusive games. As I want other website holders not to access this content. If they steal this url and trying to access then I want to show some custom message like “Game not found” or somthig like “Please visit www.abc.com to play this game.” etc.

Can anyone having any ideas to implement this feature?

A first solution is to use X-Frame-Options header to prevent loading your page to an iframe. X-Frame-Options can specify one of two values: SAMEORIGIN, which only allows iframes from the same origin to display this content, and deny, which prevents any iframe from doing so. BUT this header is not part of HTTP specification and was introduced by Microsoft, so not all browsers support this header. An example of X-Frame-Options:

X-Frame-Options: SAMEORIGIN

In case some old browsers don't support the X-Frame-Options header. You could try a technique called FrameKiller. There are limitations, though, as pointed out in that link.

The user agent does not support JavaScript.

The user agent supports JavaScript but the user has turned support off.

The user agent's JavaScript support is flawed or partially implemented.

The idea is to use javascript to detect whether your page is loaded into an iframe. There are many ways to implement a frame killer script.

For your requirement, you could implement a frame killer script like this: try to access your parent window to read the window.location. If they include your page inside their iframe, the code would throw exception (cross-domain)

Example code:

window.onload = function(){
   try
   {
       if (window.parent && window.parent.location.hostname !== "www.abc.com"){
          throw new Error();
       }
   }
   catch (e){
      alert("Please visit www.abc.com to play this game.");
      //You could do whatever you want here
   }
}

if (window.top != window.self) {
                window.top.location = window.self.location;
            }

It first checks that the top most frame is the frame itself or not if it is not it changes the top level frame to this one. it is javascript.

Doing this via JavaScript is limited in how it will restrict the content to the browser level. You might be better off Apache mod_rewrite to more effectively block content on a server level as explained here.

For example, this code you could place in an .htaccess file if your server supports it. I am using www.abc.com as an example & matching swf & fla files as an example:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?abc.com/.*$ [NC]
RewriteRule ^.*\.(swf|fla)$ - [F]