Protect the addressbar in IE

Does anyone know a way to protect the addressbar in Internet Explorer and Netscape.
The meaning is that the user cannot see the name of the current page (protected page).
The addressbar may be invisible or filled with another address.
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

RajeshTNConnect With a Mentor Commented:
You can run the Internet explorer in full screen. Just follow the code:
<script language="javascript">
 var Win;"yourPage.htm",0,"fulscreen,hotkeys=no");

this will open a child popup window with yourPage.htm in a full screen mode, diabling some of the functionalities. Hope this helps
This will work for someone that knows nothing about source code.

How ever if they want to know that addy they will find it.

So to answer your question



Masking the URL is just about impossible - it's easy to do for novice users, but anyone with a habbit for right-clicking may be able to sift through the HTML source to find the address you're hiding.

Here's a work-around...

This page would actually accept input from the query string to determine what page to show. For example:

In your default.asp code, you'd have something like this:

<% 'Decide which page to display

    Select Case Request.QueryString("page")
      Case "services"
       Call CheckAuthenticated()

       <!--#include file="secured-dir/services.asp"-->

      Case "page-x"
       Call CheckAuthenticated()
       <!--#include file="secured-dir/page-x.asp"-->

      Case Else
       Response.Write "Invalid page ID. Try again."
      End Select


The Sub CheckAuthenticated() could check to see if the request for the page originated from this server itself, i.e. it came from a link on your site.

That way, you could in essence prevent users from linking to pages directly on your site, or from being able to view things they shouldn't be able to get to.

Just an idea!
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

This question has been posed before in a somewhat different fashion.  You can set the MenuBar visibility in a call in javascript.  However, you can not access the visibility property of the menubar once a browser window has been opened (i.e., these properties are "protected" in the window object).

There is a good discussion of this on THIS site.  See the following:

Ok, so I think Javascript is _not_ the way to get this type of functionality.

I think the best bet is to "fill" the location bar with a "dummy" address.  This can be achieved on both Windows and Unix platforms using server side includes.

For example, let's say I have an apache server (on linux or windows).  I would take the following steps:
1)  First create a file, called "securefinance.html" in a secure area of my site (possibly a subfolder called "MySecureFolder"), and restrict access to it (the file or folder) by IP.  I configure apache so that only IP (local host) can open this file.
2)  Then create a finance.html page with the following line of code:  <!--#include virtual="/MySecureFolder/securefinance.html" -->

That's about it.  Now when a user clicks a link to view "finance.html" the HTML for the page will actually come from "securefinance.html".  Furthermore, if somehow they guessed the real page name, and tried to load it into their browser they would be rejected because of the apache config.

The syntax for doing this on IIS would be very similar and would work for IIS 4 or higher.  Also, a similar analogy would apply for scripting languages, say, Cold Fusion, where my example would be tweaked by changing file extensions to .cfm and using a <cfinclude> instead of a server-side include (include virtual).
you can simply put your page in an iframe <iframe src="<your page>">></iframe> then encrypt your page so its unreadable, this will make it much harder to find out what the URL of the page you are protecting is alternativly, if you have PHP you can put the file you want to protect outside your root web directory and then use <?php include "../<your file>" ?> to call it this will stop the user and is practicaly imposible to get around.
I like the 'running in full screen' approach.  To make it more secure you'd need javscript to prevent right clicking.  And to prevent people from turning off js and cruising your site, you'd need to make all your navigation occur through js too.  At which point you have more of an application than a web site.... what is it you're trying to hide so bad?  Maybe you'd be better off with some sort of executable - you could run your whole site in Flash instead of html - Flash exposes no useful source code or urls.

You could also use the ?page=services approach, but encode your argument.  You can find code to base64 or RC4 encrypt arguments and use that so that you see page=#%va#$aq3f - which is unintelligible to most people, but very attractive to hackers who may think you have something to hide.

Ooooh..... I used to work at a company that used Vignette's StoryServer (now just V6).  The URLs are incomre-freaking-hensible.  Wired and CNet use it, the URLs look like,1367,57810,00.html - it is actually that crappy ,1367,57810, part that tells the server side engine what page to display.  You could replicate this in javascript - have a basic page that just included a js library and an iframe.  The js library decodes the ,1367,57810 crap and conditionally sets the source of the iframe.  You can even encode your javascript so nobody can read the source of it.  Again... people can still right click in the iframe, so you need js to disable the right clicking, but now the js to control page navigation is central to your site, so if they disable javascript they can't navigate anymore.  Just make the html file names bizarre or useless too - set the iframes source to the results of a cgi-bin query for instance.  But for god's sake is that going to be a llllooootttt of work.  Unless you're running a porn site, I don't see it as being worthwhile.
fvgAuthor Commented:
To : RajeshTN
I've tried your concept and it works fine.
I've also looked to the source code of the opened window and I see no page name in it.
Since the code is only used to create a dummy page that will open the real window I think there is only a little change to see the page-name.
The dummy page is displayed only for a second and is called by the program CoffeeCup Password Wizard.
Never the less I find the remark of making it all in Flash also a very usefull hint to think about it.
Thanks to all responders
All Courses

From novice to tech pro — start learning today.