Any way to block access to my site if users are blocking javascript?
 

One of the functions on my site relies on javascript, and people have been getting around it, by disabling js.

Is there any way to block users from my site/redirect them to a page, if they have javascript disabled?

yes there is, i dont know how, but i saw content lockers have protection against it so there is some working solution

I've seen something similar with a content locker, except it blocked users access to the site if they had adblock enabled.

Both of these features would be awesome if anyone knows where I could find em.

Can you explain the particular functionality on your site in more detail? Does it involve fetching something from the server? If so, you could do that through j/s.

Another option would be to redirect to the content/function via j/s, and use <noscript>sorry, you need j/s enabled</noscript> kinda thing.

Both could be worked around by someone viewing the source, unless your j/s does some tricky obfuscated calculations to come up with a valid key that your server is expecting...

My site isnt doing anything too complicated. I am using a content locker which relies on javascript, if users disable js they are able to get to the content, which is what im trying to fix.

I found this solution on StackOverflow a while ago while I was searching for something completely unrelated.

Whenever a user has Javascript disabled, the <noscript> tags come into play. Among other things, you can put some CSS code within those tags and it'll be fully processed. In this case, you could wrap your entire site into a specific <div> like this:

<div id="sitewrapper">
...your site content...
</div>

and then activate a special CSS definition for those that have Javascript disabled:

<noscript>
<style type="text/css">#sitewrapper {display: none;}</style>
</noscript>

This will work only if you're using it to "hide" the content, not block access.

You should not be relying on client-side code to protect your content/control access :2 cents:

If you really want to, you can look into javascript and/or html obfuscation, but know all of them are breakable fairly easily and may cause some browser trouble.

If you just want a solution that works against the "average" surfer, make an Ajax call via jQuery which then outputs the HTML needed to show the content; in other words, don't have it embedded in your HTML source.

Difficult to do... Could have some PHP on every page that checks a block IP list... Using the noscript tags, you could call an iframe that adds the IP to the list or maybe set something in a session.. The PHP would have to clear out old IPs/session every so often as well. The check might have to be in an iframe after the noscript one so that the IP/session gets recorded first. Just off the top of my head, something like that.

But yeah, the content protection should default to NO ACCESS unless they have javascript enabled.

You can only block users with very little computer knowledge in this way, every more advanced user will pass this blockade in a matter of minutes.

Thanks for the information.

At the moment the content locker is doing a fairly good job, with only a few people getting around it, perhaps i'll just ride it out.

You can ONLY deliver this page:

<html>
<script>
document.location = "realpage.html";
</script>
You must enable javascript to see this
</html>

If the person doesn't have javascript active, it never gets to realpage.html

If you wanted to get fancy, you could obfuscate the javascript target to go to index.php?page=fbdbe7277d7a77&md5=abb5b2bfbdbe7277 d7a77f7e.php and that page could then do an MD5 checksum on the md5 to confirm it's a valid target page.

This would make the hardest of hackers give up and just turn on javascript.

Access to your content may not be the primary motive of everyone that blocks scripts. Have you considered the possibility that some surfers block scripts by default to protect themselves from malware?

I am aware there are legitimate reasons to block scripts, however I know for certain people are turning off js to get around my content locker, as i have seen it discussed on forums.

1. Client side 'protection' can always be circumvented.
2.
using Javascript print an <img src="/somephp.php">

have somephp.php set a cookie.

have your other pages check if the user came from your site (referrer) and if they have the cookie that is set by somephp.php. If they don't have the cookie, they are probably blocking js.

i dont get why you dont use css to hide the content.. explain what you are trying to protect ?

That'll work right up until they view the source and type "realpage.html" into their browser.

Really basic method if you have a page where they come from, use onclick on the button.

bad advice homie

on their first page, use javascript to write a cookie. as they hit enter, read the cookie with php on the inside page. if there is no cookie set, redirect them back to the front page. if they have java turned off, there will never be a cookie, so java is likely disabled.