Scenario:
I have a php script on my website (website1.com/test.php)
Another website uses an iframe to make it look like my test.php page is on their site (website2.com/smoke-and-mirrors.php)

Question:
I want to stop anyone from browsing to website1.com/test.php, and only allow website2.com to access it. So that it can only be viewed through website2.com/smoke-and-mirrors.php.

More Info
The goal is to sell access to the pages i develop and allow my clients to make it look like the page is on their site.

From my googleing, it sounds like the an .htaccess REWRITE rule might do this?
I would prefer to do it in PHP though as that is what I am best at.
I have tried the $_SERVER['HTTP_REFERER'] global variable, but found that it is not reliable.

Edit: Maybe some type of iframe authentication via an ip address? As the website2.com ip address would be static.

Any help would be much appreciated.

I think an .htaccess would be fine. The main thing is to make sure the pages aren't indexed or linked. So whenever you have an iframe all you'll have to do is rel="nofollow" on it. Also, make sure you don't link to it from your site. If you do that it will probably stay hidden well as long as your site doesn't get too popular.