Domai_23823
Oct 11, 2018Nimbostratus
Clickjacking iRule assist
I have the below requirement I need to insert X-FRAME-OPTIONS "DENY" only if the requests don't originate from my domain *.123.com but I need to insert it from any other domain. How can i accomplish this using iRules? X-FRAME-OPTIONS "ALLOW FROM" does not allow multiple domains or sub domains. That is why I am seeking options.
I am sure the below will not work...right?
When HTTP_RESPONSE {
HTTP::header insert "X-FRAME-OPTIONS" "ALLOW-FROM http://*.123.com"
}