Forum Discussion

mkm_322720's avatar
mkm_322720
Icon for Nimbostratus rankNimbostratus
Jun 06, 2017

clickjacking

Can anyone help by sharing an iRule for Clickjacking.

 

I got a solution from my external vulnerability assessment report as below: "Send the HTTP response headers with X-Frame-Options that instruct the browser to restrict framing where it is not allowed."

 

  • Hello mkm,

    Depending on the origin of the loaded frame you can use the "SAMEORIGIN" or the "ALLOW-FROM uri"

     when HTTP_RESPONSE {
       HTTP::header replace X-Frame-Options "SAMEORIGIN"
    }
    

    or this one

     when HTTP_RESPONSE {
           HTTP::header replace X-Frame-Options "ALLOW-FROM https://mysite.domain.com"
        }