clickjacking

Question

Can anyone help by sharing an iRule for Clickjacking.&nbsp;
I got a solution from my external vulnerability assessment report as below:
"Send the HTTP response headers with X-Frame-Options that instruct the browser to restrict framing where it is not allowed."&nbsp;

jad_tabbara__j1 · Answer

Hello mkm, 
Depending on the origin of the loaded frame you can use the "SAMEORIGIN" or the "ALLOW-FROM uri"

when HTTP_RESPONSE {
   HTTP::header replace X-Frame-Options "SAMEORIGIN"
}

or this one 
 when HTTP_RESPONSE {
       HTTP::header replace X-Frame-Options "ALLOW-FROM https://mysite.domain.com"
    }

Forum Discussion

clickjacking

1 Reply

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection

Clickjacking iRule assist

Clickjacking

Clickjacking protection with X-Frame options