Clickjacking protection (X-FRAME-OPTIONS) on F5 LTM 12.1.2 HF2 without using iRules

Question

Hi there,&nbsp;
I wonder if is there a setting that controls this within F5 and hopefully without resorting to using irules.&nbsp;
Thank you!&nbsp;

nathe · Answer

ASM has a Clickjacking feature but there isn't a core feature in LTM to provide this protection. If you don't want to use an iRule then you can create a Local Traffic Policy, something like this:
ltm policy /Common/clickjacking {
    controls { response-adaptation }
    requires { http }
    rules {
        x-frame-options_rule {
            actions {
                0 {
                    http-header
                    response
                    insert
                    name X-Frame-Options
                    value DENY
                }
            }
            ordinal 1
        }
    }
    strategy /Common/first-match
}

You may want to enable this on specific URLs.
Anyway, hope this helps,
N

Forum Discussion

Clickjacking protection (X-FRAME-OPTIONS) on F5 LTM 12.1.2 HF2 without using iRules

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Removing x-frame-options header from response when using APM

Beyond REST: Protecting GraphQL

Set x-frames-options header values depending on URI

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection