Forum Discussion

Nimbostratus

Apr 02, 2015

Apply APM to an iFrame - The content cannot be display in Frame

Hi, We have an application and when you click a button, it makes a call to another virtual server and opens the windows in a iFrame. When we apply our APM policy, it runs through specific c...

BIG-IP Access Policy Manager (APM)

Employee

Apr 02, 2015

Hi Nick,

This is by design to protect against Clickjacking. We insert the X-Frame-Options header in the server response and set it to DENY.

https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_SheetDefending_with_X-Frame-Options_Response_Headers

You should be able to remove the header or modify it with an iRule if needed.

Regards,

Seth

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Apply APM to an iFrame - The content cannot be display in Frame

Recent Discussions

F5 Transceiver Wavelength

F5 101 EXAM

Study Guides for 101 Exam

CPU data, control and analytics plane utilization

iRule URI rewrites don't always use the correct pool

Related Content

Applying APM on an iframe

Public IP address display

About Bot Defense can't display

Layer 7 Content Routing in F5 XC

DevCentral Content Highlights

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS