Forum Discussion

Nimbostratus

Oct 11, 2018

Clickjacking iRule assist

I have the below requirement I need to insert X-FRAME-OPTIONS "DENY" only if the requests don't originate from my domain *.123.com but I need to insert it from any other domain. How can i accomplish...

Cumulonimbus

Oct 12, 2018

Hi,

can you try this (I checked rfc but it's not clear...):

if { not([HTTP::header exists "X-Frame-Options"])}{
    HTTP::header insert X-Frame-Options {ALLOW-FROM https://domain1.f5.com/ https://domain2.f5.com/ https://domain3.f5.com/ }
} else {
    HTTP::header replace X-Frame-Options {ALLOW-FROM https://domain1.f5.com/ https://domain2.f5.com/ https://domain3.f5.com/ }
}

Just be carefull, Chrome not support Allow-From in X-Frame-Options header since a specific version, it ignores this header and blocks you in any case.

Additional point take a looke to "Content-Security-Policy" if it can help you.

keep me in touch,

regards,

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Clickjacking iRule assist

Recent Discussions

NAT for specific IPs

Upgrading BIGIP 2000S to R2600

TS Declarations for DNS

how to view list os client support via cli

automatic learning logs/report ?

Related Content

iRule assistance for subfolder redirect

iRule assistance

iRule assistance

clickjacking

iRule assistance

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS