Clickjacking protection (X-FRAME-OPTIONS) on F5 LTM 12.1.2 HF2 without using iRules

Question

Hi there,&nbsp;
I wonder if is there a setting that controls this within F5 and hopefully without resorting to using irules.&nbsp;
Thank you!&nbsp;

nathe · Answer

ASM has a Clickjacking feature but there isn't a core feature in LTM to provide this protection. If you don't want to use an iRule then you can create a Local Traffic Policy, something like this:
ltm policy /Common/clickjacking {
    controls { response-adaptation }
    requires { http }
    rules {
        x-frame-options_rule {
            actions {
                0 {
                    http-header
                    response
                    insert
                    name X-Frame-Options
                    value DENY
                }
            }
            ordinal 1
        }
    }
    strategy /Common/first-match
}

You may want to enable this on specific URLs.
Anyway, hope this helps,
N

Forum Discussion

Clickjacking protection (X-FRAME-OPTIONS) on F5 LTM 12.1.2 HF2 without using iRules

Recent Discussions

INFORM: Entrust CA will be untrusted in Chrome after Oct 31, 2024

Can BIG-IP DNS recursion only my domain?

CPU data, control and analytics plane utilization

Can import iSeries 4000 config (OS ver 1.3.x) to rSeries 5000 (f5os-a 1.5.2)?

Datagroup with address and value

Related Content

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Removing x-frame-options header from response when using APM

Set x-frames-options header values depending on URI

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection

L7 DoS Protection with NGINX App Protect DoS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS