Forum Discussion
edmonaft_351139
Mar 12, 2018Nimbostratus
Clickjacking protection (X-FRAME-OPTIONS) on F5 LTM 12.1.2 HF2 without using iRules
Hi there,
I wonder if is there a setting that controls this within F5 and hopefully without resorting to using irules.
Thank you!
- natheCirrocumulus
ASM has a Clickjacking feature but there isn't a core feature in LTM to provide this protection. If you don't want to use an iRule then you can create a Local Traffic Policy, something like this:
ltm policy /Common/clickjacking { controls { response-adaptation } requires { http } rules { x-frame-options_rule { actions { 0 { http-header response insert name X-Frame-Options value DENY } } ordinal 1 } } strategy /Common/first-match }
You may want to enable this on specific URLs.
Anyway, hope this helps,
N
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects