Forum Discussion
mkm_322720
Jun 06, 2017Nimbostratus
clickjacking
Can anyone help by sharing an iRule for Clickjacking.
I got a solution from my external vulnerability assessment report as below: "Send the HTTP response headers with X-Frame-Options that instruct the browser to restrict framing where it is not allowed."
- Jad_Tabbara__J1Cirrostratus
Hello mkm,
Depending on the origin of the loaded frame you can use the "SAMEORIGIN" or the "ALLOW-FROM uri"
when HTTP_RESPONSE { HTTP::header replace X-Frame-Options "SAMEORIGIN" }
or this one
when HTTP_RESPONSE { HTTP::header replace X-Frame-Options "ALLOW-FROM https://mysite.domain.com" }
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects