Forum Discussion

Nimbostratus

Jun 06, 2017

clickjacking

Can anyone help by sharing an iRule for Clickjacking. I got a solution from my external vulnerability assessment report as below: "Send the HTTP response headers with X-Frame-Options that instru...

application delivery

BIG-IP

Jad_Tabbara__J1

Cirrostratus

Jun 06, 2017

Hello mkm,

Depending on the origin of the loaded frame you can use the "SAMEORIGIN" or the "ALLOW-FROM uri"

 when HTTP_RESPONSE {
   HTTP::header replace X-Frame-Options "SAMEORIGIN"
}

or this one

 when HTTP_RESPONSE {
       HTTP::header replace X-Frame-Options "ALLOW-FROM https://mysite.domain.com"
    }

Forum Discussion

clickjacking

Recent Discussions

BD Key Failed and F5 stucked Offline state after update

APM to Forward requests for one public URL for remote clients

Unknown Bots customization.

HA Active Directory for F5 authentication

APM integration with splunk

Related Content

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection

Clickjacking iRule assist

Clickjacking

Clickjacking protection with X-Frame options