Forum Discussion
mkm_322720
Jun 06, 2017Nimbostratus
clickjacking
Can anyone help by sharing an iRule for Clickjacking.
I got a solution from my external vulnerability assessment report as below:
"Send the HTTP response headers with X-Frame-Options that instru...
Jad_Tabbara__J1
Jun 06, 2017Cirrostratus
Hello mkm,
Depending on the origin of the loaded frame you can use the "SAMEORIGIN" or the "ALLOW-FROM uri"
when HTTP_RESPONSE {
HTTP::header replace X-Frame-Options "SAMEORIGIN"
}
or this one
when HTTP_RESPONSE {
HTTP::header replace X-Frame-Options "ALLOW-FROM https://mysite.domain.com"
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects