Forum Discussion

Nimbostratus

Jun 06, 2017

clickjacking

Can anyone help by sharing an iRule for Clickjacking. I got a solution from my external vulnerability assessment report as below: "Send the HTTP response headers with X-Frame-Options that instru...

application delivery

BIG-IP

Jad_Tabbara__J1

Cirrostratus

Jun 06, 2017

Hello mkm,

Depending on the origin of the loaded frame you can use the "SAMEORIGIN" or the "ALLOW-FROM uri"

 when HTTP_RESPONSE {
   HTTP::header replace X-Frame-Options "SAMEORIGIN"
}

or this one

 when HTTP_RESPONSE {
       HTTP::header replace X-Frame-Options "ALLOW-FROM https://mysite.domain.com"
    }

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

clickjacking

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection

Clickjacking iRule assist

Clickjacking

Clickjacking protection with X-Frame options

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS