• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • Secure Clickjacking Attack with X-Frame-Options using F5 iRule

    There are multiple ways to add X-Frame-Options header in your web applications. However, implementing through F5 load balancer is probably the easiest one.

    By doing at a network edge using F5 iRule give you the advantage of making changes no fly.

    That’s right; you don’t need to restart any services hence no downtime.

    There are three settings for X-Frame-Options:

    • SAMEORIGIN: This configuration will allow the page to be displayed in a frame on the same origin as the page itself.
    • DENY: This setting will prevent a page displaying in a frame or iframe.
    • ALLOW-FROM uri: allow resources to load only on the specified origin.

    To implement in F5 irule

    • Create irule with following
    when HTTP_RESPONSE {
    HTTP::header insert "X-FRAME-OPTIONS" "SAMEORIGIN"
    • Associate this irule to respective Virtual server

    To verify

    Use browser’s inbuilt developer tools to examine the response headers or online using HTTP Header checker tool.

    You see it’s three-line which does the job!