Additional menu

Geekflare

Technology Blog, Web Tools and Resources to Supercharge Site and Business

F5 irule to Protect Clickjacking Attack using X-FRAME-OPTIONS

Netsparker Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

by | | Security, Startup

Secure Clickjacking Attack with X-Frame-Options using F5 iRule

There are multiple ways to add X-Frame-Options header in your web applications.

However, implementing through F5 load balancer is probably the easiest one.

By doing at a network edge using F5 iRule give you the advantage of making changes no fly.

That’s right; you don’t need to restart any services hence no downtime.

There are three settings for X-Frame-Options:

  1. SAMEORIGIN: This configuration will allow the page to be displayed in a frame on the same origin as the page itself.
  2. DENY: This setting will prevent a page displaying in a frame or iframe.
  3. ALLOW-FROM uri: allow resources to load only on specified origin.

To implement in F5 irule

  • Create irule with following
when HTTP_RESPONSE {
HTTP::header insert "X-FRAME-OPTIONS" "SAMEORIGIN"
}
  • Associate this irule to respective Virtual server

To verify

Use browser’s inbuilt developer tools to examine the response headers or online using HTTP Header checker tool.

You see it’s three line which does the job! Learn more about iRule here.

More Reading

Why to pay more?

A curated list of best deals for your website and business. Save some $$$ this season to treat yourself or your family.

Astra

Build a unique website with Astra theme. The great thing is, its light-weight and neatly coded. Tons of customization with just few clicks.

GET 25% OFF

Keeper

A password manager to store your online passwords securely. Stay protected from data breaches and cyber-attacks.

GET 30% OFF

Udemy

Upgrade your skills by taking an online course. More than 100,000 courses to choose from. You can learn from anywhere, any devices.

GET 90% OFF

Thor

A powerful security software to protect from viruses, malware, ransomware, online threats. Secure your data and online identity today!

GET 70% OFF

A2 Hosting

Load your website up-to 20 times faster by hosting on A2 platform. Free SSL cert, WordPress optimized server, money-back and more.

GET 60% OFF

Malcare

A smart firewall and security plugin for WordPress to keep it secure from malicious requests, online threats, spam and more.

GET 25% OFF