Secure Apache from Clickjacking with X-FRAME-OPTIONS

by

Implement X-FRAME-OPTIONS in HTTP headers to stop Clickjacking assaults

Clickjacking is a identified vulnerability in net functions.

For instance, it was used as an assault on Twitter.

To defend the Clickjacking assault in your Apache net server you need to use X-FRAME OPTIONS to stop your web site from being hacked by Clickjacking.

The X-Body choices in HTTP response header can be utilized to point whether or not or not a browser is allowed to open a web page in body or iframe.

This prevents web site content material from being embedded in different websites.

Have you ever tried embedding Google.com as a body in your web site each time? You’ll be able to’t as a result of it is protected, and you may shield it too.

There are three settings for X-Body-Choices:

  1. SAME ORIGIN: This setting permits a web page to be displayed in a body on the identical origin because the web page itself.
  2. TO DENY: This setting prevents a web page from being displayed in a body or iframe.
  3. ALLOW-FROM uri: This setting permits a web page to be displayed solely on the desired origin.

Notice: – You too can use the Content material Safety Coverage heading to find out the way you need your web site’s content material to be embedded. Seek advice from this text for the CSP header.

Deploy in Apache, IBM HTTP Server

  • Login to Apache or IHS server
  • Again up a configuration file
  • Add the next line httpd.conf file
Header at all times append X-Body-Choices SAMEORIGIN
  • Restart the related net server to check the applying

Deploy in shared webhosting

In case your web site is hosted on shared webhosting, you do not have permission to switch httpd.conf.

Nevertheless, you possibly can obtain this by including the next line to the .htaccess file.

Header append X-FRAME-OPTIONS "SAMEORIGIN"

Change is mirrored immediately with none reboots.

Verification

You need to use any net developer instrument to view response headers. You too can use a web based instrument – Header Checker to confirm.

How did it go?

You probably have a web based enterprise, think about using Cloud WAF for all-in-one safety and monitoring.

Leave a Comment

porno izle altyazılı porno porno