Secure Apache from Clickjacking with X-FRAME-OPTIONS

Clickjacking is a well-known web application vulnerability.

To defend against the Clickjacking attack on your Apache web server, you can use X-FRAME-OPTIONS to avoid your website being hacked by Clickjacking.

The X-Frame-Options in HTTP response header can be used to indicate whether or not a browser should be allowed to open a page in frame or iframe. This will prevent site content from being embedded into other sites.

There are three settings for X-Frame-Options:

SAMEORIGIN: This setting will allow a page to be displayed in a frame on the same origin as the page itself.
DENY: This setting will prevent a page displaying in a frame or iframe.
ALLOW-FROM uri: This setting will allow a page to be displayed only on the specified origin.

Implement in Apache

  • Login to Apache
  • Take a backup of a configuration file
  • Add following line in httpd.conf file
    Header always append X-Frame-Options SAMEORIGIN
  • Restart the respective webserver to test the application

Implement in Shared Web Hosting
If your website is hosted on shared web hosting, then you won’t have permission to modify httpd.conf. However, you can achieve this by adding the following line in the .htaccess file.

Header append X-FRAME-OPTIONS "SAMEORIGIN"

  • Security
  • 0 用戶發現這個有用
這篇文章有幫助嗎?

相關文章

How To: Back Up MySQL Databases From The Command Line

While automated backups are important, sometimes you just want to take a quick and dirty snapshot...

How To Install MariaDB on CentOS 6

MariaDB is a drop-in replacement for MySQL. It is easy to install, offers many speed and...

How to Display (List) All Jobs in Cron / Crontab

View Root’s Cron Jobs crontab -l  View a User’s Cron Jobs crontab -u username -l Example with...

How To: Automate Server Scripts With Cron

Servers can automatically perform tasks that you would otherwise have to perform yourself, such...

How to find sending spam emails and enable mail header in php.ini

- In Linux servers if there are a lot of emails in the queue "over 100" emails. you can check if...