1

In order to avoid clickjacking, I need to disable iframe access to my site in a similar fashion to using an X-Header with SAMEORIGIN using apache. However I'm using SunOne web server and changing it is not an option. Is there any way to do this that doesn't require a huge rewrite of what's already on the site?

I am using CentOS for the server.

Marcel Marino
  • 113
  • 3

1 Answers1

0

http://docs.oracle.com/cd/E19554-01/819-4464-10/#wp34190

Support for Arbitrary Custom Headers

In Web Server 6.0 SP10, the set-variable SAF (Server Application Function) can be used to add custom headers to the server's HTTP responses. For example, consider the following server-id /config/obj.conf directive:

Looks like you'd want:

AuthTrans fn="set-variable" insert-srvhdrs="X-Frame-Options: SAMEORIGIN"

That said, this is a web server that was discontinued a decade ago...

Community
  • 1
ceejayoz
  • 32,469
  • 7
  • 81
  • 105
  • "That said, this is a web server that was discontinued a decade ago" Yes. Yes it was. Believe me, not my choice. Thanks, let me try that. – Marcel Marino Jun 07 '13 at 16:58
  • I feel for you dude. Hope this helps. – ceejayoz Jun 07 '13 at 17:01
  • Well, I gave you the correct answer because that is exactly what I needed. The problem is I tried to reboot the server after making the changes so they would take effect and now the website won't load. I reverted the changes and rebooted again with the same result. I'm running into the same problem as before, I have to read a lot of technical stuff to even HOPE to find what I'm looking for. – Marcel Marino Jun 07 '13 at 19:00
  • GOT IT! Someone PLEASE vote up this answer. One small caveat though, the solution is ONE LINE. Because of room if you copy and paste it, it will go into two lines, you have to bring it into one. Thanks a lot @ceejayoz – Marcel Marino Jun 07 '13 at 19:15
  • Neat, I've edited my answer to go on one line. – ceejayoz Jun 07 '13 at 19:40
  • Ah, this change doesn't work on really old browsers. That was the other problem, also resolved. Again, if anyone sees this, please vote up the answer since I can't. – Marcel Marino Jun 11 '13 at 19:02
  • Yeah, that definitely won't work in old browsers. – ceejayoz Jun 11 '13 at 19:04