Apache ClickJacking Attack - How to Fix

What is Apache Clickjacking Attack and How to Fix

Clickjacking is a well-known web application vulnerabilities. For example, it was used as an attack on Twitter.

To defence Clickjacking attack on your Apache  HTTPD web server, you can use X-FRAME-OPTIONS to avoid your website being hacked from Clickjacking.

The X-Frame-Options in HTTP response header can be used to indicate whether or not a browser should be allowed to open a page in frame or iframe.

This will prevent site content embedded into other sites.

 

Affected versions

Apache HTTP Server based webServers like IBM HTTP Server

 

Solution

  • Login to Apache or IHS server
  • Take a backup of configuration file
  • Add following line in conf file.
Header always append X-Frame-Options SAMEORIGIN
  • Save the conf.
  • Restart the respective web server to test the application

 

Cheers