Secure Apache from Cross-Frame Scripting on Ubuntu

By -

 A Cross-Frame Scripting (XFS) vulnerability can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page.     

The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering, or Cross-Site Request Forgery attacks.

To defend Clickjacking attack on Apache web server, we can use X-FRAME-OPTIONS to avoid web application being hacked from Clickjacking attack.

Browser vendors have introduced and adopted a policy-based mitigation technique using the X-FrameOptions header. Developers can use this header to instruct the browser about appropriate actions to perform if their site is included inside an iframe. 

Developers must set the X-Frame-Options header to one of the following permitted values: · 

DENY: - Deny all attempts to frame the page · 

SAMEORIGIN: -The page can be framed by another page only if it belongs to the same origin as the page being framed · 

ALLOW-FROM origin: - Developers can specify a list of trusted origins in the origin attribute. Only pages on origin are permitted to load this page inside an iframe

Secure Apache From Clickjacking Attack

we can do this by editing the apache configuration file "apache2.conf".

Step 1: Run command: sudo nano /etc/apache2/apache2.conf

Step 2: Add the following line inside Directory /var/www/html/:

Header always append X-Frame-Options SAMEORIGIN

Step 3: Save the configuration file and restart Apache.

Step 4: Run command: sudo /etc/init.d/apache2 restart

Now, you can try to open a web browser to access your web server.

Comments

Post a Comment

Popular posts from this blog

Creating Protected routes in ReactJS

By -
Protected routes are very important for any web application. Below are the code to create authenticated routes that only certain users can access based on their authentication roles. import   React , {  Component  }  from   'react' ; import  {  BrowserRouter   as   Router ,  Route ,  Switch ,  Redirect  }  from   'react-router-dom' ; import   commonService   from   './core/services/commonService' ; import   './App.css' ; import   Loader   from   './views/Loader/Loader' ; // Containers const   FrontEndLayout  =  React . lazy (()  =>   import ( './containers/FrontEndLayout/FrontEndLayout' )); const   UserLayout  =  React . lazy (()  =>   import ( './containers/UserLayout/UserLayout' )); const   loading  = ()  =>   < Loader   /> ; class   App   extends   Component  {    render (){      return  (        < Router >            < React.Suspense   fallback = { loading () } >    
Read more

Redirect http to https in codeigniter

By -
Follow below steps to redirect you non-http site to https without using .htaccess Change Configuration: go to application/config/config.php and enable hooks to true              $config['enable_hooks'] = TRUE; Create new file hooks.php if not exist other wise open file and paste code           $hook['post_controller_constructor'][] = array(                                 'function' => 'redirect_ssl',                                 'filename' => 'ssl.php',                                 'filepath' => 'hooks'                                 ); Now create a new folder hooks if not exist under application folder and then create new file ssl.php and add below code to ssl.php  <?php function redirect_ssl() {     $CI =& get_instance();     $class = $CI->router->fetch_class();     $exclude =  array('client');     if(!in_array($class,$exclude)) {       $CI->c
Read more