Secure Apache from Cross-Frame Scripting on Ubuntu

By -

 A Cross-Frame Scripting (XFS) vulnerability can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page.     

The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering, or Cross-Site Request Forgery attacks.

To defend Clickjacking attack on Apache web server, we can use X-FRAME-OPTIONS to avoid web application being hacked from Clickjacking attack.

Browser vendors have introduced and adopted a policy-based mitigation technique using the X-FrameOptions header. Developers can use this header to instruct the browser about appropriate actions to perform if their site is included inside an iframe. 

Developers must set the X-Frame-Options header to one of the following permitted values: · 

DENY: - Deny all attempts to frame the page · 

SAMEORIGIN: -The page can be framed by another page only if it belongs to the same origin as the page being framed · 

ALLOW-FROM origin: - Developers can specify a list of trusted origins in the origin attribute. Only pages on origin are permitted to load this page inside an iframe

Secure Apache From Clickjacking Attack

we can do this by editing the apache configuration file "apache2.conf".

Step 1: Run command: sudo nano /etc/apache2/apache2.conf

Step 2: Add the following line inside Directory /var/www/html/:

Header always append X-Frame-Options SAMEORIGIN

Step 3: Save the configuration file and restart Apache.

Step 4: Run command: sudo /etc/init.d/apache2 restart

Now, you can try to open a web browser to access your web server.

Comments

Post a Comment

Popular posts from this blog

Stop video playing when Bootstrap modal is closed

By -
If you want add a video to a Bootstrap Modal and either dismiss or close the modal  while the video is playing the video will keep on playing when you open again. So you can adjust this behaviour by adding in some JavaScript that acts to stop the video if either the modal window is clicked to close or the background is clicked to dismiss the modal. Add below JavaScript code in your files <script> jQuery(' #keredariModal ').on('hidden.bs.modal', function (e) { // do something... jQuery(' # keredariModal video ').attr("src", jQuery(" # keredariModal video ").attr("src")); }); </script>    Note: Please replace your Model ID
Read more

Creating Protected routes in ReactJS

By -
Protected routes are very important for any web application. Below are the code to create authenticated routes that only certain users can access based on their authentication roles. import   React , {  Component  }  from   'react' ; import  {  BrowserRouter   as   Router ,  Route ,  Switch ,  Redirect  }  from   'react-router-dom' ; import   commonService   from   './core/services/commonService' ; import   './App.css' ; import   Loader   from   './views/Loader/Loader' ; // Containers const   FrontEndLayout  =  React . lazy (()  =>   import ( './containers/FrontEndLayout/FrontEndLayout' )); const   UserLayout  =  React . lazy (()  =>   import ( './containers/UserLayout/UserLayout' )); const   loading  = ()  =>   < Loader   /> ; class   App ...
Read more