en
  English
Phone :  +370 (5) 204-1903
Email: sales@1gbits.com

How to Secure Apache from Clickjacking Attack

Clickjacking is a kind of attack that deceives a web user to interact (in most cases by clicking) with something different to what the user wants. This type of attack could potentially send unauthorized commands or reveal user confidential information while the victim is interacting with the web pages that the user thinks are not harmful.

Security Tutorials Feb 05, 18 by Mery 2 min Read
How to Secure Apache from Clickjacking Attack

To secure yourself against Clickjacking attacks on your Apache web server, you can use X-FRAME-OPTIONS. This option will help you to prevent your website from being attacked by Clickjacking.

The X-Frame-Options in the HTTP response header can be used to indicate whether a browser has permission to open a page in frame or iframe. This will prevent embedding a site content into other sites. For example, you cannot embed Google.com in your website as a frame because it has already the security measures in place.

There are three settings for X-Frame-Options:

  1. SAMEORIGIN: This means a page must be displayed in a frame on the same origin as the page itself.
  2. DENY: This setting prevents a page from displaying in a frame or iframe.
  3. ALLOW-FROM uri: This setting allows a page to be displayed only on the specified origin.

Implement in Apache

  • Log in to the Apache or IHS server
  • Open Apache Web Server’s httpd.conf file and add the following line in it:

Header always append X-Frame-Options SAMEORIGIN

  • Then restart the Apache Web Server.
  • Test the application.

Implement in shared web hosting

If your website is hosted on shared web hosting, you will not be able to modify httpd.conf file directly. However, you can implement this setting by adding the following line in .htaccess file.

Header append X-FRAME-OPTIONS "SAMEORIGIN"

Verification

In order to view Response headers, you can use any web developer tool and you can also use an online tool – Header Checker to verify.

Conclusions

Congratulations! You have learned How to Secure Apache from Clickjacking Attacks.

If you are facing any problems with the installation, feel free to comment here. We will help you to solve the issue.

author img

Mery

Leave A Comment