Forum Discussion
nathe
Mar 12, 2018Cirrocumulus
ASM has a Clickjacking feature but there isn't a core feature in LTM to provide this protection. If you don't want to use an iRule then you can create a Local Traffic Policy, something like this:
ltm policy /Common/clickjacking {
controls { response-adaptation }
requires { http }
rules {
x-frame-options_rule {
actions {
0 {
http-header
response
insert
name X-Frame-Options
value DENY
}
}
ordinal 1
}
}
strategy /Common/first-match
}
You may want to enable this on specific URLs.
Anyway, hope this helps,
N