Re: X-Frame-Options and security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


https://httpd.apache.org/docs/2.4/en/mod/mod_headers.html#header

What headers are returned by error pages and by redirects (e.g. 302
redirect when requesting a directory without a trailing '/')?
What headers are returned by  dynamic responses (proxied or CGI), if
you have any?

It appears to mostly be caused by bots, and on 200 pages like the homepage:

172.70.34.154 - - [10/Sep/2021:10:55:39 -0400] "GET / HTTP/1.1" 200 80189 "-" "Slackbot 1.0 (+https://api.slack.com/robots)" X:"GOFORIT" 4/4115336 704/88978/80189 H:HTTP/1.1 U:/index.php

Notice I've added the X-Frame-Options header to the LogFormat.

Maybe like this, adapting an example from the docs:

Header onsuccess unset X-Frame-Options
Header always set X-Frame-Options "SAMEORIGIN"

That fixed it, thanks.

I'm now curious how it's apparently being set by default to include GOFORIT?

Thanks,
Dave


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux