Securing my ASP.net MVC3 Website aganist “Click ja

2020-03-01 17:48发布

站内问答 / 前沿技术
1439 3 6

Recently I was flipping through some security issues faced by websites. Fortunately come across a new term "Click jacking"

I understood that this attack happens only if my website is loadable in an IFrame.

Further investigation helped to know that setting "x-frame-options" to "DENY" prevent the website been loaded in IFrame

But I Don't know how to implement this as I am very new to this domain?

3条回答
来,给爷笑一个
2楼-- · 2020-03-01 17:56

Just put following code under <system.webServer> section in web.config file

<httpProtocol>
  <customHeaders>
    <add name="X-Frame-Options" value="DENY"/>
  </customHeaders>
</httpProtocol>

NOTE : The X-Frame-Options header may contain one of three tokens.You either add any of these.Each one has its own significance.

  • DENY
  • SAMEORIGIN
  • ALLOW-FROM origin

For details visit MSDN blog : Combating ClickJacking With X-Frame-Options

查看更多
0人赞 添加讨论(0) 举报
霸刀☆藐视天下
3楼-- · 2020-03-01 18:07

In your Global.asax you can add the following

protected void Application_BeginRequest(object sender, EventArgs e)
{
    HttpContext.Current.Response.AddHeader("x-frame-options", "SAMEORIGIN");
}
查看更多
0人赞 添加讨论(0) 举报
Evening l夕情丶
4楼-- · 2020-03-01 18:13

Have a look at this:

https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options#Configuring_Apache

It's basically a response header sent out on all responses. You can code your site to do this for each individual page, but a better approach, if you are able to edit the configuration for JUST YOUR SITE, is to handle it there...

Both APACHE and IIS should have options for this - the IIS one seems to be here:

http://support.microsoft.com/kb/2694329

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)