Linux – Blocking iframe Access on SunOne


In order to avoid clickjacking, I need to disable iframe access to my site in a similar fashion to using an X-Header with SAMEORIGIN using apache. However I'm using SunOne web server and changing it is not an option. Is there any way to do this that doesn't require a huge rewrite of what's already on the site?

I am using CentOS for the server.

Best Answer

Support for Arbitrary Custom Headers

In Web Server 6.0 SP10, the set-variable SAF (Server Application Function) can be used to add custom headers to the server's HTTP responses. For example, consider the following server-id /config/obj.conf directive:

Looks like you'd want:

AuthTrans fn="set-variable" insert-srvhdrs="X-Frame-Options: SAMEORIGIN"

That said, this is a web server that was discontinued a decade ago...