For more information about cross-frame scripting (XFS) attack, see Section 8.2, Preventing Cross-Frame Scripting Attacks.
Perform the following steps to disable XFS attack in Access Gateway ESP:
In the /opt/novell/nesp/lib/webapp/WEB-INF/web.xml file, add the following tomcat filter configuration below any existing filter configurations:
<filter>
<filter-name>TomcatSameOriginFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>TomcatSameOriginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>Restart ESP.