4.10 Disabling XFS for Resources Protected by Access Gateway

For more information about cross-frame scripting (XFS) attack, see Section 8.2, Preventing Cross-Frame Scripting Attacks.

Perform the following steps:

  1. Change to the Apache configuration directory.

    Linux: /etc/opt/novell/apache2/conf

    Windows: C:\Program Files\Novell\apache\conf

  2. Remove the # in front of LoadModule headers_module libexec/mod_headers.so.

  3. Restart Apache.

  4. Go to Access Gateways > Edit > Advanced Options and add the following Apache directive:

    <LocationMatch "/public">
    Header always append X-Frame-Options SAMEORIGIN
    </LocationMatch>

    Here, /public is an example URL path of a protected resource. Change it to the URL path of the resource for which you want to disable XFS.