🚀 Liran Tal

~ 1 min read

Prevent clickjacking on Drupal and other Apache web applications

share this story on
Updating Apache server configuration to use mod_headers to prevent clickjacking security issues

Security is an important aspect to keep an eye for, and this time it’s about preventing clickjacking on Drupal and other Apache web applications.

Edit apache’s configuration file, which may be your declared vhost or such, usually at a location like /etc/httpd/conf.d/default.conf and make sure the following

<IfModule mod_headers.c>
Header always append X-Frame-Options SAMEORIGIN
</IfModule>

This will disable embedding your website as an iFrame.

Liran Tal is the author of the book Node.js Secure Coding: Defending Against Command Injection Vulnerabilities

The book: Node.js Secure Coding: Defending Against Command Injection Vulnerabilities