Return
-
Title
Preventing the Web Interface from being run in a Frame -
Description
Active Roles Server 6.7 and 6.8 Web Interfaces fully support being run in an HTML iframe as a feature. This can mean that a security audit may determine that the Web Interface is vulnerable to a Cross-Frame Scripting (XFS) exploitation. -
Resolution
In order to prevent an XFS exploitation, insert the following into the web.config file used by all Web Interface sites:
<system.webServer>
...
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
...
</system.webServer>With Active Roles Server 6.7, for example, this file is located at C:\Program Files\Quest Software\ActiveRoles Server\Web Interface 6.7\6.7.0\Public\web.config
Leave a Comment
- Self Service Tools
- Knowledge Base
- Notifications & Alerts
- Product Support
- Software Downloads
- Technical Documentation
- User Forums
- Video Tutorials
- Contact Us
- Technical Support
- View All
- Product(s):
-
Active Roles
6.9, 6.8, 6.7
- Topic(s):
- Configuration
- Article History:
- Created on: 6/3/2015
Last Update on: 6/4/2015
- Author:
- Terrance Crombie
- Search All Articles
-