In order to prevent an XFS exploitation, insert the following into the web.config file used by all Web Interface sites:
<system.webServer>
...
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
...
</system.webServer>
With Active Roles Server 6.7, for example, this file is located at C:\Program Files\Quest Software\ActiveRoles Server\Web Interface 6.7\6.7.0\Public\web.config
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy