Hello,

In AM 4.2 documentation, preventing clickjacking attacks is mentioned:

http://tinyurl.com/z8hoj7w

Will this approach also work in AM 4.1?

On an AM 4.1 at a customer:

On the IDS I can find this web.xml :
/var/opt/novell/tomcat/conf/web.xml


Code:
--------------------

<!-- antiClickJackingEnabled -->
<!-- Should the anti click-jacking header -->
<!-- X-Frame-Options be added to every response? -->
<!-- [true] -->
<!-- -->
<!-- antiClickJackingOption -->
<!-- What value should be used for the header. Must -->
<!-- be one of DENY, SAMEORIGIN, ALLOW-FROM -->
<!-- (case-insensitive). [DENY] -->
<!-- -->
<!-- antiClickJackingUri IF ALLOW-FROM is used, what URI should be -->
<!-- allowed? [] -->

--------------------


Nothing about the SameOriginFilter is mentioned anywhere.

How do I enable this?

Thanks in advance,

Jacob.


--
jacmarpet
------------------------------------------------------------------------
jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=55642