URL-Pattern in clickjacking filter for web.xml

Explorer ,
Oct 18, 2016 Oct 18, 2016

Copy link to clipboard

Copied

I'm trying to figure out the correct url mapping for blocking clickjacking on my client's site.  The URL follows the pattern: "https://abc.def.xyz.com/".  Right now I have the following in the web.xml file, but it doesn't seem to work.

<filter-mapping>
  
<filter-name>CFClickJackFilterSameOrigin</filter-name>
  
<url-pattern>/CFIDE/administrator/*</url-pattern>
</filter-mapping>

<filter-mapping>
  
<filter-name>CFClickJackFilterDeny</filter-name>
  
<url-pattern>/ABC/*</url-pattern>
</filter-mapping>

I read some of the other posts and have seen references on how to handle it if we had subdirectories (for example, if the site was actually https://abc.def.xyz.com/app_v6", I could use "/app_v6" for the url mapping, and indeed that works on my development machine where I'm using "localhost/abc" for my development site.  However, we don't have that sort of structure on the production server.  I am wondering if "/abc.def.xyz.com/*" would work.  Or other suggestions?? 

This site is currently the only site on this server.  I didn't want to use "/*" with the Deny filter because I'm concerned that we could then no longer use the cf administrator.  I'm not usually the person doing the server side configuration, but the person who does is in the hospital, so not available, so trying to figure it out on my own.  Any thoughts?

Views

319

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
no replies

Have something to add?

Join the conversation