Forum Discussion
Leonardo_Accors
Nov 16, 2016Cirrus
Hi Shann, I'm not really expert in this type of attacs. Reading documentation (https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet) I see that X-Frame-Options HTTP header can be used to protect from CVE-2015-5178. Generally speaking, I think that it is possible to insert this HEADER by an iRule in the HTTP_RESPOND event. In this way you would supply to the missing header insertion. Regarding CVE-2015-5220, you can create a iRule that in HTTP_REQUEST event, count the number of HTTP header in the request and reject the request if this number is larger than a specific limit.
Hope this can help.
regards
Leonardo