How to turn on 'No Frame Filter' in WebVoyage to prevent clickjacking

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Overview

- The 'No Frame Filter' option in WebVoyage determines if WebVoyage can be displayed with an iframe.

- Configuring 'No Frame Filter' to "DENY" will secure the WebVoyage from iframe related vulnerabilities e.g. "Clickjacking"

- Third-party security scans may idenity WebVoyage as being vulnerable to "Clickjacking"and may recommend configuring the "X-Frame-Options" header, however if the 'No Frame Filter" option is configured to DENY, then this is unneccesary, and is a false-positive.

Goal

- Configure the 'No Frame Filter for WebVoyage

- Altered the mode parameter value for 'No Frame Filter' in web.xml

First Step

Log in to the Voyager server and open the WebVoyage web.xml file in a text editor. This file is located at : /m1/voyager/xxxdb/tomcat/vwebv/context/vwebv.