Welcome! Log In Create A New Profile

Advanced

Re: (Semi-OT) Clickjacking countermeasure

September 22, 2016 05:08PM
I serve no ads. I even pulled my piwik so that my sites can be surfed no script. 

Can you clickjack an encrypted page? How would the browser handle two certs?


  Original Message  
From: c0nw0nk
Sent: Thursday, September 22, 2016 1:57 PM
To: nginx@nginx.org
Reply To: nginx@nginx.org
Subject: Re: (Semi-OT) Clickjacking countermeasure

If you read the OWASP page it will also mention about header stripping etc
and proxies that will remove the X-Frames headers there is no real way to
stop proxies framing your site but the X-Frame-Options combined with that
JavaScript is a good way to start it will stop the majority.

Also break their proxies is what I like to do.

For example I combine it with not allowing people to browse with JavaScript
disabled. (this is good for adverts too since ads use JavaScript so why
would you let people browse with JavaScript disabled ?)

<head>
<noscript><meta http-equiv="refresh" content="0;
URL=//www.networkflare.com/error.html"/></noscript>
</head>

There are some proxies that will still get through for example this one
shows persistence but block their IP's and problem solved
https://www.hidemyass.com/proxy

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269763,269776#msg-269776

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

(Semi-OT) Clickjacking countermeasure

gariac September 22, 2016 03:30PM

Re: (Semi-OT) Clickjacking countermeasure

c0nw0nk September 22, 2016 04:34PM

Re: (Semi-OT) Clickjacking countermeasure

gariac September 22, 2016 04:50PM

Re: (Semi-OT) Clickjacking countermeasure

c0nw0nk September 22, 2016 04:57PM

Re: (Semi-OT) Clickjacking countermeasure

gariac September 22, 2016 05:08PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 87
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready