How to Fix Clickjacking on NGINX Server in 6 Simple Steps?

What is Clickacking?

Clickjacking is the practice of tricking a user into clicking on something different from what they think they are clicking on. This often occurs in web browsers, where scripts can be used to make an invisible iframe app…


This content originally appeared on DEV Community and was authored by Keshav Malik

What is Clickacking?

Clickjacking is the practice of tricking a user into clicking on something different from what they think they are clicking on. This often occurs in web browsers, where scripts can be used to make an invisible iframe appear to the user, but the iframe loads a different website than what the user thinks. For example, when a user clicks on a “Like” button, the user might instead unknowingly be liking the attacker’s Facebook profile.

Clickjacking

How to fix Clickjacking on NGINX server?

There are multiple way to fix Clickjacking Vulnerability, but in this blog post we’ll see how to fix Clickjacking using X-Frame-Options headers.

1. Login to your server

First things first, Login to your server using ssh.

ssh root@<<server_ip>>

2. Open your NGINX Config file

To make changes in the configuration file, use any text editor to edit the file. I’ll be using vi text editor.

Use the following command to open the text editor:

sudo vi /etc/nginx/nginx.conf

Now press i to enter into insert mode (Only for vi text editor)

3. Update the Config file

In the http block of the config file, add the following code block:

add_header X-Frame-Options sameorigin always;

Once done, save the config file by pressing ESC key and then type :x and press enter. (Only for vi text editor)

4. Test the Config File

After saving the configuration file, test the file using following command:

sudo nginx -t

If the output states not successful, you have probably made some mistake in the configuration.

5. Restart NGINX Server

If the result of the above command was successful, you need to restart your server to update the changes that we have made.

sudo service nginx restart

or use sudo systemctl restart nginx

6. Verify the results

Now, we are already done with the heavy lifting. It’s time to test if Clickjacking Vulnerability is fixed or not. Vulnerable.Live is an online platform to test for Clickjacking.

Go to Vulnerable.Live and Enter your domain name.

Vulnerable.Live Dashboard

Vulnerable.Live helps test for Clickjacking and generate report and POC for the vulnerability.

Conclusion

Clickjacking is usually considered as a low hanging fruit but you never know which vulnerability hackers can exploit. Keep your Web Application secure from hackers using Vulnerable.Live.


This content originally appeared on DEV Community and was authored by Keshav Malik


Print Share Comment Cite Upload Translate Updates
APA

Keshav Malik | Sciencx (2021-09-26T18:49:17+00:00) How to Fix Clickjacking on NGINX Server in 6 Simple Steps?. Retrieved from https://www.scien.cx/2021/09/26/how-to-fix-clickjacking-on-nginx-server-in-6-simple-steps%f0%9f%94%a5/

MLA
" » How to Fix Clickjacking on NGINX Server in 6 Simple Steps?." Keshav Malik | Sciencx - Sunday September 26, 2021, https://www.scien.cx/2021/09/26/how-to-fix-clickjacking-on-nginx-server-in-6-simple-steps%f0%9f%94%a5/
HARVARD
Keshav Malik | Sciencx Sunday September 26, 2021 » How to Fix Clickjacking on NGINX Server in 6 Simple Steps?., viewed ,<https://www.scien.cx/2021/09/26/how-to-fix-clickjacking-on-nginx-server-in-6-simple-steps%f0%9f%94%a5/>
VANCOUVER
Keshav Malik | Sciencx - » How to Fix Clickjacking on NGINX Server in 6 Simple Steps?. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2021/09/26/how-to-fix-clickjacking-on-nginx-server-in-6-simple-steps%f0%9f%94%a5/
CHICAGO
" » How to Fix Clickjacking on NGINX Server in 6 Simple Steps?." Keshav Malik | Sciencx - Accessed . https://www.scien.cx/2021/09/26/how-to-fix-clickjacking-on-nginx-server-in-6-simple-steps%f0%9f%94%a5/
IEEE
" » How to Fix Clickjacking on NGINX Server in 6 Simple Steps?." Keshav Malik | Sciencx [Online]. Available: https://www.scien.cx/2021/09/26/how-to-fix-clickjacking-on-nginx-server-in-6-simple-steps%f0%9f%94%a5/. [Accessed: ]
rf:citation
» How to Fix Clickjacking on NGINX Server in 6 Simple Steps? | Keshav Malik | Sciencx | https://www.scien.cx/2021/09/26/how-to-fix-clickjacking-on-nginx-server-in-6-simple-steps%f0%9f%94%a5/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.