RunCloud Tip! How to Configure X-Frame-Options => SAMEORIGIN

Here’s the right way to configure, enable/disable “X-Frame-Options => SAMEORIGIN” and other server hardening headers on RunCloud — hope this helps.

RunCloud SAMEORIGIN

RunCloud.io — the¬†SaaS based PHP cloud server and web hosting control panel has automated certain server hardening techniques.

In this case, enabled the “X-Frame-Options => SAMEORIGIN” header by default. Which prevents clickjacking attacks, or placing websites and their content within iframes, from a domain with a different origin than the iframe itself.

You can easily disable this in the RunCloud server manager;

RunCloud Clickjacking Protection

Navigate to your server, and the web application of your choice.

Simply uncheck the “Clickjacking Protection” button under “Settings”.

This is how the headers changed for me.

With “Clickjacking Protection” enabled;

HTTP/1.1 200 OK =>
Server => nginx-rc
Date => Wed, 11 Jul 2018 14:37:51 GMT
Content-Type => text/html; charset=utf-8
Connection => close
Vary => Accept-Encoding
Expires => Wed, 17 Aug 2005 00:00:00 GMT
Cache-Control => no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma => no-cache
Set-Cookie => c5942f215897cee787d98eae996db2ca=hqrr7f3ub3044jas36gncjk5ea; path=/; secure; HttpOnly
Last-Modified => Wed, 11 Jul 2018 14:37:51 GMT
X-Frame-Options => SAMEORIGIN
X-XSS-Protection => 1; mode=block
X-Content-Type-Options => nosniff

With “Clickjacking Protection” disabled;

HTTP/1.1 200 OK =>
Server => nginx-rc
Date => Wed, 11 Jul 2018 14:37:07 GMT
Content-Type => text/html; charset=utf-8
Connection => close
Vary => Accept-Encoding
Expires => Wed, 17 Aug 2005 00:00:00 GMT
Cache-Control => no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma => no-cache
Set-Cookie => c5942f215897cee787d98eae996db2ca=i6v9pvmbbe3hhdsqslljnp4bpi; path=/; secure; HttpOnly
Last-Modified => Wed, 11 Jul 2018 14:37:07 GMT
X-XSS-Protection => 1; mode=block
X-Content-Type-Options => nosniff

And that’s it. No need to configure anything manually as usual.

Questions about server hardening of RunCloud?
Please, place your thoughts below.

Thank you for your visit, David.

Caring is sharing.. thank you! -David

Twitter Button Facebook Button Google Button LinkedIn Button

Write a Comment

Comment