---
id: dc48f200-4404-4c0d-b579-49ab36f532fa
---

# Nginx server protection from clickjacking.
---

Clickjacking is a type of attack where a user is tricked into clicking on a malicious link or button that is disguised as a legitimate one. This can allow an attacker to take control of a user's session and perform unauthorized actions. In the context of software engineering, this incident type refers to protecting an Nginx server from clickjacking attacks. This may involve implementing measures such as X-Frame-Options headers to prevent the server from being embedded in malicious web pages.

### Parameters
```shell
export SERVER_ADDRESS="PLACEHOLDER"

export X_FRAME_OPTIONS_VALUE="PLACEHOLDER"

export NGINX_CONFIG_FILE_PATH="PLACEHOLDER"
```

## Debug

### Check if Nginx server is running
```shell
systemctl status nginx
```

### Check Nginx server headers
```shell
curl -I ${SERVER_ADDRESS}
```

### Check Nginx configuration file syntax
```shell
nginx -t
```

### Check if X-Frame-Options header is present
```shell
curl -s -D - ${SERVER_ADDRESS} | grep -i X-Frame-Options
```

## Repair

### Implement X-Frame-Options headers in the Nginx server configuration to prevent the server from being embedded in malicious web pages.
```shell


#!/bin/bash



# Set the configuration file path

CONFIG_FILE=${NGINX_CONFIG_FILE_PATH}



# Set the X-Frame-Options header value

X_FRAME_OPTIONS=${X_FRAME_OPTIONS_VALUE}



# Backup the original configuration file

cp $CONFIG_FILE $CONFIG_FILE.bak



# Add the X-Frame-Options header to the configuration file

sed -i "/^http {/a add_header X-Frame-Options $X_FRAME_OPTIONS;" $CONFIG_FILE



# Test the configuration file for syntax errors

nginx -t



# If the configuration file passes the syntax test, restart the Nginx server

if [ $? -eq 0 ]; then

    systemctl restart nginx

fi


```

### Use Content Security Policy (CSP) to restrict the types of content that can be loaded on the server, and to prevent the execution of malicious scripts.
```shell


#!/bin/bash



# Set the CSP header value

CSP_VALUE="default-src 'self'"



# Backup the original nginx configuration file

cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak



# Add the CSP header to the nginx configuration file

sed -i "/http {/a add_header Content-Security-Policy \"$CSP_VALUE\";" /etc/nginx/nginx.conf



# Test the configuration and reload nginx if it passes

nginx -t && systemctl reload nginx


```

Clickjacking is a type of attack where a user is tricked into clicking on a malicious link or button that is disguised as a legitimate one. This can allow an attacker to take control of a user's session and perform unauthorized actions. In the context of software engineering, this incident type refers to protecting an Nginx server from clickjacking attacks. This may involve implementing measures such as X-Frame-Options headers to prevent the server from being embedded in malicious web pages.


```shell
export SERVER_ADDRESS="PLACEHOLDER"

export X_FRAME_OPTIONS_VALUE="PLACEHOLDER"

export NGINX_CONFIG_FILE_PATH="PLACEHOLDER"
```


### Check if Nginx server is running

```shell
systemctl status nginx
```

### Check Nginx server headers

```shell
curl -I ${SERVER_ADDRESS}
```

### Check Nginx configuration file syntax

```shell
nginx -t
```

### Check if X-Frame-Options header is present

```shell
curl -s -D - ${SERVER_ADDRESS} | grep -i X-Frame-Options
```


### Implement X-Frame-Options headers in the Nginx server configuration to prevent the server from being embedded in malicious web pages.

```shell


#!/bin/bash



# Set the configuration file path

CONFIG_FILE=${NGINX_CONFIG_FILE_PATH}



# Set the X-Frame-Options header value

X_FRAME_OPTIONS=${X_FRAME_OPTIONS_VALUE}



# Backup the original configuration file

cp $CONFIG_FILE $CONFIG_FILE.bak



# Add the X-Frame-Options header to the configuration file

sed -i "/^http {/a add_header X-Frame-Options $X_FRAME_OPTIONS;" $CONFIG_FILE



# Test the configuration file for syntax errors

nginx -t



# If the configuration file passes the syntax test, restart the Nginx server

if [ $? -eq 0 ]; then

    systemctl restart nginx

fi


```

### Use Content Security Policy (CSP) to restrict the types of content that can be loaded on the server, and to prevent the execution of malicious scripts.

```shell


#!/bin/bash



# Set the CSP header value

CSP_VALUE="default-src 'self'"



# Backup the original nginx configuration file

cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak



# Add the CSP header to the nginx configuration file

sed -i "/http {/a add_header Content-Security-Policy \"$CSP_VALUE\";" /etc/nginx/nginx.conf



# Test the configuration and reload nginx if it passes

nginx -t && systemctl reload nginx


```


Nginx server protection from clickjacking.

Overview

Parameters

Debug

Check if Nginx server is running

Check Nginx server headers

Check Nginx configuration file syntax

Check if X-Frame-Options header is present

Repair

Implement X-Frame-Options headers in the Nginx server configuration to prevent the server from being embedded in malicious web pages.

Use Content Security Policy (CSP) to restrict the types of content that can be loaded on the server, and to prevent the execution of malicious scripts.

Learn more

Related Runbooks

Support