Security

    X-XSS-Protection – Secure Apache from Cross-Site Scripting

    RahulBy No Comments2 Mins Read
    Securing Apache from XSS Attack

    Cross-Site Scripting (Also known as XSS) is a client-side attack by injecting malicious scripts to the web application. After that your application will be the carrier of the malicious scripts to reach the other users browser. In that case, the other user’s browser will understand the malicious scripts served from a trusted sources and will execute the script

    Secure Apache from Cross-Site Scripting

    You can set the X-XSS-Protection settings on your Apache web server to prevent cross-site scripting attacks.

    To enable the X-XSS-Protection edit Apache configuration file (For eg: /etc/httpd/conf/httpd.conf or /etc/apache2/conf-enabled/security.conf) and add the below configuration.

    Header always set X-XSS-Protection "1;  mode=block"

    Save file and close it.

    The above settings enables the XSS Filter. If the cross-site scripting attack is detected, the browser will sanitize the page and also prevent rendering of the page.

    Next, Restart Apache service to apply changes

    Text XSS Protection Settings

    Open your website in a web browser. Press F11 to open browsers inspect element window. Then view the header values for the request, You will find the header value as shown in below image.

    Enable XSS Protection in Apache

    Conclusion

    In this tutorial, you have learned basics about Cross-Site scripting attacks. Also, helped you to secure Apache server from XSS attacks.

    Share.

    I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

    Related Posts

    Leave A Reply