my OWA server has suffered from click jacking and I know I have to add HTTP header
X-FRAME-OPTIONS:SAMEORIGIN
to the respond, but I don't know exactly how I can do it.
Please if any one can provide me a way to solve this issue, I'll be grateful.
On
I wouldn´t change the IIS configuration by hand. The correct way is to use the Microsoft way to configure that. So at first check the current state from that option via:
get-OWAVirtualDirectory -Identity "exchange1\owa (Default Web Site)" | select WebPartsFrameOptionsType
It that stands on "None" then you can change that to SameOrigin via the following way:
Set-OWAVirtualDirectory -Identity "exchange1\owa (Default Web Site)" -WebPartsFrameOptionsType SameOrigin
Please keep noted that AllowFrom isn´t yet supported as written here.
Optional:
You can control that via the OWA mailbox Policy:
To check the status use:
get-OwaMailboxPolicy -Identity "OWA User Policy" | select WebPartsFrameOptionsType
To change that use:
Set-OwaMailboxPolicy -Identity "OWA User Policy" -WebPartsFrameOptionsType SameOrigin
The following steps helped me to solve this problem, Here are the steps:
1- Open IIS Manager and navigate to the level you want to manage.
2- In Features View, double-click HTTP Response Headers.
3- On the HTTP Response Headers page, in the Actions pane, click Add.
4- In the Add Custom HTTP Response Header dialog box, add a header called "X-FRAME-OPTIONS", and assign it's value to "SAMEORIGIN".
5- Click OK.
For more information, Please visit the following link: http://technet.microsoft.com/en-us/library/cc753133%28v=ws.10%29.aspx
Best Regards