Skip to main content
BoiceLu
BoiceLu
New Member
October 19, 2021
Question

Exception setting for HTTP Body content -iframe injection

  • October 19, 2021
  • 3 replies
  • 4348 views

Hello, my company website uses the Google GTM service and is triggered by the iframe tag.

We hope that the iframe alarm can be maintained to avoid being injected by hackers, but the URL of the GTM service can be set as an exception.

I have used the built-in exception exclusion function, but obviously there is no way to deal with the http body. Can anyone provide suggestions or assistance? Thank you.

 

Signature <iframe src=https://www.googletagmanager.com/ns.html?id=xxxxxxx height="0" width="0" style="display:none;visibility:hidden"></iframe>

 

Desired effect

If see other iframe tags, will be alerted, but the tag content contains src=https://www.googletagmanager.com/ns.html?id=xxxxxxx,  set exception

    3 replies

    dkv
    dkv
    New Member
    January 21, 2022

    Hi BoiceLu, did you manage it?

    itwwhite
    itwwhite
    New Member
    December 1, 2022

    Hi.... Did anyone find a solution to this?

    okhatab
    Staff
    okhatab
    Staff
    March 20, 2023

    Hi BoiceLu,

     

    You can disable the signature blocking the iframe and create and deploy a custom signature that will allow only the matched URL in the Response Body, and block allow other iframe URLs, using the URL expression (<iframe\b.*?\bsrc="(?!http:\/\/(URL required)).*?".*?>).

     

     

    Terms & ConditionsCookie settingsAccessibility statement