Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BoiceLu
New Contributor

Exception setting for HTTP Body content -iframe injection

Hello, my company website uses the Google GTM service and is triggered by the iframe tag.

We hope that the iframe alarm can be maintained to avoid being injected by hackers, but the URL of the GTM service can be set as an exception.

I have used the built-in exception exclusion function, but obviously there is no way to deal with the http body. Can anyone provide suggestions or assistance? Thank you.

 

Signature <iframe src=https://www.googletagmanager.com/ns.html?id=xxxxxxx height="0" width="0" style="display:none;visibility:hidden"></iframe>

 

Desired effect

If see other iframe tags, will be alerted, but the tag content contains src=https://www.googletagmanager.com/ns.html?id=xxxxxxx,  set exception

1 REPLY 1
dkv
New Contributor

Hi BoiceLu, did you manage it?