Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Network Performance Monitor (NPM) > NPM 11.5 and later prevents an iFrame from displaying within an external web site or a custom web page

NPM 11.5 and later prevents an iFrame from displaying within an external web site or a custom web page

Overview

The Orion web configuration is changed in NPM 11.5 as a security measure to prevent Cross-Site Request Forgery (CSRF) and Clickjacking attacks.  As a result, displaying resources on Orion in an a custom web page is not possible.  

Environment

  • NPM 11.5  
  • Orion Platform 2015.1.x

Cause 

The following was added to the web config as a security measure.

 

X-Same-Domain: 1
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Resolution

Warnings:

  • Consult your System Administrator before performing the following procedure. 
  • The following changes will make the Orion Web Console vulnerable to Cross-Site Request Forgery (CSRF) and Click-jacking attacks.
  • SolarWinds strongly recommends that you only edit the web.cfg file as instructed. Any additional modifications may result in system performance issues or may create an error state.
  • Save a copy of the original web.cfg file to your local drive as a backup file, in case you need to roll back later.

 

  1. Go to the web folder. By default, it is located at C:\inetpub\SolarWinds.
  2. Open the web.cfg file for editing.
  3. Delete the following key from the file: <add name="X-Frame-Options" value="SAMEORIGIN" />
  4. Click Save.
  5. Press Ctrl+F5 from your web browser. 
Last modified
22:53, 22 Jun 2016

Tags

Classifications

Public