Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Network Performance Monitor (NPM) > NPM 11.5 and later prevents an iFrame from displaying within an external web site or a custom web page

NPM 11.5 and later prevents an iFrame from displaying within an external web site or a custom web page

Overview

The Orion web configuration is changed in NPM 11.5 as a security measure to prevent Cross-Site Request Forgery (CSRF) and Clickjacking attacks.  As a result, displaying resources on Orion in an a custom web page is not possible.  

Environment

  • NPM 11.5  
  • Orion Platform 2015.1.x

Cause 

The following was added to the web config as a security measure.

 

X-Same-Domain: 1
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Resolution

Warnings:

  • Consult your System Administrator before performing the following procedure. 
  • The following changes will make the Orion Web Console vulnerable to Cross-Site Request Forgery (CSRF) and Click-jacking attacks.
  • SolarWinds strongly recommends that you only edit the web.cfg file as instructed. Any additional modifications may result in system performance issues or may create an error state.
  • Save a copy of the original web.cfg file to your local drive as a backup file, in case you need to roll back later.

 

  1. Go to the web folder. By default, it is located at C:\inetpub\SolarWinds.
  2. Open the web.cfg file for editing.
  3. Delete the following key from the file: <add name="X-Frame-Options" value="SAMEORIGIN" />
  4. Click Save.
  5. Press Ctrl+F5 from your web browser. 
Last modified
22:53, 22 Jun 2016

Tags

Classifications

Public