Forum Discussion

Squeaky's avatar
Squeaky
Icon for Nimbostratus rankNimbostratus
May 05, 2017

ASM - CSRF Protection

Hi all,

 

I've enabled CSRF protection for an application defining a URL to be protected based on a recent external scan. However with the URL defined it appears accessing the URL has an issue for legitimate requests. Is there something that I need to specifically be looking out for as I cannot seem to determine why.

 

Thanks.

 

application delivery
ASM Advanced WAF
security
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    May 05, 2017

    Squeaky, CSRF injects javascript tokens into the application traffic so this may cause an issue. other than that, do you see any log entries to show traffic being blocked by the policy, and CSRF violations in particular (Security - Event Logs - Application - Requests). If you disable CSRF does the application work?