For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Vijith_182946's avatar
Vijith_182946
Icon for Cirrostratus rankCirrostratus
Nov 16, 2016

ASM CSRF protection- how this works and effectiveness

Hi, I am trying to figure out how effective CSRF protection in ASM? How ASM effectively blocks the CSRF? I know this is by using anti-CSRF token but could you enlighten me with some more details?   ...
application delivery
ASM Advanced WAF
BIG-IP
security
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Nov 21, 2016

At a high level it injects a Javascript token into the response. See Overview of the ASM CSRF protection feature for more details.

 

For this reason it may not always be compatible with you web application and so i would strongly suggest a DEV or UAT environment first. If the web app itself can be configured to use CSRF protection then that's probably the best place for it as it should integrate better. That being said if a web app doesn't allow this feature then using ASM is fairly simple and straightforward to setup.

 

Hope this helps,

 

N