Forum Discussion
ASM insert CSRF although not specify URL
Hi
We're using LTM/ASM with v.12.1.3
and right now we see issue as we have enable CSRF protection but we didn't specify and URL in URL list.
From my understanding, F5 should insert csrf in case we specify URL in URL list.
Why F5 insert it although we not specift URL list?
Is it a bug?
ps1. we have issue when using IE11 but we didn't have issue when using chrome. ps2. when using IE11, issue is occur intermittently.
Thank you
- Boggs_5738Nimbostratus
see https://support.f5.com/csp/article/K11930 | Configuring CSRF protection
In the URLs List, click the URLs you want the system to examine.
Add at least one URL to the list. The system considers all URLs that are not in the list to be safe, unless another problem is discovered.
Note: Type the URL in the format: /index.html, /*/index.php, or /index.?html.
if you enable the CSRF feature, you need to specify a URL.
- Piotrek_72347Nimbostratus
can you please share with us print screen with csrf protection configuration ?
- kridsanaCirrocumulus
FYI
We found this known issue which is a root cause for this case.
https://support.f5.com/csp/article/K13904
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com