Forum Discussion

Cirrocumulus

Feb 16, 2018

ASM insert CSRF although not specify URL

Hi We're using LTM/ASM with v.12.1.3 and right now we see issue as we have enable CSRF protection but we didn't specify and URL in URL list. From my understanding, F5 should insert csr...

Nimbostratus

Feb 17, 2018

see https://support.f5.com/csp/article/K11930 | Configuring CSRF protection

In the URLs List, click the URLs you want the system to examine.

Add at least one URL to the list. The system considers all URLs that are not in the list to be safe, unless another problem is discovered.

Note: Type the URL in the format: /index.html, /*/index.php, or /index.?html.

if you enable the CSRF feature, you need to specify a URL.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

ASM insert CSRF although not specify URL

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Integrate BIG-IP with AWS CloudWAN Service Insertion

Security Headers Insertion

C3D and header insert

iRule Header Insert

iRule header insert

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS