Forum Discussion
小白
Cirrus
Cirruscrsf Incorrect interception
After I have configured crsf protection and my attack is intercepted, why will my normal operation be intercepted, and the normal access of other devices under the same LAN is also intercepted. I thi...
小白Cirrus
CirrusNot so. I mean, after my computer IP attacks this vs, other computer IP's normal access to this vs is also blocked. Why is this
SamCoCirrus
CirrusOk, I realize i did not understand you were speaking about client sharing the same subnet, not servers.
From my understanding, the CSRF blocking you configured is matching normal application trafic. It's hard to explain why without more detail on your configuration and application.
Cheers,
Sam
- 小白
when 192.168.1.21 attack vs,blocking,this right
but,when another ip 192.168.1.61 ,normal access to this url is also blocked,Why is that?
- SamCo
I never go deep into csrf protection with F5 actually. Looking a this page could be a good start : https://support.f5.com/csp/article/K11930
CSRF violations
When the system detects a CSRF attack on a protected page, such as a request for a URL that does not include the appropriate token, the system issues a CSRF attack detected violation.
To prevent token hijacking, the system also supports token aging. If the token is expired, the system issues a CSRF authentication expired violation.
Looking at your URL, there is no token in the URL of the request that are send when you send ant attack, and there is one when you send a legitimate request. When it could be related to expiration in this token.
Cheers,
Sam
- 小白
Sorry, there is still no suitable solution
- 小白
This my policy's setting