Forum Discussion

Nimbostratus

Nov 02, 2018

CSRF protection blocks the whole website instead of csrf attacks only

Hi everybody Working on a VE 11.5.4 I need to activate the CSRF protection that my application does not provide. The pb is that once activated, ASM blocks everything instead of a real attack. So...

ASM Advanced WAF

security

L-CISIRH-BT-NET

Nimbostratus

Nov 02, 2018

the code i mentionned is : !-- csrf = { pn : "csrt", pv : '18196769039293321355', vh : [ ], vu : [ /^\/(.\/).$/ ], f : 0, f_cancel_onload : 0 }; if (typeof is_ajsp_running == "undefined") { is_ajsp_running = false; } //--

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

CSRF protection blocks the whole website instead of csrf attacks only

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Horizon View iApp - Big-IP 17.5

r4600 Tenant CPU Assignment

master key file on vcmp guest HA Cluster different?

F5 Health Monitor Receive String as JSON

Rewrite content in XML schema file.

Related Content

L7 DoS Protection with NGINX App Protect DoS

Cookie-based DDoS protection

Beyond REST: Protecting GraphQL

Protecting gRPC based APIs with NGINX App Protect

F5 Distributed Cloud Bot Defense Protecting AWS CloudFront Distributions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS