CSRF Protection not loading the web page properly blocking the get request

Question

When we enable CSRF Protection, it block all other Get Request aswell; In the event log it is showig as CSRF blocked.&nbsp;
Kindly suggest we are using 12.X version.&nbsp;
Note: How do we verify that browser actually using the csrf token for the request ?&nbsp;
regards
Winston&nbsp;

nathe · Answer

Winstonj,&nbsp;
The way to tell is to open the Developer Tools (F12 for example) and in the response body you will see extra javascript code injected in the response, probably prefaced with src=/TSbd" - this tells you CSRF protection/token is being injected. Are you enabling this on only the URL that will be used for a POST request?&nbsp;
Have you seen this support article? Overview of the BIG-IP ASM CSRF protection feature&nbsp;
It has been known to interfere with some applications, however. See K11885: The CSRF protection feature may interfere with applications that use JavaScript It's an Archived article but hopefully still helpful.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

CSRF Protection not loading the web page properly blocking the get request

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

Zero Trust building blocks - Machine Identity Management (MIM) and Workload Protection

L7 DoS Protection with NGINX App Protect DoS

Beyond REST: Protecting GraphQL

Cookie-based DDoS protection

Protecting gRPC based APIs with NGINX App Protect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS