Security Advisories

Trustwave Press Releases

« (Updated) Mitigation of Apache Range Header DoS Attack | Main | Implementing AppSensor Detection Points in ModSecurity »

30 August 2011


Why these rules check the presence of the CSRF Token before it is appended?
I tried to use these rules but the CSRF token and the JS code were not appended and in the debug log there's the line: "Warning. Match of "eq 1" against "&ARGS:CSRF_TOKEN" required. [file "/opt/modsecurity/etc/modsecurity-crs_2.2.3/optional_rules/modsecurity_crs_43_csrf_protection.conf"] [line "31"] [id "981143"] [msg "CSRF Attack Detected - Missing CSRF Token."]"
It's right because there's not the CSRF token... but why this happens? How it works?

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Your Information

(Name is required. Email address will not be displayed with the comment.)