CSRF Rule Warning from ModSecurity

Question

CSRF Rule Warning from ModSecurity

I installed Owasp ModSecurity, after which there is this warning on all pages of my application.

ModSecurity: Warning. Match of "eq 1" against "&ARGS:CSRF_TOKEN" required. [file "/etc/modsecurity/activated_rules/modsecurity_crs_43_csrf_protection.conf"] [line "31"] [id "981143"] [msg "CSRF Attack Detected - Missing CSRF Token."]

I also tried to create an empty php file just for verification, this warning is shown.
From now on, I assume that the problem is no longer a code level.

Here is the source code of modsecurity_crs_43_csrf_protection.conf

Any idea on how to solve this problem?

+4

apache csrf owasp mod-security

Paengski Aug 15 '13 at 9:04

source share

1 answer

Lee richardson · Answer 1 · 2014-10-16T11:04:55+0000

This is a check of your application to make sure that you use CRSF tokens on all pages. An empty php file will complete this check because you need to encode the token in the form.

CRSF badges are used to verify postback from a web form received from your form on the page, and not from an attacker. There is additional information about this on Wikipedia: Cross-site request forgery

Your options:

Implement CRSF verification in your application and put the token.
Stop modsecurity checking for this problem by removing the link to modsecurity_crs_43_csrf_protection.conf from the activ_rules directory. This is / usr / local / apache / conf / crs / activate _rules by default

CSRF Rule Warning from ModSecurity

More articles: