Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

CSRF Protection not loading the web page properly blocking the get request

When we enable CSRF Protection, it block all other Get Request aswell; In the event log it is showig as CSRF blocked.

Kindly suggest we are using 12.X version.

Note: How do we verify that browser actually using the csrf token for the request ?

regards Winston

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Winstonj,

The way to tell is to open the Developer Tools (F12 for example) and in the response body you will see extra javascript code injected in the response, probably prefaced with src=/TSbd" - this tells you CSRF protection/token is being injected. Are you enabling this on only the URL that will be used for a POST request?

Have you seen this support article? Overview of the BIG-IP ASM CSRF protection feature

It has been known to interfere with some applications, however. See K11885: The CSRF protection feature may interfere with applications that use JavaScript It's an Archived article but hopefully still helpful.

Hope this helps,

N

0