Forum Discussion

Azerturkbank's avatar
Azerturkbank
Icon for Nimbostratus rankNimbostratus
Nov 06, 2019

CSRF-Token request header is missing when using

Hello experts.

I am in need of your help.

I am experiencing with the problem that I suppose it is related to CSRF token.

So When I connect directly to the server, every single link works properly, however over the F5, some links does not work of the web application.

I would like to highlight that ASM policy is not activated for the server. Only LTM is used.

I dived a bit deep and saw that CSRF token is missing when I connect over F5, although I can see when I directly connect to the server.

Link is below when I connect to the server itself:(result of inspection of the page)

  Request URL: http://10.10.10.15:9999/E2/pages/translog/translog.jsf?csrftoken=J58V-54U2-BHW6-Z6H4-ZU1X-XML5-WUA7-47MB

Link is below when I connect over the F5.(result of inspection of the page)

  Request URL: https://domain.test.local/E2/pages/translog/translog.jsf

 

I did a bit investigation about this problem and saw that it is not connected to the F5,but it could be related to reverse proxy behavior.

Anyway, if there is someone who encountered this problem, please help me )

application delivery
BIG-IP
LTM

1 Reply

Sort By
  • Azerturkbank's avatar
    Azerturkbank
    Icon for Nimbostratus rankNimbostratus
    Nov 07, 2019

     These two errors are weblogic side errors.

    https://webserver.test.local/E2/pages/admpages/users/showusers.jsf does not match request domain: http://webserver.test.local:80/E2/JS/csrfguard.js

     

    [Wed Nov 06 17:58:16 AZT 2019] [Error] Potential cross-site request forgery attack to /E2/pages/admpages/users/showusers.jsf from 10.10.10.150:41638