问题
I have installed Owasp ModSecurity, after that all pages on my application have this rule alert.
ModSecurity: Warning. Match of "eq 1" against "&ARGS:CSRF_TOKEN" required.
[file "/etc/modsecurity/activated_rules/modsecurity_crs_43_csrf_protection.conf"]
[line "31"]
[id "981143"]
[msg "CSRF Attack Detected - Missing CSRF Token."]
I also tried to create a blank php file just to check, same rule alert is shown.
From this point I assume that the problem is not code level any more.
Here is the source code for modsecurity_crs_43_csrf_protection.conf
Any idea on how to solve this problem?
回答1:
It's checking your application to ensure that you're using CRSF tokens on all pages. A blank php file will fail this check because you have to code the token into the form.
CRSF tokens are used to validate a postback from a web form came from your form in the page and not from an attacker. There is more information on this on Wikipedia: Cross-site request forgery
Your options are:
- Implement CRSF checking in your application and supply the token.
- Stop modsecurity checking for this problem by removing the link to modsecurity_crs_43_csrf_protection.conf from the activated_rules directory. This is /usr/local/apache/conf/crs/activated_rules by default
来源:https://stackoverflow.com/questions/18249483/modsecurity-csrf-rule-alert