Dear all,
I´m testing the modsecurity_crs_43_csrf_protection.conf. I can see that the
requests to the application contains the CSRF Token. However in the error.log
I'm having the following warning when browsing the application:
ModSecurity: Warning. Match of "streq %{SESSION.CSRF_TOKEN}" against
"ARGS:CSRF_TOKEN" required. [file
"/usr/local/apache/conf/crs/activated_rules/modsecurity_crs_43_csrf_protection.conf"]
[line "34"] [id "981144"] [msg "CSRF Attack Detected - Invalid Token."]
[hostname "xxxxx"] [uri "xxxxxx"] [unique_id "xxxxxxxxxxxxxx"]
What should I do to fix this warning.
Thanks,
Dauto
-
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
