How can we help?

Why do I see WebAdmin log entries about a cross-site request forgery? What does that mean?

Follow
 
Cross-Site Request Forgery Notifications

Most of the time these entries are related to session timeouts if you have enabled CSRF Detection within our WebAdmin Settings.

Cross-Site Request Forgeries (CSRF or XSRF) are a form of attack that forces an end user to execute unwanted actions on a web application. You can find more information here (external link).

This error will occur if a user attempts to type a URL for the WebAdmin into the browser address line, or a user tries to log in after the session has timed out.  The error message will be seen in the WebAdmin Log as shown below.

xsite_1.png

 

If the WebAdmin CSRF Detection is Disabled, then these errors will not appear in the logs. To enable/disable WebAdmin CSRF Detection go to System Tools > System Configuration > WebAdmin Settings and scroll down to WebAdmin Login Settings; if WebAdmin CSRF Detection Disabled is selected then it is disabled.

xsite_2.png

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request