Jump to content
Welcome to our new Citrix community!
  • 0

CSRF TAG check


Amin Eideh

Question

Greetings Gents,

 

Been trying to implement the CSRF TAG  check within the Citrix WAF,

However it results in a huge number of violations, with most of them being false positives.

 

The thing here is, as far as my understanding goes,

The check works as following:

 

1- Adds sort of token to each form submission

2- Checks if the response still has the same token  unmodified.

 

How is it possible to generate such a big number of false positives for such a check  mechanism?

 

Best Regards

 

 

Link to comment

1 answer to this question

Recommended Posts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...