This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Mod csrfprotector
mod_csrfprotector - Apache 2.x.x Modules for mitigating CSRF attacks
What is mod_csrfprotectorIts an Apache 2.x.x Module (Currently 2.2.x) under development. It can be installed and configured in any Apache Server to protect it against Cross Site Request Forgery attacks. mod_csrfprotector provides protection to both POST and GET requests (not enabled by default). How mod_csrfprotector works?Once installed in Apache Server, every request that is made to the server, and validated against CSRF attacks by the input filters. Input filter follows a protocol as mentioned by developer in configuration, which helps the module to decide weather to validated the request. The input filter checks for appropriate token sent with request. Request if forwarded to other filters or content generator (like php or cgi) in validation is successful. Otherwise, appropriate actions are taken as per configuration. For ex: 403, Forbidden header is send to client. The Output filter, checks for content type of output generated by content generator and if it is `text/html` or `text/xhtml` it appends javascript code to the output. This js code in client side is responsible for attaching CSRFP_token with every required request sent from client. Features OfferedCSRF Protection provide protection for:
Damages Mitigated
|
How to contributeTo contribute to the code fork and send a pull to: For discussions, join our mailing list: - Mailing List Current StatusUnder Development |
