This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
mod_csrfprotector - Apache 2.x.x Modules for mitigating CSRF attacks
What is mod_csrfprotector
Its an Apache 2.x.x Module (Currently 2.2.x) under development. It can be installed and configured in any Apache Server to protect it against Cross Site Request Forgery attacks. mod_csrfprotector provides protection to both POST and GET requests (not enabled by default).
How mod_csrfprotector works?
CSRF Protection provide protection for:
- Normal HTML forms (POST/GET)
- Normal Get requests (Not enabled by default)
- Ajax Requests (XHR)
- Dynamically generated forms
- Cross Site Request Forgery
How to contribute
To contribute to the code fork and send a pull to:
GitHub Repo - mod_csrfprotector
For discussions, join our mailing list: - Mailing List
All todos for mod_csrfprotector are listed at: todofy: mod_csrfprotector