Forum Discussion

Cirrostratus

Nov 16, 2016

ASM CSRF protection- how this works and effectiveness

Hi, I am trying to figure out how effective CSRF protection in ASM? How ASM effectively blocks the CSRF? I know this is by using anti-CSRF token but could you enlighten me with some more details? ...

Cirrocumulus

Nov 21, 2016

At a high level it injects a Javascript token into the response. See Overview of the ASM CSRF protection feature for more details.

For this reason it may not always be compatible with you web application and so i would strongly suggest a DEV or UAT environment first. If the web app itself can be configured to use CSRF protection then that's probably the best place for it as it should integrate better. That being said if a web app doesn't allow this feature then using ASM is fairly simple and straightforward to setup.

Hope this helps,

Forum Discussion

ASM CSRF protection- how this works and effectiveness

Recent Discussions

Portal Access to HTTPS resources slow

Cannot login to Avaya wanx using f5 apm network access

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

Can iRule be used to perform exception of IPI category based on Geolocation

BWC iRule

Related Content

Beyond REST: Protecting GraphQL

L7 DoS Protection with NGINX App Protect DoS

Managing NGINX App Protect WAF for Beginners

F5 Distributed Cloud Bot Defense Protecting AWS CloudFront Distributions

Cookie-based DDoS protection