Forum Discussion
IT_Support_-_EC
Jul 14, 2015Nimbostratus
We are also waiting for the answer from F5 guy that we did PoC together as well but that guy is still busy and he will be able to answer us again next week T_T. Anyway, our team that did PoC sent me some screenshots of what he has done;
"The F5 configuration we have done:
Enable blocking CSRF
![Image Text](/Portals/0/Users/149/93/211093/file1.PNG)
Enable CSRF protection on the security.php link
![Image Text](/Portals/0/Users/149/93/211093/file2.PNG)
Ensure this CSRF configuration affected correct Virtual Server.
After configuration, some stranges we have got:
The request to security.php link without token is not blocked (file3.png)
![Image Text](/Portals/0/Users/149/93/211093/file3.PNG)
All F5 Javascripts are commented out when viewing the source-code of the page (file4.png)
![Image Text](/Portals/0/Users/149/93/211093/file4.PNG)
The F5 CSRF token not generated to the security.php link."
I think he already did try what your suggestions because after he saw your comments, he sent me the information above. By the way, we don't know if there is any special tool installed on the web server but i will check it later.
Thank you