ASM- CSRF protection.

Question

Dears,&nbsp;
We are encountering an issue with CSRF protection after upgrading to version 13.0.0 HF3, noting that we didn't have the issue in version 12.1.2.&nbsp;
The CSRF protection is breaking a youtube video (It is embedded in the HTML by iframe and Java scripts), As far as i know that the system only examines URLs that you add to the URL List. The system performs as though all other URLs are safe and does not examine them, in my case i am not specifying any URLs in the list but unfortunately the CSRF protection breaking some of the URLs.&nbsp;
I am wondering if there are any changes of the CSRF protection behavior in version 13.0.0 HF3 ?&nbsp;
Regards,
Muhannad&nbsp;

nathe · Answer

I'm not aware of any known change in behaviour and according to the askf5 solution article. Did you say you haven't configured any URLs? I understand you do need to. Perhaps v13 enforces this more fully than v12. &nbsp;
I would also check the release notes of v13 and, specifically, the known issues section. Search for csrf and see if v13 has introduced a bug perhaps. &nbsp;
N&nbsp;

Forum Discussion

ASM- CSRF protection.

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

How To Protect Your Applications from Cross Site Request Forgery (CSRF) with F5 Distributed Cloud

Knowledge sharing: Order of precedence for BIG-IP modules, ASM DDOS Protection, Bot Protection

Beyond REST: Protecting GraphQL

F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection feature

L7 DoS Protection with NGINX App Protect DoS