Cross-site Request Forgery

Cross-site Request Forgery (CSRF) is a method of malicious access to a website, in which unauthorized commands are transmitted via a user that is trusted by the website.

To prevent CSRF attacks in LogLogic LMI, you must enable the property as per the LogLogic LMI version on your appliance:

Warning: Restarting mtask or Apache Tomcat ends all active user sessions. Therefore, you must plan this activity in advance and inform all users.

Configuring the CSRF Setting for Apache Tomcat

Update the CSRF setting stored in the Owasp.CsrfGuard.properties file.

This procedure applies to LogLogic LMI versions from 5.7.0 to 6.2.1, and to all Apache Tomcat pages.

In an HA setup, follow the same procedure. However, you must edit the properties file on each node and restart Apache Tomcat on each node.

Procedure

  1. Log in to the appliance as toor, by using SSH.
  2. Edit the file: /loglogic/tomcat/webapps/logapp20/WEB-INF/Owasp.CsrfGuard.properties.
  3. Change the value of the org.owasp.csrfguard.Enabled property to true: 
    org.owasp.csrfguard.Enabled = true
  4. Restart Apache Tomcat by running the command: 
    $ mtask -s engine_tomcat restart

Configuring the CSRF Setting for Advanced Features

Update the CSRF setting stored in the /loglogic/conf/llsecurity.conf file.

This procedure applies to LogLogic LMI version 6.3.0 or later, and to the following Advanced Features pages:
  • Advanced Search
  • Advanced Dashboard
  • All pages in the Management > Advanced Features menu

Perform the following procedure only if Advanced Features are enabled on your appliance. To check whether Advanced Features are enabled on the appliance:

  1. Log in to the appliance CLI as root.
  2. Run the command: 
    > system logu status
  3. Log out of the appliance CLI.

Follow the same procedure for an HA setup; first on the standby node and then on the master node. This causes only one failover event.

Procedure

  1. Log in as toor.
  2. Edit the file: /loglogic/conf/llsecurity.conf and change the value of the CSRF_ENABLED property to true: 
    CSRF_ENABLED = true
  3. Restart mtask by running the commands:
    1. $ mtask stop
    2. $ mtask start