Cross-site Request Forgery
Cross-site Request Forgery (CSRF) is a method of malicious access to a website, in which unauthorized commands are transmitted via a user that is trusted by the website.
To prevent CSRF attacks in LogLogic LMI, you must enable the property as per the LogLogic LMI version on your appliance:
- LogLogic LMI 5.7.0 to 6.2.1: Configuring the CSRF Setting for Apache Tomcat
- LogLogic LMI 6.3.0 or later: Configuring the CSRF Setting for Advanced Features
Configuring the CSRF Setting for Apache Tomcat
Update the CSRF setting stored in the Owasp.CsrfGuard.properties file.
In an HA setup, follow the same procedure. However, you must edit the properties file on each node and restart Apache Tomcat on each node.
Procedure
Configuring the CSRF Setting for Advanced Features
Update the CSRF setting stored in the /loglogic/conf/llsecurity.conf file.
Perform the following procedure only if Advanced Features are enabled on your appliance. To check whether Advanced Features are enabled on the appliance:
- Log in to the appliance CLI as root.
- Run the command:
> system logu status
- Log out of the appliance CLI.
Follow the same procedure for an HA setup; first on the standby node and then on the master node. This causes only one failover event.