Overview: CSRF Protection Using Origin Validation¶

CSRF (Cross-Site Request Forgery) is an attack vector in which the authenticated victim user that visits a sensitive site, such as a bank account, is lured to click on a malicious link attempting a fraudulent operation, such as a bank transfer, on that sensitive site. The link may be sent over email or in a hidden frame in another site. WAF provides protection against CSRF attacks by validating the Origin header for AJAX POST requests (default configuration).

CSRF management on BIG-IP Next Central Manager¶

Manage CSRF protection on BIG-IP Next Central Manager
API examples: CSRF protection on BIG-IP Next Central Manager

CSRF management in BIG-IP Next Central Manager’s Policy Editor¶

Overview: CSRF Configuration
How to: Enable CSRF globally with no customization
How to: Configure a custom CSRF URL wildcard and myurl
How to: Define a custom CSRF URL and policy-wide host-name domain without subdomains

Previous Next