invalid referer while checking for CSRF

Mark J. Carpio
18 June 2015, 14:15
This issue is happening on FreeBSD and Centos.

If I browse to my website the Hiawatha's error log is filling with this error:|Thu 18 Jun 2015 07:07:25 -0500|/usr/local/www/|invalid referer while checking for CSRF

This error is happening about twice per second.

I have these enabled for my VirtualHost
StartFile = index.php
#TimeForCGI = 5
UseFastCGI = PHP5
PreventCSRF = yes
PreventSQLi = yes
PreventXSS = yes

Any advice or is this expected?

Thank you!
Mark J. Carpio
18 June 2015, 14:18
Well it looks like commenting out the PreventCSRF stops the log from filling up, but that would be a nice feature to have enabled.
Hugo Leisink
18 June 2015, 18:01
Does your browser block or obfuscate the Referer header? (mostly done via an add-on for privacy reasons)
Mark J. Carpio
18 June 2015, 23:19
I use IE and Chrome and both are just the vanilla install. I think this is an issue with my php site, since it is not happening when accessing my html site. I will do some more testing. Thanks again Hugo, but I think this is an issue on my end.
Mark J. Carpio
19 June 2015, 08:02
it looks like the open source project osclass implemented anti-csrf protection.

This must be what is 'conflicting' with the Hiawatha Prevent CSRF feature. Hopefully their implementation is as good as your is.
This topic has been closed.