SECU0008 alert: Cross-site forgery attack detected and blocked

The SECU0008 security alert is generated when a cross-site request forgery (CSRF) attack was detected and blocked.

Two configuration options are available in the Pega 7 Platform for enabling CSRF protection:

  • Prior to Pega 7.2, one of these configuration options generated many false positive alerts and should be disabled by using the prconfig setting <env name="security/urlaccessmode" value="allow" />. Beginning with Pega 7.2, this setting is the default. Effective CSRF protection is achieved by using Dynamic System Settings, which are documented in Configuring CSRF protection.
  • The application can use Dynamic System Settings to mitigate CSRF attacks. If this alert is shown, it should be investigated.

Example message text

  • For a false positive alert:

Cross Site Request Forgery attack detected and was blocked : URLAccessDetail CSRFAttack Invalid harness ID HID944DBCBCE6088894071189471AE7B764

  • ​For an application that uses Dynamic System Settings to mitigate CSRF attacks:

Cross Site Request Forgery attack detected and was blocked : Invalid Referer: http://somehost:8080/prweb/PRServlet/e373l17wmp4[ASTERISK/!@9eae98e39e45051312f710b0261f0ac3!STANDARD?pzPostData=-11111111 for requestor: H11810312EF9462F677B1044F4DD879AE and URL: /e373l17wmp4[ASTERISK/!@9eae98e39efffff45051312f710b0261f0ac3!STANDARD?pyActivity=%40baseclass.pzGetFormType&ClassName=RULE-OBJ-ACTIVITY&pzHarnessID=HID5C053E2B235C6D2E55D6A25B7F984863*

Have a question? Get answers now.

Visit the Pega Support Community to ask questions, engage in discussions, and help others.