SECU0008 alert: Cross-site forgery attack detected and blocked
The SECU0008 security alert is generated when a cross-site request forgery (CSRF) attack was detected and blocked.
Two configuration options are available in the Pega 7 Platform for enabling CSRF protection:
- Prior to Pega 7.2, one of these configuration options generated many false positive alerts and should be disabled by using the prconfig setting
<env name="security/urlaccessmode" value="allow" />. Beginning with Pega 7.2, this setting is the default. Effective CSRF protection is achieved by using Dynamic System Settings, which are documented in Configuring CSRF protection.
- The application can use Dynamic System Settings to mitigate CSRF attacks. If this alert is shown, it should be investigated.
Example message text
- For a false positive alert:
Cross Site Request Forgery attack detected and was blocked : URLAccessDetail CSRFAttack Invalid harness ID HID944DBCBCE6088894071189471AE7B764
- For an application that uses Dynamic System Settings to mitigate CSRF attacks:
Cross Site Request Forgery attack detected and was blocked : Invalid Referer: http://somehost:8080/prweb/PRServlet/e373l17wmp4[ASTERISK/!@9eae98e39e45051312f710b0261f0ac3!STANDARD?pzPostData=-11111111 for requestor: H11810312EF9462F677B1044F4DD879AE and URL: /e373l17wmp4[ASTERISK/!@9eae98e39efffff45051312f710b0261f0ac3!STANDARD?pyActivity=%40baseclass.pzGetFormType&ClassName=RULE-OBJ-ACTIVITY&pzHarnessID=HID5C053E2B235C6D2E55D6A25B7F984863*