Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

CSRFAttack warning message repeats in PegaRULES logfile



The following warning message is observed in the PegaRULES logfile: "URLAccessModeWarn:URLAccessPermitted URLAccessDetail CSRFAttack Missing harness ID".

User requires to know the action that must be taken to eliminate this warning.

Error Messages

"URLAccessModeWarn:URLAccessPermitted URLAccessDetail CSRFAttack Missing harness ID"

Steps to Reproduce

The issue is sporadic in nature.

Root Cause

The root cause of this problem is a backward compatibility defect in Pegasystems’ code or rules. 

A new parameter was added to RedirectAndRun that should be specified in any custom code.


The warning message can be eliminated in one or two ways.

Either these warnings can be disabled entirely using a prconfig setting.


A review of the RedirectAndRun calls in the application can be done, to ensure they all include an "action" parameter with an appropriate value.

See the following Support Article for further information on the second option mentioned:

Also to disable these warning messages entirely, one can use the following prconfig.xml file entry:
<env name="security/urlaccessmode" value="allow" />

Published January 31, 2016 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us