Activity for mod_csrf
-
sum41 modified a comment on discussion General Discussion
Seams to be a duplicate of https://sourceforge.net/p/mod-csrf/discussion/general/thread/17db72b6d4/ apxs -i -c mod_csrf.c -lcrypt Gives me: /usr/share/apr-1.0/build/libtool --mode=compile --tag=disable-static x86_64-linux-gnu-gcc -prefer-pic -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -DLINUX -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -c -o mod_csrf.lo mod_csrf.c...
-
I figured out how to patch this according to this post (https://stackoverflow.com/questions/26345175/correct-way-to-free-allocate-the-context-in-the-openssl) Now I can compile the module but it don't seam to be installed. Anyways I attached the patched c file maybe you know how to continue with this.
-
apxs -i -c mod_csrf.c -lcrypt Gives me: /usr/share/apr-1.0/build/libtool --mode=compile --tag=disable-static x86_64-linux-gnu-gcc -prefer-pic -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -DLINUX -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -c -o mod_csrf.lo mod_csrf.c && touch mod_csrf.slo libtool: compile: x86_64-linux-gnu-gcc -pipe -g -O2 -fstack-protector-strong...
-
Gerry Gan posted a comment on discussion General Discussion
Hi, May I ask if the compile problem has been solved? We have encountered the same problem such that the build reports the same error when SSL is of 1.1.1. It is fine when SSL is 1.0.2. Thanks.
-
Naresh Nayyar posted a comment on discussion General Discussion
Hi, I can deploy mod-csrf using below command on RHEL7. RHEL7 has SSL version 1.0.2. sudo apxs -i -c mod_csrf.c -lcrypto Now When I tried to deploy it on RHEL 8, It failed with below error. RHEL8 has SSL version 1.1.1k. Error: mod_csrf.c:449:18: warning: unused variable ‘cipher_ctx’ [-Wunused-variable] mod_csrf.c: In function ‘csrf_enc64’: mod_csrf.c:502:18: error: storage size of ‘cipher_ctx’ isn’t known EVP_CIPHER_CTX cipher_ctx; Could you please provide fix for this issue in new package? Than...
-
Pascal Buchbinder committed [r150]
EVP_CIPHER_CTX_cleanup
-
shungkai lam posted a comment on discussion General Discussion
After installing mod_csrf, POST works. I can see csrfId=... injected in the POST traffic. But when I tested GET, typing "xyz.com/test.php" into the browser, I can get the expected output (and 200 ok). while typing "xyz.com/test.php?q=yes", (parameter q is not doing anything), I am getting 403 forbidden. After observing the csrfId value in the POST traffic, if I manually append csrfId=... : "xyz.com/test.php?q=yes&csrfId=...", then I can get the expected output as if I did "xyz.com/test.php" (and...
-
Ritesh Negi posted a comment on discussion General Discussion
Thanks Pascal. That worked.
-
Installing the "openssl-devel" package will probably sove the problem.
-
Hi, I am getting below error while building the code. Has anyone built the module successfully? [root apache2]# apxs -i -c mod_csrf.c -lcrypto /usr/lib64/apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wformat-security -fno-strict-aliasing -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/httpd -I/usr/include/apr-1 -I/usr/include/apr-1 -c -o mod_csrf.lo mod_csrf.c...
-
When testing the module, I use the Apache standard modules, three optional Apache...
-
mod_csrf forces Apache to used chunked encoding by default (as the module is going...
-
additional test data
-
I've uploaded version 0.9 of mod_csrf which includes a fix to flush the remaining...
-
mod_csrf released /mod_csrf-0.9.tar.gz
-
fix: flush remaining buffer if response body pa...
-
fix: flush remaining buffer if response body pa...
-
add json test script (correct content type)
-
Thank you for sharing your findings. mod_csrf should "process" HTML responses only,...
-
John lusk modified a comment on discussion General Discussion
I'm using the Apache module called mod_csrf for preventing cross site request forgery....
-
I'm using the Apache module called mod_csrf for preventing cross site request forgery....
-
-
new id enc
-
new id enc
-
propagate env
-
REMOTE_PORT
-
REMOTE_PORT, use apr_itoa
-
REMOTE_PORT
-
href
-
typo
-
CSRF_ENFORCE, GET, rel. referer
-
ignore GET only
-
CSRF_ENFORCE and excl. for GET only
-
accepts relative referer header URI
-
-
adds message text to mod_csrf(021)
-
adds message text to mod_csrf(021) (referer hea...
-
Hi Fabrizio mod_csrf(021): is the referer header check which failes. "id" would be...
-
Fabrizio Vecchi posted a comment on discussion General Discussion
Hi everyone. I am trying to use mod_crsf on a Docker instance based on Alpine linux....
-
determine host name (server_hostname never cont...
-
add sample html pages to doc
-
more headers/(relevant bits)
-
first release, header sequence id
-
test empty var
-
0.1
-
mod_fp, FP_HeaderOrder
-
add stub (empty mod_fp)
-
remove generated file from repo
-
-
Dom posted a comment on discussion General Discussion
Hi, Since some of my pages doesn't get injected by mod_csrf by itself. I plan to...
-
add exclusion test
-
It worked ! The csrf tokens are now being injected. However, I'm finding it weird...
-
doc changes
-
you may use the csrf.js script which is included in the mod_csrf tarball
-
I see. Thank you for you reply. Can I ask where I can find the Javascript code? is...
-
Sander Goossens posted a comment on discussion General Discussion
The file and the CSRF_ScriptPath is all configured but nothing is injected. Also,...
-
You need to install the not only the module but also the JavaScript file and make...
-
You need to install the JavaScript on your server and the CSRF_ScriptPath must point...
-
Hi It is not clear to me how to use the csrfInsert function. Apparently I have to...
-
Hi, After I installed mod_csrf and also mod_parp, I'm getting 403 Forbidden on my...
-
style attribute
-
autocomplete off
-
Johannes modified a comment on discussion General Discussion
Hi, I extended the types array and it is injecting fine on first execution: var types...
-
Hi, I extended the types array and it is injecting fine on first execution: var types...
-
Hi, I extended the types array and it is injecting fine on first execution: var types...
-
Hi, I extended the types array and it is injecting fine on first execution: var types...
-
OK, I didn't understood how the module is working neither the whole csrf mecanism....
-
The ID is not stored anywhere. The idea of mod_csrf is to add the ID at client side...
-
Hojo posted a comment on discussion General Discussion
Let me first make a correction. The guy I was working with didn't realize the default...
-
We have found that the module is causing some extraneous characters printed in the...
-
We have found that the module is causing some extraneous characters printed in the...
-
Hello, I am trying to add the csrfpId to the URLs of my web-app with a rewrite-rule...
-
-
Thanks for the head up. I'll see about registering the script in the iframe and leveraging...
-
First: The injected script is only executed when loading the HTML page (same within...
-
As I'm slowly starting to understand what's going on, I made this addition: function...
-
I can't imagine why this happens...
-
-
bugfix release
-
wrong struct in dir config
-
wrong struct in dir config
-
I am having trouble using the mod with ajax calls, the firebug console says: SyntaxError:...
-
Thanks for your previous help. I'm running into another issue. In our code we have...
-
I have managed to get my configuration going though I have another, new issue. I'll...
-
yes, this is what we are doing now as a workaround: rewrite the request to the specific...
-
The usage of mod_parp is highly recommended in order to support HTML forms (where...
-
The usage of mod_parp is highly recommended in order to support HTML forms (where...
-
I am rather not skilled in doing anything with apache, yet have been charged with...
-
I guess Apache does an internal redirect to "/index.php" when accessing "/" and mod_csrf...
-
-
I am trying the module with a redhat 6.5 and it is not adding the JS when I use https://www.myhost.com...
-
the source of the project is pointing to a test-module. I already downloaded the...
-
-
using js to handle post req/body data
-
-
js
-
no no-cache
1 >
