WAF und Schutz vor CSRF

Hi RemoHehlert 

The Advance Protection firewall profile does protect the Webserver against CSRF attacks. Are you looking for anything specific in terms of CSRF? 

Hi RemoHehlert 

The Advance Protection firewall profile does protect the Webserver against CSRF attacks. Are you looking for anything specific in terms of CSRF? 

Hello, Jaydeep,

I saw the settings under Advanced Protection. But I'm not sure if which of these settings actually protect against CSRF.
Most of our pages for example do not work when form-hardening is active.
Currently I only have cookie signing and filtering enabled.
But if this is a sufficient protection I cannot judge "yet".
As an example, calls currently look like this:

2020:01:23-08:08:32 fw-1 httpd: id="0299" srcip="xx.xx.xx.xx" localip="yy.yyy.yyy.yy" size="5061" user="user" host="xx.xx.xx.xx" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="581734" url="/front/central.php" server="seite.db.de:8082" port="8082" query="" referer="seite.de:8082/_uwxctlguznw_form cookie="glpi_3f946f74140a3178722cb675d5bf6b47=4spejqjdn1sk8fdhm3t29guva3" set-cookie="uwxctlguznw_cookie=0bf38aeb60b11935621103bf93d99c94ceaf07c9;path=/;httponly;secure, HASH_uwxctlguznw_cookie=5605344D152358BE9346F0B52FD4B7C6A9E49268; path=/; httponly; secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XilGb956OVqBHw7JHhkgFQAAAJA"
20

I've seen entries with "CSRF token verification" in other posts but they are completely missing in my pages.
The documentation "KB" from Sophos is not quite as understandable from my point of view.

So if you can provide some more Information to me it would be glad

Many thanks

TBC