| Prev | Next |
You need to configure rules to call this plugin. At least two rules are required.
Here is a simple example.
At first, you need a rule to rewrite the HTTP responses.
In this example, the plugin rewrites all HTML pages. If the HTTP responses contain "Content-Type: text/html", the plugin adds tokens to each forms. The rule looks like this:
<rule>
id=CSRF1
revision=1
name=CSRF_Rewrite_Response
type=responseHeader
pattern=^Content-Type:.*text/html
condition=match
case_sensitive=no
log=no
action=none
command=none
plugin=net.jumperz.app.MGuardian.plugin.MCSRFDetector response Cookie JSESSIONID
</rule>
"response Cookie JSESSIONID" is the arguments. In this example, three arguments are described.
The first argument "response" means "rewrite the resopnses ( add tokens )".
The second argument "Cookie" means "session management is done by using Cookie". If Basic Authentication is used, set this argument to "Basic".
The third argument is the name of the session id ( in Cookies ). If Basic Authentication is used, you don't need to describe this argument.
Next, you need a rule to check the tokens in the HTTP requests. In this example, the plugin checks all POST requests. The rule looks like this:
<rule>
id=CSRF2
revision=1
name=CSRF_Check_Token
type=requestLine
pattern=^POST
condition=match
case_sensitive=no
log=no
action=none
command=none
plugin=net.jumperz.app.MGuardian.plugin.MCSRFDetector request Cookie JSESSIONID
</rule>
This time, the first argument is "request" and means "check tokens in the HTTP requests".
You need to configure at least two rules like the example above. One to add the tokens to the HTTP responses, another to check the tokens in the HTTP requests.