Owasp.CsrfGuard Properties message in Stdout

Issue:

[toc on_off::hide=1]

Since installation of JasperReports Server 4.5 I find the following INFO level messages in my application server logging, how do I remove it:

INFO:

*****************************************************

* Owasp.CsrfGuard Properties

* Logger: com.jaspersoft.jasperserver.api.security.JSCsrfLogger

* NewTokenLandingPage: /jasperserver-pro/login.html

* PRNG: SHA1PRNG

* SessionKey: JASPER_CSRF_SESSION_KEY

* TokenLength: 96

* TokenName: JASPER_CSRF_TOKEN

* Ajax: true

* Rotate: true

* TokenPerPage: true

* Action: org.owasp.csrfguard.action.Rotate

* Action: org.owasp.csrfguard.action.Redirect

* Parameter: Page = /jasperserver-pro/login.html

* Action: org.owasp.csrfguard.action.Log

* Parameter: Message = potential cross-site request forgery (CSRF) attack thwarted (user:%user%, ip:%remote_ip%, uri:%request_uri%, error:%exception_message%)

*****************************************************

Resolution:

In jasperserver-proWEB-INFweb.xml file, set the following param-value to false instead of the default value of true:

Owasp.CsrfGuard.Config.Print

true

Restart to load the new change.

Recommended Comments

tony.dunlop 0

Posted November 7, 2018

- Share this comment

if you're using a reverse proxy nginx will remove any headers with underscores, you need to add underscores_in_headers on; to the server directive:

http://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers

Link to comment

Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign in

Already have an account? Sign in here.

Sign In

Owasp.CsrfGuard Properties message in Stdout

Issue:

Resolution:

See Also

Table of contents

User Feedback