Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Disable CSRF

    webGUI
    3
    8
    3170
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Essential last edited by

      Hello all!

      My question is how i can disable CSRF at all pages? We trying make some automation for pfsense and this check give for us some problem.

      PS and maybe pfsense have some API? or something like that?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschli
        GruensFroeschli last edited by

        It's under System–>Advanced-->Admin Access
        There you can also define alternative names which should be allowed.

        1 Reply Last reply Reply Quote 0
        • E
          Essential last edited by

          @GruensFroeschli:

          It's under System–>Advanced-->Admin Access
          There you can also define alternative names which should be allowed.

          What exactly you mean?

          1 Reply Last reply Reply Quote 0
          • GruensFroeschli
            GruensFroeschli last edited by

            I gave the answer to what you asked?
            Just tick the checkbox "Disable HTTP_REFERER enforcement check "

            1 Reply Last reply Reply Quote 0
            • E
              Essential last edited by

              @GruensFroeschli:

              I gave the answer to what you asked?
              Just tick the checkbox "Disable HTTP_REFERER enforcement check "

              This chechbox dont disable csrf check  :(

              1 Reply Last reply Reply Quote 0
              • GruensFroeschli
                GruensFroeschli last edited by

                Then what do you think it does?
                It certainly allows me to access my pfSense with any name i point to the it….

                1 Reply Last reply Reply Quote 0
                • C
                  cmb last edited by

                  The CSRF check is different and completely separate from the REFERER check. There is no way short of editing the source on all the pages to disable the CSRF checks.

                  1 Reply Last reply Reply Quote 0
                  • GruensFroeschli
                    GruensFroeschli last edited by

                    D'oh.
                    I feel stupid.
                    Sorry i mixed terms up…
                    i guess the answer is in the other thread in which you wrote where it's described how to change the code.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy