webMethods OneData 10.11 | Managing Master Data with webMethods OneData | Administering webMethods OneData | Configuring Security | Protecting Against Cross-Site Scripting | Configure CSRF Guard
 
Configure CSRF Guard
Use this procedure to protect Data Manager, Reports, and Deployment from CSRF attacks.
1. Navigate to the directory, < Software AG_directory >/profiles/ODE/workspace/webapps/onedata/WEB-INF/classes/.
2. Open the Owasp.CsrfGuard.properties file.
3. Set org.owasp.csrfguard.Enabled property to true.
The default value is false.
4. Save and close the file.
5. Navigate to the directory, < Software AG_directory >/profiles/ODE/workspace/webapps/onedata/WEB-INF/.
6. Open the web.xml file.
7. In the property referer-pattern , specify a regular expression that describes the HTTP referer header value required to access the webMethods OneData.
Example: If your set the referer-pattern as .*localhost.*. webMethods OneData only allows access to requests with HTTP referer patterns starting with localhost.
Note:
The default value of referer-pattern property is .*.* . This value allows all HTTP referer patterns to access webMethods OneData.
8. Save and close the file.