URLAccessModeWarn:URLAccessPermitted URLAccessDetail CSRFAttack
I am working on Pega 7.1.8. I see many logs and thread dumps in production. I see the logs as "URLAccessModeWarn:URLAccessPermitted URLAccessDetail CSRFAttack"
I read few posts in PDN but could not find a solution.Please help.
***Moderator Edit: Vidyaranjan | Updated Categories***
Accepted Solution
The warnings reported in the log are false positives, so there is no issue to resolve, other than eliminating the reporting of these by suppressing the messages. The only way to do this is to change the setting as directed above. Pega has been working on resolving this at the root level and is in the process of developing a solution for this.
I read the artickles-https://pdn.pega.com/support-articles/csrfattack-observed-logs
But i am not clear what to do to fix it.
Hi,
Please check the article : https://community.pega.com/support/support-articles/csrfattack-warning-message-repeats-pegarules-logfile
Hi Pavani,
You can try with first option as mentioned in article :
These warnings can be disabled entirely using a prconfig setting.
Also to disable these warning messages entirely, one can use the following prconfig.xml file entry:
<env name="security/urlaccessmode" value="allow" />
Accepted Solution
The warnings reported in the log are false positives, so there is no issue to resolve, other than eliminating the reporting of these by suppressing the messages. The only way to do this is to change the setting as directed above. Pega has been working on resolving this at the root level and is in the process of developing a solution for this.
Hi All,
We are seeing the same issue in PEGA 7.3.1 version also, need to know if the following is false positive alarm can we have HFIX at the code level to fix this issue once for all, as the suggested DSS change is not suggested to be used in the production system.