Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Rajesh Elumai (RajeshE26)
Estes Express Lines

Estes Express Lines
US
RajeshE26 Member since 2021 3 posts
Estes Express Lines
Posted: Jun 29, 2021
Last activity: Jul 2, 2021
Posted: 29 Jun 2021 6:48 EDT
Last activity: 2 Jul 2021 13:45 EDT
Closed

SECU0008: Received Cross Site Request Forgery attack detected alerts

We are receiving Cross Site Request Forgery attack detected and was blocked alerts in huge numbers in our prod environment

***Edited by Moderator Marissa to update Content Type from Discussion to Question; update platform capability tags***
To see attachments, please log in.
Pega Platform 8.4.4
Security
Support Case Parallel

Posted: 3 years ago
Posted: 1 Jul 2021 17:26 EDT
Matthew Osborn (mjosborn85)
Jabil
Finance BPM Mgr
Jabil
US

@RajeshE26 , I've always seen these messages specify the exact policy element being violated. What is the exact content of the message? It's usually straightforward to map it to the Content Security Policy item to analyze.

To see attachments, please log in.
Posted: 3 years ago
Posted: 2 Jul 2021 6:59 EDT
Rajesh Elumai (RajeshE26)
Estes Express Lines

Estes Express Lines
US

@mjosborn85  Please find the below log:

 

2021-06-09 09:48:01,331 GMT*8*SECU0008*0*0*d1df64f4304f6b31f0161b81b018887d*NA*NA*HBU8MPWVS30QWIBADN0AE115S40CNHZIYA*154005*ESTES-FW-Freight-Work*CityDisp:04.01.01*12e73d3920662a7d9060056619d3887d*N*3*HBU8MPWVS30QWIBADN0AE115S40CNHZIYA*5528*default task-24*NONOSCOThread*com.pega.pegarules.session.internal.mgmt.util.URLAccessContext*prpc.estes-express.com|107.77.199.***existing requestor retrieved*Rule-Obj-Activity:Initial***@BASECLASS UIACTIONDISPLAYHARNESS #20190219T093521.627 GMT Step: 13 Circum: 0*NA****NA*NA*NA*NA*NA*NA*NA*pzActivityParams=[removed];pzHarnessID=[removed];pyActivity=pzOSCOBreakoutWrapper;UITemplatingStatus=[removed];pzActivity=[removed];*Cross Site Request Forgery attack detected and was blocked. First Activity and Last Step are from the previous request, See ParameterPage below for the request that triggered this alert : URLAccessDetail CSRFAttack Invalid harness ID HID6350004CF2186EA27B6AF1FCBD0182F0 *

To see attachments, please log in.
Posted: 3 years ago
Posted: 2 Jul 2021 13:45 EDT
Matthew Osborn (mjosborn85)
Jabil
Finance BPM Mgr
Jabil
US

@RajeshE26 , Sorry, I have little experience in this exact area. Did you do a text search on HID6350004CF2186EA27B6AF1FCBD0182F0 to see if you can identify that harness? I won't have much to add past that - if no one else replies you might be stuck creating a support request.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice