Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Prem Kumar (Prem733)
HCL Tech
Pega Developer
HCL Tech
IN
Prem733 Member since 2022 2 posts
HCL Tech
Posted: Sep 18, 2023
Last activity: Sep 20, 2023
Posted: 18 Sep 2023 11:17 EDT
Last activity: 20 Sep 2023 10:45 EDT
Closed

SECU0008 - Cross Site Request Forgery

I have received the SECU008 on the PEGA environments. I created the DSS for the alert but it is not working SECU008 alert is continuously triggering.

DSS Details: Pega-Engine.prconfig/security/urlaccessmode   

Value: allow

Alert Details: Cross Site Request Forgery attack detected and was blocked. First Activity and Last Step are from the previous request, See ParameterPage below for the request that triggered this alert : URLAccessDetail CSRFAttack Invalid harness ID ..........................

Please help me solve the issue.

***Edited by Moderator Marije to add Capability tags***
To see attachments, please log in.
Pega Platform 8.5.4
Pega Platform 8.6.3
Enterprise Application Development
Security
System Administration
Other Industry
Consumer Services
Senior System Architect

Posted: 2 years ago
Posted: 18 Sep 2023 14:59 EDT
Ramesh Sangili (RameshSangili)
PEGA
Lead System Architect
Pegasystems Inc.
CA

@Prem733

 

Can you please check this?

  • Beginning with Pega Platform 7.2, this setting is the default. Effective CSRF protection is achieved by using dynamic system settings, which are documented in Enabling and configuring Cross-Site Request Forgery settings .
  • The application can use dynamic system settings to mitigate CSRF attacks. If this alert is shown, it should be investigated.

As instructed on 2nd step, if the alerts are shown after making the changes, then it should be investigated with the necessary infra teams.

I hope this helps!

 

Thanks,

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice