SECU0008: Received Cross Site Request Forgery attack detected alerts
We are receiving Cross Site Request Forgery attack detected and was blocked alerts in huge numbers in our prod environment
Jabil
US
Estes Express Lines
US
@mjosborn85 Please find the below log:
2021-06-09 09:48:01,331 GMT*8*SECU0008*0*0*d1df64f4304f6b31f0161b81b018887d*NA*NA*HBU8MPWVS30QWIBADN0AE115S40CNHZIYA*154005*ESTES-FW-Freight-Work*CityDisp:04.01.01*12e73d3920662a7d9060056619d3887d*N*3*HBU8MPWVS30QWIBADN0AE115S40CNHZIYA*5528*default task-24*NONOSCOThread*com.pega.pegarules.session.internal.mgmt.util.URLAccessContext*prpc.estes-express.com|107.77.199.***existing requestor retrieved*Rule-Obj-Activity:Initial***@BASECLASS UIACTIONDISPLAYHARNESS #20190219T093521.627 GMT Step: 13 Circum: 0*NA****NA*NA*NA*NA*NA*NA*NA*pzActivityParams=[removed];pzHarnessID=[removed];pyActivity=pzOSCOBreakoutWrapper;UITemplatingStatus=[removed];pzActivity=[removed];*Cross Site Request Forgery attack detected and was blocked. First Activity and Last Step are from the previous request, See ParameterPage below for the request that triggered this alert : URLAccessDetail CSRFAttack Invalid harness ID HID6350004CF2186EA27B6AF1FCBD0182F0 *
Jabil
US
@RajeshE26 , Sorry, I have little experience in this exact area. Did you do a text search on HID6350004CF2186EA27B6AF1FCBD0182F0 to see if you can identify that harness? I won't have much to add past that - if no one else replies you might be stuck creating a support request.
@RajeshE26 , I've always seen these messages specify the exact policy element being violated. What is the exact content of the message? It's usually straightforward to map it to the Content Security Policy item to analyze.