URLAccessModeWarn:URLAccessPermitted URLAccessDetail CSRFAttack Missing harness ID ?
Hi
Lots of CRSFAttack Warning in the logs, are they valid warning and how can I get rid of them?
Date: Tue Nov 10 08:00:47 EST 2015 (1447102847209)
Thread: http-bio-8080-exec-77
Message #: 24
Level: WARN
NDC:
Category: com.pega.pegarules.session.internal.mgmt.util.URLAccessContext
Message: URLAccessModeWarn:URLAccessPermitted URLAccessDetail CSRFAttack Missing harness ID :From @baseclass.doUIAction openAssignment :CVG 1 0 1 0 0 :MQD readOnly=false&action=openAssignment&UserIdentifier=admin%40sc1&key=SC1-DIV-UNIT-MYAPP1-WORK+A-3&pyActivity=%40baseclass.doUIAction
Location:
Thrown:
Regards
Seri
Pegasystems Inc.
US
Seri,
Do believe that the warnings are false positives? If so, one common reason is clients leaving sessions idle for long periods of time and using an out of date harness ID. Another possible reason is attempting to replay older traffic as part of testing and using an obselete harness ID instead of the current harness ID
Matt
Updated: 2 Mar 2016 22:21 EST
Pegasystems Inc.
AU
Hi Matt,
From what I can see, there are too many CSRF messages in the logs, so I don't think it is the old/replay traffic.
I also check the DASS it has <env name="security/urlaccessmode" value="allow" /> in place ????? but the CSRF messaegs everywhere...
Please check the log attached.
Updated: 2 May 2016 10:27 EDT
We are seeing similar Warnings in Log file followed by 'ConcurrentModificationException'. We noticed that the user is leaving the Pega case Open and leave their sessions idle for quite sometime. After they are back they want to resume their work. As soon they try to take any action on the Case they get below error:
| Status | fail |
| Message | There has been an issue; please consult your system administrator |
Here is the Log extract during this time:
We are seeing similar Warnings in Log file followed by 'ConcurrentModificationException'. We noticed that the user is leaving the Pega case Open and leave their sessions idle for quite sometime. After they are back they want to resume their work. As soon they try to take any action on the Case they get below error:
| Status | fail |
| Message | There has been an issue; please consult your system administrator |
Here is the Log extract during this time:
2016-04-29 23:13:39,579 [http-bio-80-exec-165] [ STANDARD] [ ] [ COrig:01.03] ( mgmt.util.URLAccessContext) WARN assassinvine1|XXX.XXXX.XX.XX - URLAccessModeWarn:URLAccessPermitted URLAccessDetail CSRFAttack Missing harness ID
2016-04-29 23:13:43,740 [egaRULES-MasterAgent] [ STANDARD] [ ] [ ] ( internal.async.Agent) INFO - System date: Fri Apr 29 23:13:43 CEST 2016 Total memory: 3,655,335,936 Free memory: 2,078,551,296 Requestor Count: 16 Shared Pages memory usage: 0%
2016-04-29 23:14:35,932 [http-bio-80-exec-166] [TABTHREAD5] [ ] [ COrig:01.03] ( internal.mgmt.Executable) ERROR assassinvine1|XXX.XX.XX.XX [email protected] - Exception
- java.util.ConcurrentModificationException
at java.util.HashMap$HashIterator.nextNode(HashMap.java:1429)
at java.util.HashMap$ValueIterator.next(HashMap.java:1458)
Would appreciate if anyone can help resolve this issue.
Regards.