Forum

CSRF is detected in each request in case of reverse proxy.

Akash Talole
27 April 2016, 09:08
How CSRF checking is worked? I enable CSRF for Wordpress site in reverse proxy, for each request hiawatha detects CSRF attack. how to prevent this.
Hugo Leisink
27 April 2016, 13:41
The CSRF protection works by checking the Referer header in the request. The hostname in the Referer must match the hostname of the virtual host. If the Referer is missing or the hostnames mismatch, the request is blocked.
This topic has been closed.