I saw in a posting on a different list that someone has written a plug-in to prevent CSRF or XSRF attacks. Kanatoko wrote: I wrote a small plugin for Guardian@JUMPERZ.NET(OSS WAF) to prevent CSRF attacks. -- From Documentation -- This plugin detects and prevents CSRF(Cross Site Request Forgery) attacks. This plugin detects CSRF attacks by doing the following. 1. Rewrites the HTTP responses. Adds unique "token"s to the each forms in the HTML pages as hidden fields. 2. Checks the HTTP requests. If the valid tokens are not found in the requests, raises alerts and blocks the requests. This plugin only works with cookie-based session management and Basic authentication. ---- For more details: http://guardian.jumperz.net/manual/en/body118.html

I saw in a posting on a different list that someone has written a plug-in to prevent CSRF or XSRF attacks. Kanatoko wrote: I wrote a small plugin for Guardian@JUMPERZ.NET(OSS WAF) to prevent CSRF attacks. -- From Documentation -- This plugin detects and prevents CSRF(Cross Site Request Forgery) attacks. This plugin detects CSRF attacks by doing the following. 1. Rewrites the HTTP responses. Adds unique "token"s to the each forms in the HTML pages as hidden fields. 2. Checks the HTTP requests. If the valid tokens are not found in the requests, raises alerts and blocks the requests. This plugin only works with cookie-based session management and Basic authentication. ---- For more details: http://guardian.jumperz.net/manual/en/body118.html