# Only check POST forms. If we need to, we can add GET and other HTTP methods org.owasp.csrfguard.ProtectedMethods=POST # By default do not check anything. ignoreAll is the same as filter coverage in web.xml org.owasp.csrfguard.unprotected.ignoreAll=*.do # List of actions to check # Each key goes into a separate line prefixed with org.owasp.csrfguard.protected. # A key suffix must not contain a dot "." character # Admin forms org.owasp.csrfguard.protected.adminSaveConfigSettings=/lams/admin/config/save.do org.owasp.csrfguard.protected.adminSaveTimezone=/lams/admin/timezonemanagement/save.do org.owasp.csrfguard.protected.adminSaveLoginpage=/lams/admin/loginsave.do org.owasp.csrfguard.protected.adminSignupAdd=/lams/admin/signupManagement/add.do org.owasp.csrfguard.protected.adminSignupDelete=/lams/admin/signupManagement/delete.do org.owasp.csrfguard.protected.adminLtiConsumerSave=/lams/admin/ltiConsumerManagement/save.do org.owasp.csrfguard.protected.adminLtiConsumerDelete=/lams/admin/ltiConsumerManagement/delete.do org.owasp.csrfguard.protected.adminLtiConsumerToggleStatus=/lams/admin/ltiConsumerManagement/disable.do org.owasp.csrfguard.protected.adminPolicySave=/lams/admin/policyManagement/save.do org.owasp.csrfguard.protected.adminPolicyToggleStatus=/lams/admin/policyManagement/togglePolicyStatus.do org.owasp.csrfguard.protected.adminExtserverSave=/lams/admin/extserver/serversave.do org.owasp.csrfguard.protected.adminExtserverDelete=/lams/admin/extserver/delete.do org.owasp.csrfguard.protected.adminExtserverDisable=/lams/admin/extserver/disable.do org.owasp.csrfguard.protected.adminExtserverEnable=/lams/admin/extserver/enable.do org.owasp.csrfguard.protected.adminToolsDisable=/lams/admin/toolcontentlist/disable.do org.owasp.csrfguard.protected.adminToolsEnable=/lams/admin/toolcontentlist/enable.do org.owasp.csrfguard.protected.centralSaveUserProfile=/lams/saveprofile.do org.owasp.csrfguard.protected.assessmentDefineLater=/lams/tool/laasse10/authoring/definelater.do org.owasp.csrfguard.protected.assessmentSubmissionDeadline=/lams/tool/laasse10/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.assessmentSaveUserGrade=/lams/tool/laasse10/monitoring/saveUserGrade.do org.owasp.csrfguard.protected.assessmentDiscloseCorrectAnswers=/lams/tool/laasse10/monitoring/discloseCorrectAnswers.do org.owasp.csrfguard.protected.assessmentDiscloseGroupsAnswers=/lams/tool/laasse10/monitoring/discloseGroupsAnswers.do org.owasp.csrfguard.protected.chatDefineLater=/lams/tool/lachat11/authoring/definelater.do org.owasp.csrfguard.protected.chatSubmissionDeadline=/lams/tool/lachat11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.dacoDefineLater=/lams/tool/ladaco10/authoring/definelater.do org.owasp.csrfguard.protected.dokuDefineLater=/lams/tool/ladoku11/authoring/definelater.do org.owasp.csrfguard.protected.forumDefineLater=/lams/tool/lafrum11/authoring/definelater.do org.owasp.csrfguard.protected.forumAuthoringSave=/lams/tool/lafrum11/authoring/update.do org.owasp.csrfguard.protected.forumSubmissionDeadline=/lams/tool/lafrum11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.forumUpdateMark=/lams/tool/lafrum11/monitoring/updateMark.do org.owasp.csrfguard.protected.imagesDefineLater=/lams/tool/laimag10/authoring/definelater.do org.owasp.csrfguard.protected.imagesSaveNewImage=/lams/tool/laimag10/learning/saveNewImage.do org.owasp.csrfguard.protected.imagesToggleVisibility=/lams/tool/laimag10/monitoring/toggleImageVisibility.do org.owasp.csrfguard.protected.imagesUpdateImage=/lams/tool/laimag10/monitoring/updateImage.do org.owasp.csrfguard.protected.imsccDefineLater=/lams/tool/laimsc11/authoring/definelater.do org.owasp.csrfguard.protected.lamcDefineLater=/lams/tool/lamc11/authoring/definelater.do org.owasp.csrfguard.protected.lamcSubmissionDeadline=/lams/tool/lamc11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.lamcSaveUserMark=/lams/tool/lamc11/monitoring/saveUserMark.do org.owasp.csrfguard.protected.leaderSaveLeaders=/lams/tool/lalead11/monitoring/saveLeaders.do org.owasp.csrfguard.protected.laqaDefineLater=/lams/tool/laqa11/authoring/definelater.do org.owasp.csrfguard.protected.laqaSubmissionDeadline=/lams/tool/laqa11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.larsrcDefineLater=/lams/tool/larsrc11/authoring/definelater.do org.owasp.csrfguard.protected.larsrcChangeItemVisibility=/lams/tool/larsrc11/monitoring/changeItemVisibility.do org.owasp.csrfguard.protected.leaderDefineLater=/lams/tool/lalead11/authoring/definelater.do org.owasp.csrfguard.protected.mindmapDefineLater=/lams/tool/lamind10/authoring/definelater.do org.owasp.csrfguard.protected.mindmapSubmissionDeadline=/lams/tool/lamind10/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.nbDefineLater=/lams/tool/lanb11/authoring/definelater.do org.owasp.csrfguard.protected.notebookDefineLater=/lams/tool/lantbk11/authoring/definelater.do org.owasp.csrfguard.protected.notebookSubmissionDeadline=/lams/tool/lantbk11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.notebookSaveTeacherComment=/lams/tool/lantbk11/monitoring/saveTeacherComment.do org.owasp.csrfguard.protected.previewDefineLater=/lams/tool/laprev11/authoring/definelater.do org.owasp.csrfguard.protected.pixirDefineLater=/lams/tool/lapixl10/authoring/definelater.do org.owasp.csrfguard.protected.sbmtDefineLater=/lams/tool/lasbmt11/authoring/definelater.do org.owasp.csrfguard.protected.sbmtSubmissionDeadline=/lams/tool/lasbmt11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.sbmtUpdateMark=/lams/tool/lasbmt11/mark/updateMark.do org.owasp.csrfguard.protected.sbmtReleaseMarks=/lams/tool/lasbmt11/monitoring/releaseMarks.do org.owasp.csrfguard.protected.sbmtDownloadMarks=/lams/tool/lasbmt11/monitoring/downloadMarks.do org.owasp.csrfguard.protected.scribeDefineLater=/lams/tool/lascrb11/authoring/definelater.do org.owasp.csrfguard.protected.scribeAppointScribe=/lams/tool/lascrb11/monitoring/appointScribe.do org.owasp.csrfguard.protected.scratchieDefineLater=/lams/tool/lascrt11/authoring/definelater.do org.owasp.csrfguard.protected.scratchieSubmissionDeadline=/lams/tool/lascrt11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.scratchieSaveUserMark=/lams/tool/lascrt11/monitoring/saveUserMark.do org.owasp.csrfguard.protected.spreadsheetDefineLater=/lams/tool/lasprd10/authoring/definelater.do org.owasp.csrfguard.protected.surveyDefineLater=/lams/tool/lasurv11/authoring/definelater.do org.owasp.csrfguard.protected.surveySubmissionDeadline=/lams/tool/lasurv11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.taskDefineLater=/lams/tool/latask10/authoring/definelater.do org.owasp.csrfguard.protected.taskSubmissionDeadline=/lams/tool/latask10/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.taskSetVerifyByMonitor=/lams/tool/latask10/monitoring/setVerifiedByMonitor.do org.owasp.csrfguard.protected.voteDefineLater=/lams/tool/lavote11/authoring/definelater.do org.owasp.csrfguard.protected.voteSubmissionDeadline=/lams/tool/lavote11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.voteHideOpenVote=/lams/tool/lavote11/monitoring/hideOpenVote.do org.owasp.csrfguard.protected.voteShowOpenVote=/lams/tool/lavote11/monitoring/showOpenVote.do org.owasp.csrfguard.protected.wikiDefineLater=/lams/tool/lawiki10/authoring/definelater.do org.owasp.csrfguard.protected.wikiSubmissionDeadline=/lams/tool/lawiki10/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.zoomDefineLater=/lams/tool/lazoom10/authoring/definelater.do # Actions to take when a CSRF attack is attempted org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log org.owasp.csrfguard.action.Log.Message=CSRF attack (user: %user%, ip: %remote_ip%, uri:%request_uri%, error: %exception_message%)