# Only check POST forms. If we need to, we can add GET and other HTTP methods
org.owasp.csrfguard.ProtectedMethods=POST

# By default do not check anything. ignoreAll is the same as filter coverage in web.xml
org.owasp.csrfguard.unprotected.ignoreAll=*.do
# List of actions to check, each in a separate line prefixed with org.owasp.csrfguard.protected.
org.owasp.csrfguard.protected.saveprofile=/lams/saveprofile.do

# Actions to take when a CSRF attack is attempted
org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log
org.owasp.csrfguard.action.Log.Message=CSRF attack (user: %user%, ip: %remote_ip%, uri:%request_uri%, error: %exception_message%)