# Only check POST forms. If we need to, we can add GET and other HTTP methods org.owasp.csrfguard.ProtectedMethods=POST # By default do not check anything. ignoreAll is the same as filter coverage in web.xml org.owasp.csrfguard.unprotected.ignoreAll=*.do # List of actions to check # Each key goes into a separate line prefixed with org.owasp.csrfguard.protected. # A key suffix must not contain a dot "." character # Admin forms org.owasp.csrfguard.protected.adminSaveConfigSettings=/lams/admin/config/save.do org.owasp.csrfguard.protected.adminSaveTimezone=/lams/admin/timezonemanagement/save.do org.owasp.csrfguard.protected.adminSaveLoginpage=/lams/admin/loginsave.do org.owasp.csrfguard.protected.adminSignupAdd=/lams/admin/signupManagement/add.do org.owasp.csrfguard.protected.adminSignupDelete=/lams/admin/signupManagement/delete.do org.owasp.csrfguard.protected.adminLtiConsumerSave=/lams/admin/ltiConsumerManagement/save.do org.owasp.csrfguard.protected.adminLtiConsumerDelete=/lams/admin/ltiConsumerManagement/delete.do org.owasp.csrfguard.protected.adminLtiConsumerToggleStatus=/lams/admin/ltiConsumerManagement/disable.do org.owasp.csrfguard.protected.adminPolicySave=/lams/admin/policyManagement/save.do org.owasp.csrfguard.protected.adminPolicyToggleStatus=/lams/admin/policyManagement/togglePolicyStatus.do org.owasp.csrfguard.protected.adminExtserverSave=/lams/admin/extserver/serversave.do org.owasp.csrfguard.protected.adminExtserverDelete=/lams/admin/extserver/delete.do org.owasp.csrfguard.protected.adminExtserverDisable=/lams/admin/extserver/disable.do org.owasp.csrfguard.protected.adminExtserverEnable=/lams/admin/extserver/enable.do org.owasp.csrfguard.protected.adminToolsDisable=/lams/admin/toolcontentlist/disable.do org.owasp.csrfguard.protected.adminToolsEnable=/lams/admin/toolcontentlist/enable.do org.owasp.csrfguard.protected.adminThemeSave=/lams/admin/themeManagement/addOrEditTheme.do org.owasp.csrfguard.protected.adminThemeRemove=/lams/admin/themeManagement/removeTheme.do org.owasp.csrfguard.protected.adminSessionManagementDelete=/lams/admin/sessionmaintain/delete.do org.owasp.csrfguard.protected.adminUserDisable=/lams/admin/user/disable.do org.owasp.csrfguard.protected.adminUserEdit=/lams/admin/user/edit.do org.owasp.csrfguard.protected.adminUserRemove=/lams/admin/user/remove.do org.owasp.csrfguard.protected.adminUserDelete=/lams/admin/user/delete.do org.owasp.csrfguard.protected.adminUserSaveDetails=/lams/admin/usersave/saveUserDetails.do org.owasp.csrfguard.protected.adminClearnupPreviewLessons=/lams/admin/cleanupPreviewLessons/delete.do org.owasp.csrfguard.protected.adminOrgSave=/lams/admin/orgsave.do org.owasp.csrfguard.protected.adminOrgChangePassword=/lams/admin/orgPasswordChange/start.do org.owasp.csrfguard.protected.adminChangePasswordAction=/lams/admin/changePassword.do org.owasp.csrfguard.protected.adminOrgChangePasswordAction=/lams/admin/orgPasswordChange/changePassword.do org.owasp.csrfguard.protected.adminAssignRoles=/lams/admin/userroles.do org.owasp.csrfguard.protected.adminUserRolesSave=/lams/admin/userrolessave.do org.owasp.csrfguard.protected.adminUserOrgSave=/lams/admin/userorgsave.do org.owasp.csrfguard.protected.adminUserOrgRoleSave=/lams/admin/userorgrolesave.do org.owasp.csrfguard.protected.adminUserSearchSingle=/lams/admin/user/searchsingle.do org.owasp.csrfguard.protected.adminUserBasicList=/lams/admin/user/basiclist.do org.owasp.csrfguard.protected.adminOrgLessonClone=/lams/admin/clone/start.do org.owasp.csrfguard.protected.adminLessonsDelete=/lams/admin/organisation/deleteAllLessons.do org.owasp.csrfguard.protected.centralSaveUserProfile=/lams/saveprofile.do org.owasp.csrfguard.protected.centralOutcomeSave=/lams/outcome/outcomeSave.do org.owasp.csrfguard.protected.centralOutcomeRemove=/lams/outcome/outcomeRemove.do org.owasp.csrfguard.protected.centralOutcomeMap=/lams/outcome/outcomeMap.do org.owasp.csrfguard.protected.centralAddLessonDependency=/lams/lessonConditions/addLessonDependency.do org.owasp.csrfguard.protected.centralSetDaysToFinish=/lams/lessonConditions/setDaysToLessonFinish.do org.owasp.csrfguard.protected.centralDelLessonDependency=/lams/lessonConditions/removeLessonDependency.do org.owasp.csrfguard.protected.gradebookExportExcelCourse=/lams/gradebook/gradebookMonitoring/exportExcelCourseGradebook.do org.owasp.csrfguard.protected.gradebookExportExcelLesson=/lams/gradebook/gradebookMonitoring/exportExcelLessonGradebook.do org.owasp.csrfguard.protected.gradebookExportExcelSelectedLessons=/lams/gradebook/gradebookMonitoring/exportExcelSelectedLessons.do org.owasp.csrfguard.protected.gradebookToggleReleaseMarks=/lams/gradebook/gradebookMonitoring/toggleReleaseMarks.do org.owasp.csrfguard.protected.gradebookUpdateUserActivityData=/lams/gradebook/gradebookMonitoring/updateUserActivityGradebookData.do org.owasp.csrfguard.protected.gradebookUpdateUserLessonData=/lams/gradebook/gradebookMonitoring/updateUserLessonGradebookData.do org.owasp.csrfguard.protected.monitoringArchiveLesson=/lams/monitoring/monitoring/archiveLesson.do org.owasp.csrfguard.protected.monitoringUnarchiveLesson=/lams/monitoring/monitoring/unarchiveLesson.do org.owasp.csrfguard.protected.monitoringSuspendLesson=/lams/monitoring/monitoring/suspendLesson.do org.owasp.csrfguard.protected.monitoringUnsuspendLesson=/lams/monitoring/monitoring/unsuspendLesson.do org.owasp.csrfguard.protected.monitoringRemoveLesson=/lams/monitoring/monitoring/removeLesson.do org.owasp.csrfguard.protected.monitoringRenameLesson=/lams/monitoring/monitoring/renameLesson.do org.owasp.csrfguard.protected.monitoringGradebookOnComplete=/lams/monitoring/monitoring/gradebookOnComplete.do org.owasp.csrfguard.protected.monitoringPresenceAvailable=/lams/monitoring/monitoring/presenceAvailable.do org.owasp.csrfguard.protected.monitoringPresenceImAvailable=/lams/monitoring/monitoring/presenceImAvailable.do org.owasp.csrfguard.protected.monitoringEmailProgressDate=/lams/monitoring/emailProgress/updateEmailProgressDate.do org.owasp.csrfguard.protected.monitoringSendEmail=/lams/emailUser/send.do org.owasp.csrfguard.protected.monitoringUpdateLessonClass=/lams/monitoring/monitoring/updateLessonClass.do org.owasp.csrfguard.protected.monitoringEmailNotificationsEmailUsers=/lams/monitoring/emailNotifications/emailUsers.do org.owasp.csrfguard.protected.monitoringEmailNotificationsDel=/lams/monitoring/emailNotifications/deleteNotification.do org.owasp.csrfguard.protected.assessmentAuthoringSave=/lams/tool/laasse10/authoring/updateContent.do org.owasp.csrfguard.protected.assessmentAuthoringDefineLater=/lams/tool/laasse10/authoring/definelater.do org.owasp.csrfguard.protected.assessmentDiscloseCorrectAnswers=/lams/tool/laasse10/monitoring/discloseCorrectAnswers.do org.owasp.csrfguard.protected.assessmentDiscloseGroupsAnswers=/lams/tool/laasse10/monitoring/discloseGroupsAnswers.do org.owasp.csrfguard.protected.assessmentMonitoringSubmissionDeadline=/lams/tool/laasse10/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.assessmentSaveUserGrade=/lams/tool/laasse10/monitoring/saveUserGrade.do org.owasp.csrfguard.protected.chatAuthoringSave=/lams/tool/lachat11/authoring/updateContent.do org.owasp.csrfguard.protected.chatAuthoringDefineLater=/lams/tool/lachat11/authoring/definelater.do org.owasp.csrfguard.protected.chatMonitoringSubmissionDeadline=/lams/tool/lachat11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.dacoAuthoringSave=/lams/tool/ladaco10/authoring/update.do org.owasp.csrfguard.protected.dacoAuthoringDefineLater=/lams/tool/ladaco10/authoring/definelater.do org.owasp.csrfguard.protected.dokuAuthoringSave=/lams/tool/ladoku11/authoring/update.do org.owasp.csrfguard.protected.dokuAuthoringDefineLater=/lams/tool/ladoku11/authoring/definelater.do org.owasp.csrfguard.protected.forumAuthoringSave=/lams/tool/lafrum11/authoring/update.do org.owasp.csrfguard.protected.forumAuthoringDefineLater=/lams/tool/lafrum11/authoring/definelater.do org.owasp.csrfguard.protected.forumAuthoringCreateTopic=/lams/tool/lafrum11/authoring/createTopic.do org.owasp.csrfguard.protected.forumAuthoringDeleteTopic=/lams/tool/lafrum11/authoring/deleteTopic.do org.owasp.csrfguard.protected.forumAuthoringUpdateTopic=/lams/tool/lafrum11/authoring/updateTopic.do org.owasp.csrfguard.protected.forumAuthoringDeleteAttach=/lams/tool/lafrum11/authoring/deleteAttachment.do org.owasp.csrfguard.protected.forumMonitoringSubmissionDeadline=/lams/tool/lafrum11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.forumUpdateMark=/lams/tool/lafrum11/monitoring/updateMark.do org.owasp.csrfguard.protected.imagesAuthoringSave=/lams/tool/laimag10/authoring/update.do org.owasp.csrfguard.protected.imagesAuthoringDefineLater=/lams/tool/laimag10/authoring/definelater.do org.owasp.csrfguard.protected.imagesSaveNewImage=/lams/tool/laimag10/learning/saveNewImage.do org.owasp.csrfguard.protected.imagesToggleVisibility=/lams/tool/laimag10/monitoring/toggleImageVisibility.do org.owasp.csrfguard.protected.imagesUpdateImage=/lams/tool/laimag10/monitoring/updateImage.do org.owasp.csrfguard.protected.imsccAuthoringSave=/lams/tool/laimsc11/authoring/update.do org.owasp.csrfguard.protected.imsccAuthoringDefineLater=/lams/tool/laimsc11/authoring/definelater.do org.owasp.csrfguard.protected.lamcAuthoringSave=/lams/tool/lamc11/authoring/submitAllContent.do org.owasp.csrfguard.protected.lamcAuthoringDefineLater=/lams/tool/lamc11/authoring/definelater.do org.owasp.csrfguard.protected.lamcMonitoringSubmissionDeadline=/lams/tool/lamc11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.lamcSaveUserMark=/lams/tool/lamc11/monitoring/saveUserMark.do org.owasp.csrfguard.protected.leaderAuthoringSave=/lams/tool/lalead11/authoring/updateContent.do org.owasp.csrfguard.protected.leaderAuthoringDefineLater=/lams/tool/lalead11/authoring/definelater.do org.owasp.csrfguard.protected.leaderSaveLeaders=/lams/tool/lalead11/monitoring/saveLeaders.do org.owasp.csrfguard.protected.laqaAuthoringSave=/lams/tool/laqa11/authoring/submitAllContent.do org.owasp.csrfguard.protected.laqaAuthoringDefineLater=/lams/tool/laqa11/authoring/definelater.do org.owasp.csrfguard.protected.laqaMonitoringSubmissionDeadline=/lams/tool/laqa11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.larsrcAuthoringSave=/lams/tool/larsrc11/authoring/update.do org.owasp.csrfguard.protected.larsrcAuthoringDefineLater=/lams/tool/larsrc11/authoring/definelater.do org.owasp.csrfguard.protected.larsrcChangeItemVisibility=/lams/tool/larsrc11/monitoring/changeItemVisibility.do org.owasp.csrfguard.protected.mindmapAuthoringSave=/lams/tool/lamind10/authoring/updateContent.do org.owasp.csrfguard.protected.mindmapAuthoringDefineLater=/lams/tool/lamind10/authoring/definelater.do org.owasp.csrfguard.protected.mindmapMonitoringSubmissionDeadline=/lams/tool/lamind10/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.nbAuthoringSave=/lams/tool/lanb11/authoring/save.do org.owasp.csrfguard.protected.nbAuthoringDefineLater=/lams/tool/lanb11/authoring/definelater.do org.owasp.csrfguard.protected.notebookAuthoringSave=/lams/tool/lantbk11/authoring/updateContent.do org.owasp.csrfguard.protected.notebookAuthoringDefineLater=/lams/tool/lantbk11/authoring/definelater.do org.owasp.csrfguard.protected.notebookMonitoringSubmissionDeadline=/lams/tool/lantbk11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.notebookSaveTeacherComment=/lams/tool/lantbk11/monitoring/saveTeacherComment.do org.owasp.csrfguard.protected.previewAuthoringSave=/lams/tool/laprev11/authoring/update.do org.owasp.csrfguard.protected.previewAuthoringDefineLater=/lams/tool/laprev11/authoring/definelater.do org.owasp.csrfguard.protected.pixirAuthoringDefineLater=/lams/tool/lapixl10/authoring/definelater.do org.owasp.csrfguard.protected.pixirAuthoringSave=/lams/tool/lapixl10/authoring/updateContent.do org.owasp.csrfguard.protected.sbmtAuthoringSave=/lams/tool/lasbmt11/authoring/updateContent.do org.owasp.csrfguard.protected.sbmtAuthoringDefineLater=/lams/tool/lasbmt11/authoring/definelater.do org.owasp.csrfguard.protected.sbmtMonitoringSubmissionDeadline=/lams/tool/lasbmt11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.sbmtUpdateMark=/lams/tool/lasbmt11/mark/updateMark.do org.owasp.csrfguard.protected.sbmtReleaseMarks=/lams/tool/lasbmt11/monitoring/releaseMarks.do org.owasp.csrfguard.protected.sbmtDownloadMarks=/lams/tool/lasbmt11/monitoring/downloadMarks.do org.owasp.csrfguard.protected.scribeAuthoringSave=/lams/tool/lascrb11/authoring/updateContent.do org.owasp.csrfguard.protected.scribeAuthoringDefineLater=/lams/tool/lascrb11/authoring/definelater.do org.owasp.csrfguard.protected.scribeAppointScribe=/lams/tool/lascrb11/monitoring/appointScribe.do org.owasp.csrfguard.protected.scratchieAuthoringSave=/lams/tool/lascrt11/authoring/update.do org.owasp.csrfguard.protected.scratchieAuthoringDefineLater=/lams/tool/lascrt11/authoring/definelater.do org.owasp.csrfguard.protected.scratchieMonitoringSubmissionDeadline=/lams/tool/lascrt11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.scratchieSaveUserMark=/lams/tool/lascrt11/monitoring/saveUserMark.do org.owasp.csrfguard.protected.spreadsheetAuthoringSave=/lams/tool/lasprd10/authoring/updateContent.do org.owasp.csrfguard.protected.spreadsheetAuthoringDefineLater=/lams/tool/lasprd10/authoring/definelater.do org.owasp.csrfguard.protected.surveyAuthoringSave=/lams/tool/lasurv11/authoring/update.do org.owasp.csrfguard.protected.surveyAuthoringDefineLater=/lams/tool/lasurv11/authoring/definelater.do org.owasp.csrfguard.protected.surveyMonitoringSubmissionDeadline=/lams/tool/lasurv11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.taskAuthoringSave=/lams/tool/latask10/authoring/update.do org.owasp.csrfguard.protected.taskAuthoringDefineLater=/lams/tool/latask10/authoring/definelater.do org.owasp.csrfguard.protected.taskMonitoringSubmissionDeadline=/lams/tool/latask10/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.taskSetVerifyByMonitor=/lams/tool/latask10/monitoring/setVerifiedByMonitor.do org.owasp.csrfguard.protected.voteAuthoringSave=/lams/tool/lavote11/authoring/submitAllContent.do org.owasp.csrfguard.protected.voteAuthoringDefineLater=/lams/tool/lavote11/authoring/definelater.do org.owasp.csrfguard.protected.voteMonitoringSubmissionDeadline=/lams/tool/lavote11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.voteHideOpenVote=/lams/tool/lavote11/monitoring/hideOpenVote.do org.owasp.csrfguard.protected.voteShowOpenVote=/lams/tool/lavote11/monitoring/showOpenVote.do org.owasp.csrfguard.protected.wikiAuthoringSave=/lams/tool/lawiki10/authoring/updateContent.do org.owasp.csrfguard.protected.wikiAuthoringDefineLater=/lams/tool/lawiki10/authoring/definelater.do org.owasp.csrfguard.protected.wikiMonitoringSubmissionDeadline=/lams/tool/lawiki10/monitoring/setSubmissionDeadline.d org.owasp.csrfguard.protected.zoomAuthoringSave=/lams/tool/lazoom10/authoring/updateContent.do org.owasp.csrfguard.protected.zoomAuthoringDefineLater=/lams/tool/lazoom10/authoring/definelater.do # Actions to take when a CSRF attack is attempted org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log org.owasp.csrfguard.action.Log.Message=CSRF attack (user: %user%, ip: %remote_ip%, uri:%request_uri%, error: %exception_message%)