Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -r3cdcc421a982fe488cd3c991e2a9d4f3af0ae778 -rba624f20ff2859345d001d3477b11a32fa0c4034
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 3cdcc421a982fe488cd3c991e2a9d4f3af0ae778)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision ba624f20ff2859345d001d3477b11a32fa0c4034)
@@ -1,3 +1,11 @@
+# Only check POST forms. If we need to, we can add GET and other HTTP methods
 org.owasp.csrfguard.ProtectedMethods=POST
+
+# By default do not check anything. ignoreAll is the same as filter coverage in web.xml
+org.owasp.csrfguard.unprotected.ignoreAll=*.do
+# List of actions to check, each in a separate line prefixed with org.owasp.csrfguard.protected.
+org.owasp.csrfguard.protected.saveprofile=/lams/saveprofile.do
+
+# Actions to take when a CSRF attack is attempted
 org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log
-org.owasp.csrfguard.action.Log.Message=CSRF attack (user: %user%, ip: %remote_ip%, uri: %request_uri%, error: %exception_message%)
\ No newline at end of file
+org.owasp.csrfguard.action.Log.Message=CSRF attack (user: %user%, ip: %remote_ip%, uri:%request_uri%, error: %exception_message%)
\ No newline at end of file
Index: lams_central/web/WEB-INF/web.xml
===================================================================
diff -u -r3cdcc421a982fe488cd3c991e2a9d4f3af0ae778 -rba624f20ff2859345d001d3477b11a32fa0c4034
--- lams_central/web/WEB-INF/web.xml	(.../web.xml)	(revision 3cdcc421a982fe488cd3c991e2a9d4f3af0ae778)
+++ lams_central/web/WEB-INF/web.xml	(.../web.xml)	(revision ba624f20ff2859345d001d3477b11a32fa0c4034)
@@ -161,7 +161,7 @@
 	</filter-mapping>
 	<filter-mapping>
 		<filter-name>CSRFGuard</filter-name> 
-		<url-pattern>/*</url-pattern>
+		<url-pattern>*.do</url-pattern>
 	</filter-mapping>