The Sitefinity CMS Web Security module provides you a with configurable protection mechanism against Cross-Site Request Forgery (CSRF) attacks. This way you can prevent scenarios like an attacker misleading an already authenticated user into executing malicious code when the site changes state. The CSRF attacks are possible since once a user is successfully authenticated to the site, the site has no way to distinguish between a legitimate request that occurs while the user is browsing the site, or a forged request that the attacker has fooled the user into executing. The Referrer validation mechanism of Sitefinity CMS Web Security module prevents CSRF attacks via introducing a whitelist of domains the external requests to the website can originate from. By default, this list contains your licensed domains and site domains only. This way, any calls to your website services that originate from domains other than the ones configured in the Referrer validation whitelist will be blocked.
You can enable or disable the referrer validation mechanism and configure the whitelist of allowed domains.
To access the referrer validation configuration, perform the following:
You can control the redirect validation behavior by modifying the following properties:
NOTE: By default, the referrer validation mechanism is enabled for all websites running on Sitefinity CMS version 12.0 and later.
Sign up for our free beginner training. Boost your credentials through advanced courses and certification. Register for Sitefinity training and certification.
To submit feedback, please update your cookie settings and allow the usage of Functional cookies.
Your feedback about this content is important