About CSRF

According to OWASP, CSRF is defined as follows:

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

To help prevent CSRF attacks, you can enable the CSRF filter on your gateway or a specific route. For each route that you apply the CSRF policy to, the filter checks to make sure that a request’s origin matches its destination. If the origin and destination do not match, a 403 Forbidden error code is returned.

Set up CSRF

Monitor CSRF metrics

  1. Port-forward the gateway proxy.

      kubectl port-forward -n gloo-system deploy/gloo-proxy-http 19000
  2. Open the /stats endpoint.

  3. Filter the statistics by csrf as shown in the following image and verify that you see metrics for failed and successful CSRF requests as well as requests that were sent without an origin.