NAME

App::HTTP_Proxy_IMP::IMP::CSRFprotect - IMP plugin against CSRF attacks

DESCRIPTION

This plugin attempts to block malicious cross-site requests (CSRF), by removing session credentials (Cookie, Cookie2 and Authorization header) from the request, if the origin of the request is not known or not trusted. The origin is determined by checking the Origin or the Referer HTTP-header of the request.

An origin O is considered trusted to issue a cross-site request to target T, if

  • O is the same as T

  • O and T share the same root domain (which should not be a public suffix)

  • there was an earlier delegation from T to O

Delegation from T to O means, that

  • a POST request to target O with origin T

  • or a redirect to O within the HTTP response from T

This module is based on ideas described 2011 in the paper "Automatic and Precise Client-Side Protection against CSRF Attacks" from Philippe De Ryck, Lieven Desmet, Wouter Joosen, and Frank Piessens.

BUGS

This module is a proof of concept.

Contrary to the initial goal, currently no Authorization HTTP header will be removed. While for session authorization with cookies, there is a fallback page on failed authorization, no such page exists for HTTP authorization. Instead the HTTP server will issue again and again "407 authorization required" because the request would still be Cross-Site or No-Site (e.g. no Origin/Referer header) and thus CSRF protection would apply. This would not only stop cross-site accesses to the protected site completly, but also access from bookmarks et. al. (e.g. No-Site request).

Missing essential functionality is the expiring of information about previous delegations after a short time, so that they need to be refreshed before the next cross-site request is allowed.

AUTHOR

Steffen Ullrich <sullr@cpan.org>