EdgeNext
Documentation home

EdgeNext Documentation

Product guides, setup instructions, and technical references.

Security CDN

CSRF Protection

CSRF Protection defends against Cross-Site Request Forgery attacks, protecting users from being tricked into unauthorized operations during login sessions, especially for sensitive interfaces such as account changes, payments, and order submissions.

Configuration Description

Setting Description
Enable/Disable Enables or disables the CSRF Protection feature. When disabled, no cross-site request validation will be performed.
Protection Mode Two modes are available:
Block: Suspicious requests are immediately blocked, and a custom interception page is returned with status code 462.
Observe: Logs suspicious requests without blocking them. Suitable for testing and policy evaluation.
Protected Paths Specifies the paths where CSRF validation should be enforced.
Formatting Rules:
Must start with /
One path per line
Max 128 characters per line
Leave blank to match all paths
Exempted Paths Defines the paths that are exempt from CSRF validation, typically used for static resources or public APIs.
Formatting Rules:
Must start with /
One path per line
Max 128 characters per line
Exempted paths take precedence over protected paths

Operation Guide

  1. Log in to the Security CDN Console.

  2. In the left navigation panel, go to Security, then click Web Security to access the Global Security Policy page.

  3. Scroll down to the Vulnerability and Intrusion Protection – CSRF Protection module.

    CSRF防护1.png

  4. Toggle the switch to open the CSRF Protection settings dialog.

    CSRF防护2.png

  5. Configure the settings according to the description above.

    CSRF防护3.png

  6. Click Save to apply the CSRF protection policy under the Global Security Policy.

Need help? Contact our support team at support@edgenext.com.

Back to documentation home