You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modules-dev@httpd.apache.org by Minhaz A V <mi...@gmail.com> on 2014/07/10 22:04:46 UTC

Need Help with apache module

Hi,
I'm working on OWASP CSRF Protector Project a part of which intends to
provide mitigation against CSRF using an Apache module. I'm currently
writing an Apache 2.2 module, and most of it has been covered, while I'm
finding difficulty with few. It would be very kind if you could give me a
helping hand:
I'm facing difficulty with:

   1.  I need to clear the POST & GET arguments, as an action in case CSRF
   is observed. I could implement it for GET request easily however I could
   not figure out same for POST.
   2.  *mod_csrfprotector *(name of mod) uses output filter to append
   content to o/p generated by content generator. However I'm unable to set
   Content-Length header in the same filter. It appears not to be set by then.
   Its sent as chunked to browser.
   3. I need to store tokens in server for validation, for which we are
   considering to use SQLite or memcached, I'd like to know your views on this.

Git repo of the project: https://github.com/mebjas/mod_csrfprotector
<https://github.com/mebjas/mod_csrfprotector>, Contributions & feedback are
welcome :)

Kind Regards,
Minhaz,
minhaz.cistoner.org