You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modules-dev@httpd.apache.org by Minhaz A V <mi...@gmail.com> on 2014/07/10 22:04:46 UTC
Need Help with apache module
Hi,
I'm working on OWASP CSRF Protector Project a part of which intends to
provide mitigation against CSRF using an Apache module. I'm currently
writing an Apache 2.2 module, and most of it has been covered, while I'm
finding difficulty with few. It would be very kind if you could give me a
helping hand:
I'm facing difficulty with:
1. I need to clear the POST & GET arguments, as an action in case CSRF
is observed. I could implement it for GET request easily however I could
not figure out same for POST.
2. *mod_csrfprotector *(name of mod) uses output filter to append
content to o/p generated by content generator. However I'm unable to set
Content-Length header in the same filter. It appears not to be set by then.
Its sent as chunked to browser.
3. I need to store tokens in server for validation, for which we are
considering to use SQLite or memcached, I'd like to know your views on this.
Git repo of the project: https://github.com/mebjas/mod_csrfprotector
<https://github.com/mebjas/mod_csrfprotector>, Contributions & feedback are
welcome :)
Kind Regards,
Minhaz,
minhaz.cistoner.org