- WSO2 Documentation
- Downloads
- Training
-
Unknown macro: {search-box}
The following sections describe the impact of the CRLF attack and the approaches you can use to mitigate it.
Carraige Return Line Feed (CRLF) attacks are also known as HTTP Response Splitting. The carriage return can be represented as CR, ASCII 13 or r which feeds out one line, and line feed as LF, ASCII 10 or n which starts a new line. If an attacker injects a malicious CRLF sequence into an HTTP stream when a user manages to submit a CRLF into an application, the attacker will gain malicious control on the way a web application functions.
You can use the following approach to mitigate CSRF attacks.
The CRLF Filter sanitizes CR & LF characters in response headers and appenders to sanitize them in logging messages.
<PRODUCT_HOME>/repository/conf/tomcat/carbon/WEB-INF/
web.xml
file.<WEB_APP_HOME>/
WEB-INF/web.xml
file.<web-app> ... <filter> <filter-name>CRLFPreventionFilter</filter-name> <filter-class>org.wso2.carbon.ui.filters.CRLFPreventionFilter</filter-class> </filter> <filter-mapping> <filter-name>CRLFPreventionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> ... <web-app>
Add the following configuration within the <Security>
element of the <PRODUCT_HOME>/repository/conf/
carbon.xml
file.
<Server> ... <Security> ... <CRLFPreventionConfig> <Enabled>true</Enabled> </CRLFPreventionConfig> ... </Security> ... </Server>