Table of Contents maxLevel 3
Carraige Return Line Feed (CRLF) attacks are also known as HTTP Response Splitting. The carriage return can be represented as CR, ASCII 13 or r which feeds out one line, and line feed as LF, ASCII 10 or n which starts a new line. If an attacker injects a malicious CRLF sequence into an HTTP stream when a user manages to submit a CRLF into an application, the attacker will gain malicious control on the way a web application functions.
You can use the following approach to mitigate CSRF attacks.
The CRLF Filter sanitizes CR & LF characters in response headers and appenders to sanitize them in logging messages.
<web-app> ... <filter> <filter-name>CRLFPreventionFilter</filter-name> <filter-class>org.wso2.carbon.ui.filters.CRLFPreventionFilter</filter-class> </filter> <filter-mapping> <filter-name>CRLFPreventionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> ... <web-app>
Add the following configuration within the
<Security> element of the
<Server> ... <Security> ... <CRLFPreventionConfig> <Enabled>true</Enabled> </CRLFPreventionConfig> ... </Security> ... </Server>