Possible cross-site request forgery with IP address


#1

RT has detected a possible cross-site request forgery for this request, because the Referrer header supplied by your browser (10.x.x.x:80) is not allowed by RT’s configured hostname (127.0.0.1:80) or whitelisted hosts (localhost:80,10.x.x.x:80). A malicious attacker may be trying to perform actions on your behalf. If you did not initiate this request, then you should alert your security team.

I added the following:
Set(@ReferrerWhitelist,qw(localhost:80,10.x.x.x:80));

To this file:
opt/rt4/etc/RT_SiteConfig.pm

I also tried this one:
Set(@ReferrerWhitelist,qw(localhost:80,127.0.0.1:80));

I rebooted the server

I also tried adding both of them at the same time

None of these solved my issue

Any suggestions?
Thank you!


#2

if you’re using qw then you should be separating things with spaces.
I.e. both of these are valid:
Set(@ReferrerWhitelist,qw(localhost:80 127.0.0.1:80));
Set(@ReferrerWhitelist,(‘localhost:80’,‘127.0.0.1:80’));


#3

thank you for the easy fix