Saying this just looking at the error. This could be probably due to ur nginx config request comes to esb has two '/'s which causes to not to match the path for csrf whitelisted paths in carbon.xml. You can check this by directly accessing ESB I guess. If this is the case you can either add your list to carbon.xml or you can remove it from nginx config.
Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Thu, Sep 1, 2016 at 3:59 PM, Jithendra Sirimanne <[email protected]> wrote: > Hi, > > I have configured fresh ESB pack with Nginx reverse proxy. Now when I try > to log into ESB console I get a "Error 403 - Forbidden". In the carbon log > it shows > > TID: [-1234] [] [2016-09-01 15:46:17,417] WARN > {org.owasp.csrfguard.log.JavaLogger} > - potential cross-site request forgery (CSRF) attack thwarted > (user:<anonymous>, ip:127.0.0.1, method:POST, > uri:/carbon//admin/js/csrfPrevention.js, > error:required token is missing from the request) {org.owasp.csrfguard.log. > JavaLogger} > TID: [-1234] [] [2016-09-01 15:46:21,821] WARN > {org.owasp.csrfguard.log.JavaLogger} > - potential cross-site request forgery (CSRF) attack thwarted > (user:<anonymous>, ip:127.0.0.1, method:POST, > uri:/carbon//admin/login_action.jsp, > error:required token is missing from the request) {org.owasp.csrfguard.log. > JavaLogger} > > Any ideas to fix this? > > Best Regards > Jithendra > > -- > Jithendra Sirimanne > *Systems Engineer* > Mobile: +94 (0) 716 374696 <+94+(0)+716+374696> > Tel : +94 112 145 345 > Email : [email protected] > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
