error CSRF ATTACK

Question

Hi,

I have OCS installed in version 2.1.2 and all menus work normally, except when I click on "search with various criteria" the error occurs:

CSRF ATTACK !!!

In the apache error log (/ var / log / httpd / error_log) nothing appears and I have already raised the log level to "debug" for maximum detail, but it does not show anything.

In the access log (/ var / log / httpd / access_log) shows:

10.17.228.56 - - [10 / Apr / 2019: 16: 16: 55 -0300] "GET /ocsreports/index.php?function=visu_search HTTP / 1.1" 200 16220 "http://10.17.228.255/ocsreports/index .php? function = visu_search "" Mozilla / 5.0 (Windows NT 6.1; WOW64; rv: 51.0) Gecko / 20100101 Firefox / 51.0 "

10.17.228.56 - - [10 / Apr / 2019: 16: 16: 57 -0300] "POST /ocsreports/index.php?function=visu_search HTTP / 1.1" 200 11534 "http://10.17.228.255/ocsreports/index .php? function = visu_search "" Mozilla / 5.0 (Windows NT 6.1; WOW64; rv: 51.0) Gecko / 20100101 Firefox / 51.0 "

I have already increased the parameters in "/etc/httpd/conf.d/ocsinventory-reports.conf"

    php_value post_max_size 1001m

    php_value upload_max_filesize 1000m

And in "/etc/php.ini"

    post_max_size = 1001M

    upload_max_filesize = 1000M

Is there another way to view the error log?

Tks!!

Answer 1

Hi,

ocs 2.1.2 is tooold and no more supported. Please upgrade to latest version.

Regards

Frank

Answer 2

Hi Frank, thanks for the reply, but the problem is that I have another server installed by another analyst, who no longer works in the company, in another company building and uses the same version 2.1.2. And the "search with various criteria" does not occur errors, as printed in the appendix. 

I have already compared the files and permissions of apache and php conf and everything is the same. 

As I previously reported in the apache error log the error does not appear, even in debug mode.