Forbidden Invalid CSRF Token +monit

Question

I have installed monit on AWS ec2 and it working fine. But when I try to restart the nginx service through monit UI,i got an error like "Forbidden Invalid CSRF Token +monit".

My configuration

check process nginx with pidfile /var/run/nginx.pid
   start program = "/etc/init.d/mysql start"
   stop program = "/etc/init.d/mysql stop"

score 4 · Answer 1 · answered Jan 08 '19 at 07:58

4

monit implement double-submit cookie pattern to protect from csrf attacks, it send a cookie called securitytoken with post requests, but up to (at least) version 1.20 didn't take into account the presence of other cookies before the one mentioned.

Beside upgrading to a newer version where it should be fixed there's a simple workaround, just delete the other cookies using the browser or make securitytoken the first in the list.

answered Jan 08 '19 at 07:58

Alex

141
3

2

Of course, one simple way to get around the cookies problem is to use `incognito` mode or something similar. That worked for me. – Paul Aug 13 '19 at 20:07

Forbidden Invalid CSRF Token +monit

1 Answers1