Expand my Community achievements bar.

Single IP making many requests for "GET /libs/granite/csrf/token.json HTTP/1.1" (Apache Access Logs)


Level 4

Is there any legitimate reason a single IP would make hundreds of  requests only for /libs/granite/csrf/token.json?

I notice the IP has valid URLs as the referrer but hasn't made any requests for anything other than: /libs/granite/csrf/token.json.


www-access_log:10.xxx.xx.xx x.x.x.x:56601 - - [04/Nov/2023:10:09:42 -0400] "GET /libs/granite/csrf/token.json HTTP/1.1" 200 2 "https://www.foo.com/bar/moose/fee/fi/fo/fum.html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" 1013 321


I see this from time to time.


1 Reply


Level 4

The only thing I can think of is maybe these requests are using cached copies of the URL in the referrer and for some reason /libs/granite/csrf/token.json file is being re-requested frequently.

Or, pages in the referrer are sitting open in the user's browser and /libs/granite/csrf/token.json file is being re-requested frequently. I'm interested to hear other theories or know if anyone else sees something similar.

I do notice if I keep a page open in my browser, the /libs/granite/csrf/token.json file is re-requested at a regular frequency.