Adobe Experience Manager Sites & More

this-that-the-otter · 11/4/23

Is there any legitimate reason a single IP would make hundreds of requests only for /libs/granite/csrf/token.json?

I notice the IP has valid URLs as the referrer but hasn't made any requests for anything other than: /libs/granite/csrf/token.json.

www-access_log:10.xxx.xx.xx x.x.x.x:56601 - - [04/Nov/2023:10:09:42 -0400] "GET /libs/granite/csrf/token.json HTTP/1.1" 200 2 "https://www.foo.com/bar/moose/fee/fi/fo/fum.html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" 1013 321

I see this from time to time.

Thanks!

this-that-the-otter · 11/20/23

The only thing I can think of is maybe these requests are using cached copies of the URL in the referrer and for some reason /libs/granite/csrf/token.json file is being re-requested frequently.

Or, pages in the referrer are sitting open in the user's browser and /libs/granite/csrf/token.json file is being re-requested frequently. I'm interested to hear other theories or know if anyone else sees something similar.

I do notice if I keep a page open in my browser, the /libs/granite/csrf/token.json file is re-requested at a regular frequency.

Adobe Experience Manager Sites & More

Single IP making many requests for "GET /libs/granite/csrf/token.json HTTP/1.1" (Apache Access Logs)

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe