Single IP making many requests for "GET /libs/granite/csrf/token.json HTTP/1.1" (Apache Access Logs) | Community
Skip to main content
this-that-the-otter
this-that-the-otter
Level 4
November 4, 2023

Single IP making many requests for "GET /libs/granite/csrf/token.json HTTP/1.1" (Apache Access Logs)

  • November 4, 2023
  • 1 reply
  • 597 views

Is there any legitimate reason a single IP would make hundreds of  requests only for /libs/granite/csrf/token.json?

I notice the IP has valid URLs as the referrer but hasn't made any requests for anything other than: /libs/granite/csrf/token.json.

 

www-access_log:10.xxx.xx.xx x.x.x.x:56601 - - [04/Nov/2023:10:09:42 -0400] "GET /libs/granite/csrf/token.json HTTP/1.1" 200 2 "https://www.foo.com/bar/moose/fee/fi/fo/fum.html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" 1013 321

 

I see this from time to time.

Thanks!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

1 reply

this-that-the-otter
this-that-the-otterAuthor
Level 4
November 20, 2023

The only thing I can think of is maybe these requests are using cached copies of the URL in the referrer and for some reason /libs/granite/csrf/token.json file is being re-requested frequently.

Or, pages in the referrer are sitting open in the user's browser and /libs/granite/csrf/token.json file is being re-requested frequently. I'm interested to hear other theories or know if anyone else sees something similar.

I do notice if I keep a page open in my browser, the /libs/granite/csrf/token.json file is re-requested at a regular frequency.

    Terms & ConditionsAccessibility statement

    Loading footer...