The rules were optimized as usual and again – they haven’t grown but become even smaller for better performance. Altogether the rules decreased their size by 937 bytes. The converter was optimized too and many smaller bugs were fixed.

You can find the fresh packages here as usual. Again – no API changes so updating should work like a charm.

Also we have continued working on our sister project – the CSRFx. Now this system is even more capable in dealing with invalid markup to protect and AJAX requests. Also JSON wrapped markup can now be secured with the token cloud of the CSRFx so maybe you like to check out the sources and give it try.

We appreciate your feedback and if you happen to have any problems during installation or usage feel free to ask us in our forum.

The tool gives the developer the chance to define request patterns which should be protected against CSRF. Also there’s the possibility to define request patterns which shouldn’t be protected to cover ranges like example.com/admin/whatever.

The implementation process is pretty easy. You just have to create a configuration file for your application (an example file for CakePHP is bundled, more will follow soon), define the request patterns, create the necessary database table, include the files First.php and Last.php via auto_prepend_file/auto_append_file and that’s it. You can of course also use your index.php for inclusion if that’s possible. We are already testing the tool on several live applications – so we can guarantee pretty good stability already.

If you’d like to play with it just grab the sources. Comments, Questions and contributions are heavily appreciated as usual. Have fun!