Module Directives :
– Enables or disables the module on a per server or location basis. Default is ‘on’.
– mod_csrf may deny requests whose HTTP Host and Referer header do not contain the very same hostname. This referer header check is enabled by default.
– Defines the action to take when a request does violates the configured rules. Default is ‘deny’.
– Used for to encrypt the mod_csrf request id. Default is a non-persistent random passphrase.