diff --git a/lhc_web/modules/lhaudit/configuration.php b/lhc_web/modules/lhaudit/configuration.php
index d90131d366..a4b68ce03f 100644
--- a/lhc_web/modules/lhaudit/configuration.php
+++ b/lhc_web/modules/lhaudit/configuration.php
@@ -7,6 +7,11 @@
 
 if ( isset($_POST['StoreOptions']) ) {
 
+    if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
+        erLhcoreClassModule::redirect();
+        exit;
+    }
+    
     $definition = array(
         'days_log' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'int'),
         'log_js' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'boolean'),