使用Nginx作为代理传递时Apache Openmeetings 5.0.0-M2 CSRF攻击
当我使用nginx时,我在openmeeting 5.0.0-M2中登录时遇到400个错误 我的nginx配置如下:使用Nginx作为代理传递时Apache Openmeetings 5.0.0-M2 CSRF攻击,nginx,wicket,openmeetings,Nginx,Wicket,Openmeetings,当我使用nginx时,我在openmeeting 5.0.0-M2中登录时遇到400个错误 我的nginx配置如下: server { listen 443 ssl; ssl on; ssl_certificate path_to_certificate; ssl_certificate_key path_to_key; server_name myservername; location /openmeetings/ { proxy_pass http://127.
server {
listen 443 ssl;
ssl on;
ssl_certificate path_to_certificate;
ssl_certificate_key path_to_key;
server_name myservername;
location /openmeetings/ {
proxy_pass http://127.0.0.1:5080/openmeetings/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer 'http://$host/openmeetings/';
proxy_set_header X-Real-IP $remote_addr;
}
}
我的日志文件:
CsrfPreventionRequestCycleListener:779 [nio-5080-exec-4]ESC[0;39m - Possible CSRF attack, request URL:
http://ocean.paramatrix.com/openmeetings/wicket/bookmarkable/org.apache.openmee
tings.web.pages.HashPage, Origin: https://ocean.paramatrix.com, action: aborted
with error 400 Origin does not correspond to request
虽然这在firefox浏览器上可以正常工作,但在chrome浏览器上却不行
有人知道我还需要做什么配置吗?非常感谢您的帮助。请尝试将Referer标题设置为HTTPS:
proxy_set_header Referer 'https://$ho....
Openmeetings使用ssl本身和5443端口运行。 你应该试试这个:
proxy\u passhttp://127.0.0.1:5443/openmeetings/;代码>