通过nginx配置从前端解决cros漏洞

原创

li371573016 2022-09-27 18:01:24 博主文章分类：nginx ©著作权

文章标签 html nginx 文章分类 运维

©著作权归作者所有：来自51CTO博客作者li371573016的原创作品，请联系作者获取转载授权，否则将追究法律责任

#user  nobody;

worker_processes  1;

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info;


#pid        logs/nginx.pid;



events {

    worker_connections  1024;

}



http {

    include       mime.types;

    default_type  application/octet-stream;


    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

    #                  '$status $body_bytes_sent "$http_referer" '

    #                  '"$http_user_agent" "$http_x_forwarded_for"';


    #access_log  logs/access.log  main;

    server_tokens off;

    sendfile        on;

    #tcp_nopush     on;


    #keepalive_timeout  0;

    keepalive_timeout  65;


    #gzip  on;


   # 在http段使用map限制域名，允许得设置变量为1，其他禁止访问设置为0  
    map $http_origin $allow_cros {

      "~^(https?://(xx.test.com)?)$" 1;

      "~^(http?://(x.x.x.x:8080)?)$" 1;

      "~^\s" 1;

      "~*" 0;

    }


    server {

        listen       8080;

        server_name  localhost;


        #charset koi8-r;


        #access_log  logs/host.access.log  main;


   # 在server段将禁止访问域直接返回403

    if ($allow_cros = 0) {

         return 403;

         }  

        location / {

            root   /usr/local/nginx/html;

            index  index.html index.htm;

        }

        location /api/ {

        proxy_pass         http://x.x.x.x:9000/;                                
        proxy_set_header   Host             $host;                      
        proxy_set_header   X-Real-IP        $remote_addr;                  
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;  
        }


        #error_page  404              /404.html;


        # redirect server error pages to the static page /50x.html

        #

    }

}