Jump to content

Block Content with CORS for different domains


Recommended Posts

 

I have to revive-ad server on one server, it should display all the content in an iframe on a page on another server...

https://revive.xxx.com → SERVER for AD
https://yyy.com → SERVER To display ads

That is working pretty great and there are no problems. The problem comes to other Origins, it should not display the content on other Origins, we have some problems with scraping someone got the frame URL and is running it over and over again so our click rate is low, and the impression rate is way too high, I changed the "Access-Control-Allow-Origin" header in /www/delivery/afr.php from, "*" to "https://yyy.com" but it did not work It's still available to get the frame on other websites with another origin name.

Is there something I don't get correct? Or are there any other configurations I can do besides just writing it inside the nginx config? My Nginx config looks like that right now.

```
server {
    #listen 80;

    root /home/ploi/xxx.com/;
    server_name xxx.com xxx.com;

    include /etc/nginx/ssl/xxx.com;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    index index.php index.html;

    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    charset utf-8;

    # Ploi Configuration, do not remove!
    include /etc/nginx/ploi/xxx.com/server/*;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    access_log off;
    error_log  /var/log/nginx/xxx.com-error.log error;

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
        if ( $arg_cookie = "false") {
            add_header Set-Cookie "OASZCAP=;Path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT;SameSite=none;Secure;";
            add_header Set-Cookie "OACBLOCK=;Path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT;SameSite=none;Secure;";
            add_header Set-Cookie "OAID=;Path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT;SameSite=none;Secure;";
            add_header Set-Cookie "OASCCAP=;Path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT;SameSite=none;Secure;";
            add_header Set-Cookie "OAZBLOCK=;Path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT;SameSite=none;Secure;";
        }
        try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        fastcgi_buffers 16 16k;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}
```

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...