pt844 Posted May 15 Report Posted May 15 I have to revive-ad server on one server, it should display all the content in an iframe on a page on another server... https://revive.xxx.com → SERVER for AD https://yyy.com → SERVER To display ads That is working pretty great and there are no problems. The problem comes to other Origins, it should not display the content on other Origins, we have some problems with scraping someone got the frame URL and is running it over and over again so our click rate is low, and the impression rate is way too high, I changed the "Access-Control-Allow-Origin" header in /www/delivery/afr.php from, "*" to "https://yyy.com" but it did not work It's still available to get the frame on other websites with another origin name. Is there something I don't get correct? Or are there any other configurations I can do besides just writing it inside the nginx config? My Nginx config looks like that right now. ``` server { #listen 80; root /home/ploi/xxx.com/; server_name xxx.com xxx.com; include /etc/nginx/ssl/xxx.com; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparams.pem; index index.php index.html; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; charset utf-8; # Ploi Configuration, do not remove! include /etc/nginx/ploi/xxx.com/server/*; location / { try_files $uri $uri/ /index.php?$query_string; } access_log off; error_log /var/log/nginx/xxx.com-error.log error; location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } error_page 404 /index.php; location ~ \.php$ { if ( $arg_cookie = "false") { add_header Set-Cookie "OASZCAP=;Path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT;SameSite=none;Secure;"; add_header Set-Cookie "OACBLOCK=;Path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT;SameSite=none;Secure;"; add_header Set-Cookie "OAID=;Path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT;SameSite=none;Secure;"; add_header Set-Cookie "OASCCAP=;Path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT;SameSite=none;Secure;"; add_header Set-Cookie "OAZBLOCK=;Path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT;SameSite=none;Secure;"; } try_files $uri /index.php =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_buffers 16 16k; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ /\.(?!well-known).* { deny all; } } ``` Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.