nginx配置CSRF漏洞

       location ^~ /xxx-api/ {
            valid_referers none 124.133.xx.xx;
            if ($invalid_referer){
              return 403;
            }
            client_max_body_size 20m;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://xxx:xxx/;
        } 

valid_referers none referers代表可以不设置referers来进行访问
设置后端代理时,建议设置为none
设置前端代理时,建议打开

valid_referers blocked 
referers字段值不带有http或者 https不建议设置

valid_referers 124.133.xx.xx 124.133.xx.xx:80; 
referers字段值为124.133.xx.xx 124.133.xx.xx:80可以访问

老文章测试参考:nginx防盗链设置