"Potential Security Breach" triggered with ningx


(Lucho) #1

Hello, im having issues using nginx with FreePBX, on a raspberry, the csrf protections is triggered every time I want to save a form.

The error says my HTTP_REFERER and my current Server, don’t match(?)
The “Suspect link” displayed has an underscore for host, while the html has no domain:
<a href="/admin/config.php?display=advancedsettings">http://_/admin/config.php?display=advancedsettings:81</a>

I verified the POST and the referer looks right:
http://raspi.lan:81/admin/config.php?display=advancedsettings

Also, is it ok for this request to be a 200 reply?


(system) closed #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.