Good day all trying to install playsms with NGINX on Centos 7.2 and I am getting this message"WARNING: possible CSRF attack. sid: ip:192.168.4.7" which I suppose is good the question is how do I get rid of it ?
theres app in IP 192.168.4.7 that doing HTTP POST to playSMS not in proper way, that is not logged in from web or using webservices
anton
Ok I get it its how I have NGINX setup.
This must be causing it.
server_name sms.nip.it.na;
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ .php$ {
root /home/sms;
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
I have now changed to socket with the same result, anyone used NGINX with playsms ?
New Config.
location ~ .php$ {
root /home/sms;
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
Solved
I have found the problem with CSRF in php.ini I needed the session.save_path = “/var/lib/php/session” set.