diff options
| author | Alex Balgavy <alex@balgavy.eu> | 2021-03-03 12:21:06 +0100 |
|---|---|---|
| committer | Alex Balgavy <alex@balgavy.eu> | 2021-03-03 12:34:22 +0100 |
| commit | 6b59800dc65fed855ecfdeb9fe40a37807ecfeb9 (patch) | |
| tree | 857f02b3262c3a2101afb05fbd81539748b04c54 /utils | |
| parent | c748fc66cf7c4a4ebfecde61dd683422dd6b3901 (diff) | |
| download | searxng-6b59800dc65fed855ecfdeb9fe40a37807ecfeb9.tar.gz searxng-6b59800dc65fed855ecfdeb9fe40a37807ecfeb9.zip | |
Fix security vulnerabilities in suggested nginx configuration
The suggested configurations for nginx found in the documentation and
templates lead to vulnerabilities allowing host spoofing [1] and path
traversal [2], as reported by Gixy [3]. This commit fixes those issues.
[1] https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md
[2] https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
[3] https://github.com/yandex/gixy
Diffstat (limited to 'utils')
| -rw-r--r-- | utils/templates/etc/nginx/default.apps-available/searx.conf:filtron | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/utils/templates/etc/nginx/default.apps-available/searx.conf:filtron b/utils/templates/etc/nginx/default.apps-available/searx.conf:filtron index d3137e42d..a89aa38b3 100644 --- a/utils/templates/etc/nginx/default.apps-available/searx.conf:filtron +++ b/utils/templates/etc/nginx/default.apps-available/searx.conf:filtron @@ -3,7 +3,7 @@ location ${SEARX_URL_PATH} { proxy_pass http://127.0.0.1:4004/; - proxy_set_header Host \$http_host; + proxy_set_header Host \$host; proxy_set_header Connection \$http_connection; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; @@ -11,6 +11,6 @@ location ${SEARX_URL_PATH} { proxy_set_header X-Script-Name ${SEARX_URL_PATH}; } -location ${SEARX_URL_PATH}/static { - alias ${SEARX_SRC}/searx/static; +location ${SEARX_URL_PATH}/static/ { + alias ${SEARX_SRC}/searx/static/; } |