Fix security vulnerabilities in suggested nginx configuration

The suggested configurations for nginx found in the documentation and templates lead to vulnerabilities allowing host spoofing [1] and path traversal [2], as reported by Gixy [3]. This commit fixes those issues. [1] https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md [2] https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md [3] https://github.com/yandex/gixy
2025-12-28 06:30:02 +00:00 · 2021-03-03 12:21:06 +01:00
parent c748fc66cf
commit 6b59800dc6
3 changed files with 12 additions and 12 deletions
--- a/docs/admin/filtron.rst
+++ b/docs/admin/filtron.rst
@@ -173,7 +173,7 @@ Use it along with ``nginx`` with the following example configuration.
   location /searx {
       proxy_pass         http://127.0.0.1:4004/;

-       proxy_set_header   Host             $http_host;
+       proxy_set_header   Host             $host;
       proxy_set_header   Connection       $http_connection;
       proxy_set_header   X-Real-IP        $remote_addr;
       proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;