1
0
mirror of https://github.com/searxng/searxng.git synced 2024-11-05 12:50:11 +01:00
searxng/docs/admin
Alex Balgavy 6b59800dc6 Fix security vulnerabilities in suggested nginx configuration
The suggested configurations for nginx found in the documentation and
templates lead to vulnerabilities allowing host spoofing [1] and path
traversal [2], as reported by Gixy [3]. This commit fixes those issues.

[1] https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md
[2] https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
[3] https://github.com/yandex/gixy
2021-03-03 12:34:22 +01:00
..
engines Add recoll engine (#2325) 2020-11-30 08:35:15 +01:00
api.rst doc: proofread of the all reST sources (no content change) 2019-12-12 19:20:56 +01:00
arch_public.dot [fix] migration from github.com/asciimoo/searx to github.com/searx/searx : fix URLs 2020-09-28 16:44:14 +02:00
architecture.rst docs: proofreading of all the installation topics 2020-04-09 15:04:23 +02:00
buildhosts.rst [mod] documentations & comments: update http://* URL to https://*. 2020-12-04 16:52:25 +01:00
engines.rst [mod] documentation: change the jinja context doesn't depend on searx.webapp 2020-12-27 10:00:35 +01:00
filtron.rst Fix security vulnerabilities in suggested nginx configuration 2021-03-03 12:34:22 +01:00
index.rst docs: generic documentation from the installation scripts 2020-03-02 19:00:19 +01:00
installation-apache.rst [doc] improve admin-docs about result proxy (morty) configuration 2021-01-27 09:58:06 +01:00
installation-docker.rst [fix] migration from github.com/asciimoo/searx to github.com/searx/searx : fix URLs 2020-09-28 16:44:14 +02:00
installation-nginx.rst Fix security vulnerabilities in suggested nginx configuration 2021-03-03 12:34:22 +01:00
installation-searx.rst [mod] improve settings documentation 2021-01-11 22:12:38 +01:00
installation-uwsgi.rst [fix] markup of auto generated installation instruction (uWSGI part) 2020-06-24 15:15:15 +02:00
installation.rst [mod] move brand options from Makefile to settings.yml 2021-01-11 22:12:38 +01:00
morty.rst [doc] improve admin-docs about result proxy (morty) configuration 2021-01-27 09:58:06 +01:00
plugins.rst [mod] documentation: change the jinja context doesn't depend on searx.webapp 2020-12-27 10:00:35 +01:00
settings.rst [mod] improve settings documentation 2021-01-11 22:12:38 +01:00
update-searx.rst docs: generic documentation from the installation scripts 2020-03-02 19:00:19 +01:00