forked from zaclys/searxng
6b59800dc6
The suggested configurations for nginx found in the documentation and templates lead to vulnerabilities allowing host spoofing [1] and path traversal [2], as reported by Gixy [3]. This commit fixes those issues. [1] https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md [2] https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md [3] https://github.com/yandex/gixy |
||
---|---|---|
.github | ||
dockerfiles | ||
docs | ||
examples | ||
searx | ||
tests | ||
utils | ||
.codecov.yml | ||
.config.sh | ||
.coveragerc | ||
.dir-locals.el | ||
.dockerignore | ||
.gitattributes | ||
.gitignore | ||
.landscape.yaml | ||
.pylintrc | ||
AUTHORS.rst | ||
CHANGELOG.rst | ||
CONTRIBUTING.md | ||
Dockerfile | ||
LICENSE | ||
Makefile | ||
PULL_REQUEST_TEMPLATE.md | ||
README.rst | ||
babel.cfg | ||
manage.sh | ||
requirements-dev.txt | ||
requirements.txt | ||
setup.py | ||
tox.ini |
README.rst
Privacy-respecting, hackable metasearch engine / pronunciation səːks.
If you are looking for running instances, ready to use, then visit searx.space.
Otherwise jump to the user, admin and developer handbooks you will find on our homepage.