searxngRebrandZaclys/utils
Alex Balgavy 6b59800dc6 Fix security vulnerabilities in suggested nginx configuration
The suggested configurations for nginx found in the documentation and
templates lead to vulnerabilities allowing host spoofing [1] and path
traversal [2], as reported by Gixy [3]. This commit fixes those issues.

[1] https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md
[2] https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
[3] https://github.com/yandex/gixy
2021-03-03 12:34:22 +01:00
..
site-python docs: building (PDF) books / build user book 2020-03-21 18:45:38 +01:00
templates Fix security vulnerabilities in suggested nginx configuration 2021-03-03 12:34:22 +01:00
brand.env [mod] move brand options from Makefile to settings.yml 2021-01-11 22:12:38 +01:00
build_env.py [fix] utils/build_env.py: make sure to always use searx/settings.yml 2021-01-11 22:59:35 +01:00
fetch_ahmia_blacklist.py add Ahmia filter plugin for onion results 2020-10-25 17:59:43 -07:00
fetch_currencies.py [mod] update currencies.json and fetch_currencies.py 2021-02-23 16:42:28 +01:00
fetch_engine_descriptions.py [enh] engines: add about variable 2021-01-14 20:57:17 +01:00
fetch_external_bangs.py [mod] add utils/fetch_external_bangs.py 2021-02-24 18:48:36 +01:00
fetch_firefox_version.py Drop Python 2 (1/n): remove unicode string and url_utils 2020-09-10 10:39:04 +02:00
fetch_languages.py remove articles number from engines_languages.json 2021-02-25 23:54:21 -07:00
fetch_wikidata_units.py [mod] update wikidata_units.json and fetch_wikidata_units.py 2021-02-23 13:10:38 +01:00
filtron.sh Utility scripts adapted to run on CentOS 7 (#2112) 2020-08-01 22:12:44 +02:00
google_search.py [enh] standalone_seax.py is a command line interface to searx with JSON output. 2017-01-04 14:14:01 +01:00
lib.sh [fix] remove Ubuntu 19.10 from the LXC suite (EOL) 2021-01-02 17:23:18 +01:00
lxc-searx.env [mod] add Ubuntu 20.10 image to the LXC suite 2021-01-02 17:27:16 +01:00
lxc.sh [fix] lxc.sh - SC2034: ubu2010_boilerplate appears unused. 2021-01-24 08:29:13 +01:00
makefile.include [mod] LXC_ENV_FOLDER moved from ./lxc to ./lxc-env 2020-12-26 11:43:18 +01:00
makefile.lxc [mod] LXC_ENV_FOLDER moved from ./lxc to ./lxc-env 2020-12-26 11:43:18 +01:00
makefile.python [fix] re-add 'pip-exe' target - partial revert 9b48ae47 2021-02-01 16:58:04 +01:00
makefile.sphinx [mod] CI: minor changes 2021-02-02 08:53:57 +01:00
morty.sh Utility scripts adapted to run on CentOS 7 (#2112) 2020-08-01 22:12:44 +02:00
searx.sh [mod] checker : replace pycld3 by langdetect 2021-01-19 21:26:04 +01:00
standalone_searx.py [mod] check secret_key when searx.webapp is imported 2020-12-27 10:30:20 +01:00
update-translations.sh handle input carefully in shell scripts 2017-10-06 21:00:22 +02:00