From 6b59800dc65fed855ecfdeb9fe40a37807ecfeb9 Mon Sep 17 00:00:00 2001
From: Alex Balgavy <alex@balgavy.eu>
Date: Wed, 3 Mar 2021 12:21:06 +0100
Subject: Fix security vulnerabilities in suggested nginx configuration

The suggested configurations for nginx found in the documentation and
templates lead to vulnerabilities allowing host spoofing [1] and path
traversal [2], as reported by Gixy [3]. This commit fixes those issues.

[1] https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md
[2] https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
[3] https://github.com/yandex/gixy
---
 docs/admin/filtron.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'docs/admin/filtron.rst')

diff --git a/docs/admin/filtron.rst b/docs/admin/filtron.rst
index 503a4d51d..41c4a31d6 100644
--- a/docs/admin/filtron.rst
+++ b/docs/admin/filtron.rst
@@ -173,7 +173,7 @@ Use it along with ``nginx`` with the following example configuration.
    location /searx {
        proxy_pass         http://127.0.0.1:4004/;
 
-       proxy_set_header   Host             $http_host;
+       proxy_set_header   Host             $host;
        proxy_set_header   Connection       $http_connection;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
-- 
cgit v1.2.3