-
Notifications
You must be signed in to change notification settings - Fork 1.7k
HTTP Headers: X_FORWARDED_HOST vs HOST #1822
Comments
PS: By the way, just a personal opinion. Stop using apache, it's slow and vulnerable to attacks like slow loris.
|
Good to know /Thanks .. with this in mind: Apache does not overwrite the If no one has a veto I send a PR with the patch. PS: Thanks for your additional hints, but changing the http server isn't a option for me. I have several servers to maintain and I can't see any performance issues in my use cases.BTW I use mod_security (which is truly not the best choice and I have to think about alternatives to mod_security). Again, I never ask about SSL, if you miss the 's' in my questions: I use HTTP without 's' to simplify the test scenarios. In production I often like to use ACME. |
obsolete / done by PR #1803 |
When setting up searx behind a reverse proxy configuration (e.g. filtron). We have to set some HTTP Headers. For Apache I posted my reference site here #1819 (comment) ...
I can speak only for Apache (ngnix might be different): When setting the ProxyPass directive, the needed
X-Forwarded-..
request headers are set implicit, see Reverse Proxy Request Headers.I do not have much experience with HTTP, but I wonder: To work correct, searx also needs the
Host
header fixed to the same value asX-Forwarded-Host
. Is this a bug or a feature?If it is a bug, this would be my patch ..
I tested the patch and for me it works like a charm . But I have a doubt, because my HTTP and Flask experiences is not much.
The text was updated successfully, but these errors were encountered: