fossilfranv/nginx_docker-swag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
301 Commits 2 Branches 213 Tags 877 KiB
7ffab2f1cb
Commit Graph

301 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gabriel Nagy
7ffab2f1cb
authelia-server.conf: allow pipe character in URI 
The characters in the regex used for mitigating CVE-2021-32637 are not
exhaustive since query strings seem to not always conform to the
RFC3986, this is also mentioned in the security advisory for the CVE.[1]

For example, attempting to delete multiple torrents in the qBittorrent
WebUI results in an URL like the following:

    confirmdeletion.html?hashes=HASH1|HASH2

This URL is valid and parsable by Authelia, but due to the regex it gets
redirected infinitely.

To fix this, also allow pipe characters in the request URI.

[1] https://github.com/authelia/authelia/security/advisories/GHSA-68wm-pfjf-wqp6
 2022-02-16 10:58:12 +02:00
LinuxServer-CI
274369c4ba Bot Updating Package Versions 2022-02-08 19:58:44 +01:00
LinuxServer-CI
7562a1c26a Bot Updating Package Versions 2022-02-03 06:18:15 +01:00
LinuxServer-CI
7d6b5e66c1 Bot Updating Package Versions 2022-01-27 06:19:02 +01:00
LinuxServer-CI
6fde2f5f8f Bot Updating Package Versions 2022-01-20 06:19:07 +01:00
Roxedus
08d0680a0c
Merge pull request #202 from quietsy/master 2022-01-11 08:34:43 +01:00
quietsy
665eace79f Ignore plex unauthorized requests 2022-01-11 09:19:16 +02:00
Roxedus
51d6132d63
Merge pull request #201 from quietsy/master 2022-01-10 19:48:30 +01:00
quietsy
251917b23f Added a fail2ban jail for nginx unauthorized 2022-01-09 17:16:11 +02:00
LinuxServer-CI
bedff470cf Bot Updating Package Versions 2021-12-30 06:19:44 +01:00
driz
84cdf58b66
Merge pull request #196 from linuxserver/ipv6-fix 
replace ip6tables legacy with ip6tables-nft due to missing kernel module
 2021-12-21 17:27:47 -05:00
drizuid
e843b50fc8 replace ip6tables legacy with ip6tables-nft due to missing kernel module 2021-12-21 14:40:37 -05:00
LinuxServer-CI
682689d0fc Bot Updating Package Versions 2021-12-09 06:19:24 +01:00
LinuxServer-CI
29a92e6bf1 Bot Updating Templated Files 2021-12-05 20:41:44 +01:00
Eric Nemchik
119df9f88b
Merge pull request #176 from quietsy/master 
Move maxmind to a new mod
 2021-12-05 13:40:32 -06:00
quietsy
4929672e62 Move maxmind to a new mod 2021-12-04 20:57:16 +02:00
LinuxServer-CI
522fed5d1b Bot Updating Package Versions 2021-12-02 06:19:05 +01:00
LinuxServer-CI
7b2dab1fbf Bot Updating Package Versions 2021-11-25 06:18:49 +01:00
LinuxServer-CI
3b0095bdec Bot Updating Templated Files 2021-11-22 13:52:15 +01:00
aptalca
4989825cb0
Merge pull request #189 from github-cli/master 
add support for infomaniak certbot plugin
 2021-11-22 07:50:55 -05:00
Questionario
96e0fc7838
Update infomaniak.ini 2021-11-22 08:04:05 +01:00
Questionario
6f3a967360
Update 50-config 2021-11-22 07:50:31 +01:00
Questionario
671d51a345
Create infomaniak.ini 2021-11-22 07:46:55 +01:00
Questionario
2a9294a1db
Update readme-vars.yml 2021-11-22 07:44:32 +01:00
Questionario
a001fd849b
Update readme-vars.yml 2021-11-22 07:42:46 +01:00
Questionario
f617df2ba7
Update Dockerfile.armhf 2021-11-22 07:40:54 +01:00
Questionario
0952b6eb3e
Update Dockerfile.aarch64 2021-11-22 07:40:20 +01:00
Questionario
cb5a367323
Update Dockerfile 2021-11-22 07:39:20 +01:00
LinuxServer-CI
df1ba1c60a Bot Updating Package Versions 2021-11-20 18:29:59 +01:00
LinuxServer-CI
5f526e4f89 Bot Updating Templated Files 2021-11-20 18:24:46 +01:00
aptalca
f9090d4a50
Merge pull request #181 from dongshuzhao/dnspod-support 
Add DNSPod support
 2021-11-20 12:23:37 -05:00
aptalca
48f6b00530
Merge branch 'master' into dnspod-support 2021-11-20 12:08:46 -05:00
LinuxServer-CI
146687121e Bot Updating Package Versions 2021-11-18 06:18:16 +01:00
LinuxServer-CI
93ba4f18b1 Bot Updating Package Versions 2021-11-16 14:13:21 +01:00
LinuxServer-CI
ce544dd810 Bot Updating Templated Files 2021-11-16 14:08:24 +01:00
Eric Nemchik
411970a947
Merge pull request #182 from fariszr/master 
add deSEC DNS plugin to certbot
 2021-11-16 07:06:57 -06:00
FarisZR
7ea16018d5 update changelog 2021-11-15 19:10:19 +03:00
fariszr
8a4af00f01
Sort alphabetically. 
Co-authored-by: Eric Nemchik <eric@nemchik.com>
 2021-11-15 19:03:44 +03:00
fariszr
fee6fe9a17
Sorted alphabetically. 
Co-authored-by: Eric Nemchik <eric@nemchik.com>
 2021-11-15 19:03:16 +03:00
dongshuzhao
bf21716886 Update dnspod.ini document address 
resolve linuxserver/docker-swag#98
 2021-11-13 01:04:17 +08:00
FarisZR
0d5f7b24b8 add desec as an option to readme 2021-11-12 16:29:14 +03:00
FarisZR
637ddc29a5 alphabetical order 2021-11-12 16:26:57 +03:00
FarisZR
9b169f5da2 add desec config 2021-11-12 16:22:13 +03:00
FarisZR
71cda1f685 add desec certbot plugin 2021-11-12 16:18:15 +03:00
dongshuzhao
08c23bde51 Add DnsPod support. 
resolve linuxserver/docker-swag#98
 2021-11-12 16:58:47 +08:00
LinuxServer-CI
0109a07cfb Bot Updating Package Versions 2021-11-11 06:18:42 +01:00
LinuxServer-CI
00fde50825 Bot Updating Package Versions 2021-10-27 17:13:43 +02:00
Eric Nemchik
69649d102f
Merge pull request #174 from linuxserver/fix-httpoxy 
Mitigate https://httpoxy.org/ vulnerabilities.
 2021-10-27 10:02:17 -05:00
Eric Nemchik
66a4c1203b Mitigate https://httpoxy.org/ vulnerabilities. 
Ref: https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx#Defeating-the-Attack-using-NGINX-and-NGINX-Plus
 2021-10-26 08:33:36 -05:00
LinuxServer-CI
c40c2bd6e5 Bot Updating Package Versions 2021-10-24 01:20:35 +02:00