Closed botchedcode closed 1 month ago
Please consider joining our Matrix room for public instance maintainers by joining our Matrix room: https://matrix.to/#/#searxng:matrix.org then pinging @ unixfox, @ dalf and @ mrpaulblack for asking to be invited to the Matrix room. We discuss troubles managing a public instance, sharing some advices (like how to protect against bots), announcing big changes in searxng and more.
SearXNG instance was created by Docker compose using docker.io/searxng/searxng:latest, updated daily by cronjob. I have an A+ grade for HTTPS/TLS at cryptcheck.fr. I also have an A+ grade from Mozilla Observatory for CSP, HSTS, XSS-Protection, etc. Not using trackers (nothing was found by uBlock Origin, uMatrix, Privacy Badger and Malwarebytes Browser Guard.
Hi @botchedcode, first access to http://search.charliewhiskey.net/config redirects to an invalid URL https://search.charliewhiskey.netconfig (note the slash and TLD). Please setup HTTP to HTTPS correctly.
Hi @ononoki1, I was a little confused by your information and was unable to recreate it in my own home. I tested it several times in different ways, but the forwarding always led me to the correct destination address without exception.
I just found out: it works perfectly with the Vivaldi browser (Chromium-based), it also works perfectly with Firefox. Under Linux as well as under Windows.
I first had to use Google Chrome and Microsoft Edge to reproduce the problem. I normally avoid both browsers as a matter of principle. Surprise: Chrome and Edge show the behaviour you reported, but Vivaldi and Firefox do not. I have never seen this before.
I have now adjusted the configuration of my Apache reverse proxy so that it also works with Chrome and Edge.
Please try again.
I was a little confused by your information and was unable to recreate it in my own home. I tested it several times in different ways, but the forwarding always led me to the correct destination address without exception.
Your site uses HSTS (the Strict-Transport-Security header), which will make browser always use HTTPS after first access via HTTPS. So when visiting http://search.charliewhiskey.net/config, the browser will rewrite the URL to https://search.charliewhiskey.net/config internally without sending request to server. That's also why you can only reproduce the wrong redirection on a new browser.
Requirements (make sure to read all of them)
check.searx.space
to check my instance (every 3 hours for the response times, every 24 hours for the other tests).Bot protection requirement
server.public_instance
parameter.Source code URL
No response
Comment
No response