From 020ab44638c3133375687d30c92fb12c097ff88b Mon Sep 17 00:00:00 2001
From: aptalca <aptalca@linuxserver.io>
Date: Fri, 28 May 2021 18:19:22 -0400
Subject: [PATCH] force patch authelia-server.conf

---
 root/etc/cont-init.d/50-config | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config
index 7899748..1f936dd 100644
--- a/root/etc/cont-init.d/50-config
+++ b/root/etc/cont-init.d/50-config
@@ -109,6 +109,11 @@ if ! grep -q '#Removed lua' /config/nginx/nginx.conf; then
     sed -i 's|\tlua_load_resty_core off;|\t#Removed lua. Do not remove this comment|g' /config/nginx/nginx.conf
 fi
 
+# patch authelia-server.conf for CVE-2021-32637
+if ! grep -q "if (\$request_uri ~" /config/nginx/authelia-server.conf; then
+    sed -i '/internal;/a \ \ \ \ if ($request_uri ~ [^a-zA-Z0-9_+-=\\!@$%&*?~.:#'\''\\;\\(\\)\\[\\]]) { return 401; }' /config/nginx/authelia-server.conf
+fi
+
 # copy pre-generated dhparams or generate if needed
 [[ ! -f /config/nginx/dhparams.pem ]] && \
     cp /defaults/dhparams.pem /config/nginx/dhparams.pem