fix: Correct web search filter logic to consistently block filtered domains#19670
Merged
tjbck merged 2 commits intoopen-webui:devfrom Dec 2, 2025
Merged
fix: Correct web search filter logic to consistently block filtered domains#19670tjbck merged 2 commits intoopen-webui:devfrom
tjbck merged 2 commits intoopen-webui:devfrom
Conversation
👋 Welcome and Thank You for Contributing!We appreciate you taking the time to submit a pull request to Open WebUI!
|
Contributor
Author
|
Here are some videos of my tests. Note the logs confirm the results were blocked/allowed as appropriate (and the search didn't just happen to return results that fit the filtering). Testing of allow list only: Testing of block list only: Testing of allow + block: |
Contributor
|
Thanks! |
puffinjiang
pushed a commit
to puffinjiang/open-webui
that referenced
this pull request
Dec 9, 2025
Co-authored-by: Tim Baek <[email protected]>
lentiann
added a commit
to ZalaziumGmbh/anox
that referenced
this pull request
Dec 9, 2025
* refac * refac * fix(i18n): correct Thai translation in sidebar (open-webui#19363) * Update translation.json (open-webui#19364) * refac * refac * fix: translation * refac: search chat postgres * fix(i18n): comprehensive revision and improvement of all Thai translations across the app (open-webui#19377) * Update translation.json (pt-BR) (open-webui#19384) new translations of the newly added items * refac/fix: chat search null byte filter * refac: clean null bytes on load * perf: 50x performance improvement for external embeddings (open-webui#19296) * Update utils.py (open-webui#77) Co-authored-by: Claude <[email protected]> * refactor: address code review feedback for embedding performance improvements (open-webui#92) Co-authored-by: Claude <[email protected]> * fix: prevent sentence transformers from blocking async event loop (open-webui#95) Co-authored-by: Claude <[email protected]> --------- Co-authored-by: Claude <[email protected]> * refac * refac * refac: models workspace optimization * feat/enh: move chats in folder on delete Co-Authored-By: expruc <[email protected]> * refac: rm folder id on chat archive * chore (open-webui#19389) * Upd:i18n es-ES_Spanish Translation_v0.6.37 (open-webui#19388) * Upd:i18n es-ES_Spanish Translation_v0.6.37 ### es-ES Spanish Translation v0.6.37 Added new strings. * Corrected string * refac * refac * refac * refac * chore: user header forward minimize code changes throughout codebase (open-webui#19392) * Update external.py * remove unused imports * Update ollama.py * Update ollama.py * Update ollama.py * Update openai.py * chore: google-genai bump * chore: Update README (open-webui#19398) * refac: disable single tilde * refac: sources and citations * refac * refac * enh: group members selector * refac * fix: kokorojs tts * refac * refac * refac/fix: refresh folder chat list * refac: folder page chat list * chore: format * refac * chore: CHANGELOG 0.6.37 (open-webui#19126) * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * refac * refac * refac: styling * refac: prompt suggestions component Co-Authored-By: Classic298 <[email protected]> * refac * refac * refac: styling * chore: format * refac: styling * refac * refac: styling * refac * chore: format * i18n: improve Chinese translation * fix: hybrid search * fix * refac/fix: oauth * fix: tool server save error handling * chore: bump * doc: changelog * Update docker-build.yaml * refac * Update translation.json (pt-BR) New translations of the items added in the latest version. * fix: "No connection adapters were found" routers/images.py (open-webui#19435) * Update knowledge.py (open-webui#19434) * refac/fix: db operations * Update translation.json (open-webui#19445) Co-authored-by: Tim Baek <[email protected]> * refac/breaking: docling params * fix: inline citations * refac/fix: group member user list * feat/enh: async embedding processing setting Co-Authored-By: Classic298 <[email protected]> * refac * feat/enh: tool server function name filter list * refac * refac: styling * feat/enh: show user count in channels * fix: ENABLE_CHAT_RESPONSE_BASE64_IMAGE_URL_CONVERSION env var * refac * feat: user list in channels * chore: version bump * refac * refac: styling * chore: add chardet (open-webui#19458) * Update pyproject.toml * Update requirements-min.txt * Update requirements.txt * Update requirements-min.txt * Update requirements.txt * Update pyproject.toml * refac * refac * refac * fix: i18n * chore: format * CHANGELOG: 0.6.39 (open-webui#19446) * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * refac/enh: copy formatted table * doc: changelog * fix: changelog * fix: postgres user list issue * chore: bump * chore: bump python-socketio==5.14.0 * Update CHANGELOG.md (open-webui#19463) * Update CHANGELOG.md * Update CHANGELOG.md * refac: channel user list order by * fix/refac: workspace shared model list * Merge pull request open-webui#19464 from aleixdorca/dev i18n: Update Catalan translation.json * fix: user preview profile image * refac/fix: function name filter type * refac * refac * fix: update dependency to prevent rediss:// failure (open-webui#19488) * Update pyproject.toml * Update requirements.txt * Update requirements-min.txt * i18n: de-de (open-webui#19471) * fix: async save docs to vector db * chore: dep bump pypdf to ver 6.4.0 (open-webui#19508) * Update pyproject.toml * Update requirements.txt * chore: Update pymilvus dep (open-webui#19507) * Update requirements.txt * Update pyproject.toml * chore: update transformers dependency to fix issue open-webui#19512 (open-webui#19513) * Update pyproject.toml * Update requirements.txt * Update requirements.txt * Update pyproject.toml * feat: also consider OAUTH_ROLES_SEPARATOR for string claims themselves (open-webui#19514) * i18n: improve Chinese translation (open-webui#19497) * refac * refac * refac/enh: knowledge base name on icon hover * refac/enh: drop profile_image_url field in responses * fix: correct role check on OAuth login (open-webui#19476) When a users role is switched from admin to user in the OAuth provider their groups are not correctly updated when ENABLE_OAUTH_GROUP_MANAGEMENT is enabled. * enh/feat: toggle folders & user perm * refac * fix: button without type (open-webui#19534) * refac: chat history data structure * enh: redis dict for internal models state Co-Authored-By: cw.a <[email protected]> * Update catalan translation.json (open-webui#19536) * feat/enh: channels unread messages count * refac/fix: files batch/add endpoint * feat/enh: group export endpoint * refac: hide channel add button for users * refac * refac * refac * feat: dm channels * refac * refac * refac * refac * chore: format * refac * refac * refac: styling * refac * Update french translation.json (open-webui#19547) * refac: db * refac * refac: rm print * refac * refac/fix: db migration issue * refac: hide active user count in sidebar user menu * refac: profile preview * enh: dm active user indicator * refac: styling * refac: user table db migration * refac: oauth_sub -> oauth migration * refac * refac: api_key table migration * refac: user oauth display * refac * enh/refac: deprecate USER_POOL * refac * refac: pin icons * refac: admin user list active indicator * refac * feat/enh: pinned messages in channels * refac * refac: styling * refac: styling * refac/enh: channel message * refac * refac/fix: ollama model delete * refac/fix: temp chat image generation * refac: db group * refac * refac: styling * refac * Update middleware.py * refac * refac: knowledge file delete behaviour * enh: message reaction user names * refac * refac * refac * refac: styling * refac * refac: styling * refac: styling * refac * refac * feat/enh: group channel * refac * feat/enh: add/remove users from group channel * refac * refac * feat/enh: dm from user profile preview * Update translation.json (pt-BR) (open-webui#19603) translations of the new items that have been included * refac * refac * refac * refac * refac * chore: otel bump * chore: otel bump * i18n: improve Chinese translation (open-webui#19651) * fix: audit * feat/enh: user status * refac * refac * Chore: dep bump (open-webui#19667) * Update pyproject.toml * Update requirements-min.txt * Update requirements.txt --------- Co-authored-by: Tim Baek <[email protected]> * refac * feat: signin rate limit * Update milvus_multitenancy.py (open-webui#19680) * refac * refac * fix/adjust web search to properly block domains (open-webui#19670) Co-authored-by: Tim Baek <[email protected]> * refac * refac * refac * refac: styling * refac: show connection type for custom models * refac * refac * feat/enh: kb files db migration * refac * refac/perf: has_access_to_file optimization * enh: group members endpoint * refac * refac * feat: Adds document intelligence model configuration (open-webui#19692) * Adds document intelligence model configuration Enables the configuration of the Document Intelligence model to be used by the RAG pipeline. This allows users to specify the model they want to use for document processing, providing flexibility and control over the extraction process. * Added Titel to Document Intelligence Model Config Added Titel to Document Intelligence Model Config * Fix dropdown backgrounds (open-webui#19693) * refac * fix: Update milvus.py (open-webui#19602) * Update milvus.py * Update milvus.py * Update milvus.py * Update milvus.py * Update milvus.py --------- Co-authored-by: Tim Baek <[email protected]> * Update milvus_multitenancy.py (open-webui#19695) * Update translation.json (open-webui#19696) * chore: format * fix: Default Group ID assignment on SSO/OAUTH and LDAP (open-webui#19685) * fix (open-webui#99) Co-authored-by: Tim Baek <[email protected]> Co-authored-by: Claude <[email protected]> * Update auths.py * unified logic * PUSH * remove getattr * rem getattr * whitespace * Update oauth.py * trusted header group sync Added default group re-application after trusted header group sync * not apply after syncs * . * rem --------- Co-authored-by: Tim Baek <[email protected]> Co-authored-by: Claude <[email protected]> * Update translation.json (open-webui#19697) * Update translation.json * Update translation.json * chore: bump * refac * chore: 0.6.41 Changelog (open-webui#19473) * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * chore: format * Fixes for requirements and audio --------- Co-authored-by: Timothy Jaeryang Baek <[email protected]> Co-authored-by: Siwadon S. (Jay) <[email protected]> Co-authored-by: Classic298 <[email protected]> Co-authored-by: joaoback <[email protected]> Co-authored-by: Claude <[email protected]> Co-authored-by: expruc <[email protected]> Co-authored-by: _00_ <[email protected]> Co-authored-by: Shirasawa <[email protected]> Co-authored-by: Alexandr Promakh <[email protected]> Co-authored-by: Aleix Dorca <[email protected]> Co-authored-by: gerhardj-b <[email protected]> Co-authored-by: Tobias Genannt <[email protected]> Co-authored-by: stevessr <[email protected]> Co-authored-by: cw.a <[email protected]> Co-authored-by: RomualdYT <[email protected]> Co-authored-by: Poccia <[email protected]> Co-authored-by: Henne <[email protected]> Co-authored-by: Matthew Kusz <[email protected]>
|
Using OpenWebUI v0.6.41 domain filtering is not working for me. I've saved changes on Web Search page and restarted open-webui multiple times. After reload changes are persist but domain list is not actually used during filtering. OpenWebUI settings: Redacted Output in console during web search: |
Collaborator
|
@fluxik that setting in the admin panel is only for the web search, not for web fetching. |
|
@Classic298 ok, i have also configured env param "WEB_FETCH_FILTER_LIST", but still zero filtering. And i figured out why, because in |
Collaborator
|
@fluxik PR welcome! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Checklist
Note to first-time contributors: Please open a discussion post in Discussions to discuss your idea/fix with the community before creating a pull request, and describe your changes before submitting a pull request.
This is to ensure large feature PRs are discussed with the community first, before starting work on it. If the community does not want this feature or it is not relevant for Open WebUI as a project, it can be identified in the discussion before working on the feature and submitting the PR.
Before submitting, make sure you've checked the following:
devbranch. Not targeting thedevbranch will lead to immediate closure of the PR.Changelog Entry
🔒 Web search filtering now correctly blocks results when any resolved hostname or IP address matches a blocked domain, preventing blocked sites from appearing due to permissive hostname resolution.
Description
Related issue: #19669
This PR fixes an issue in the web search filtering logic where blocked domains (prefixed with !) were still allowed if any resolved hostname or IP address passed the filter check.
Web search filtering currently behaves incorrectly when a domain resolves to multiple hostnames or IP addresses.
In
get_filtered_results, each search result domain is resolved to:Each value is then passed individually to
is_string_allowed; if any one of those values is allowed, the entire search result is included.This behavior contradicts the expected semantics of a block rule: if any resolved hostname or IP is blocked, the entire result should be excluded.
The issue is caused by this logic:
Changed
is_string_allowednow evaluates a sequence of resolved hostnames/IPs together to ensure block rules are applied consistently to an entire search result.Additional Information
The logs show the issue clearly with the resolved hostnames logged in
get_filtered_results. The hostnames are all associated with a single result, and because the resolved IP addresses are not explicitly blocked, the YouTube result is incorrectly allowed through.Contributor License Agreement
By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.
Note
Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in.