Hi @clems4ever,

Authelia is vulnerable to open redirection, which can aid an attacker in conducting a phishing attack.

To prevent this issue, I would suggest to add a parameter in Authelia configuration file allowed_rd which value would be a regex matching URLs determined as safe by the administrator. Then, the rd URL parameter would always be checked against this allowed_rd regex before actually allowing or not the redirection upon successful login.