CVE-2023-34237: SABnzbd - Wiki - General

Web server

SABnzbd Host

The hostname that will be used to access SABnzbd.

• 127.0.0.1 or [::1] or localhost (default) = Access from this computer only
• empty = Finds and listens on your local (IPv4) IP address. Used for accessing from other computers. localhost will not work anymore so update your bookmarks.
• 0.0.0.0 = Listens on multiple interfaces (both local IP and localhost).
• :: = Listen on both IPv4 and IPv6 addresses for local and network access.

For more information and option to overwrite this setting at startup see Command Line Parameters

SABnzbd Port

The internal webserver needs a port to listen on. The default port is 8080. Try another one if this address is already occupied by another program on your computer.
NOTE macOS and Linux users: ports below 1025 may require SABnzbd launched as root.

Web Interface
Advanced

SABnzbd comes with a few different skins (web interface styles). Pick one here and click on save. For the skin to become active, you have to shutdown SABnzbd and restart it again. Some skins support multiple color schemas.

Language

The program supports more languages.
NOTE Help us translate SABnzbd in your language: add untranslated texts or improved existing translations.

Enable HTTPS

Enable the webserver to use HTTPS.
For more information, see: HTTPS.
NOTE Modern web browsers and other clients will not accept self-signed certificates and will give a warning and/or won’t connect at all.

HTTPS Port
Advanced

Port to be used for listening. Must be different from the normal HTTP port. If empty, the SABnzbd Port set above will only listen to HTTPS (this is the default setting).

HTTPS Certificate
HTTPS Key
HTTPS Chain Certificates
Advanced

Files containing the HTTPS certificate, key and (optionally) chain Certificates.

Security

SABnzbd Username
SABnzbd Password

You may want to limit access to the web interface to people knowing a username and password for the interface.

External internet access

Set the access level for connections from outside the local network.

By default, all IP addresses in a private network range, such as 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 and fd00::/8 are considered local. To define custom local network ranges, use the Special local_ranges setting.

• API:
  • No access = No outside access is allowed at all.
  • Add NZB files = Only NZB’s can be added via the API, nothing else.
  • API (no config) = API is fully available (queue/history/add+remove NZB’s/etc), except for methods that get or edit the configuration.
  • Full API = All API methods are available, including editing the configuration.
• Full API & Web Interface:
  • Full Web Interface = The full API methods and the web interface are available. Users are always shown the login screen if username/password are set.
  • Full Web interface - Only external access requires login = Only users outside the local network ranges are shown the login screen if username and password are set.

API Key

This is the secret key that is needed in API calls.
NOTE When you click the Change button, you’ll need to tell your utilities the new key.

NZB Key

This is similar to the API Key, but only allows external applications to add NZB’s.
NOTE After adding NZB’s, external applications do not have access to the queue to monitor the progress of the download.
NOTE When you click the Change button, you’ll need to tell your utilities the new key.

Switches

Launch browser on startup

Enable to auto-launch of the browser when SABnzbd is started.

Check for new release

If enabled, SABnzbd will check once a week whether a new release has been published.

HTTPS certificate verification
Advanced

Verify certificates when connecting to indexers and RSS-sources using HTTPS. Some websites do not have proper certificates and some systems might not be configured correctly.

SOCKS5 Proxy
Advanced

Connection information is entered as a URL, ie:

• socks5://username:[email protected]:port or
• socks5://hostname:port (no login)

NOTE The connection between the client and the server will use SSL if enabled. However, the connection between the proxy and the client will not. This means that the data transferred between the client and the server is hidden for anyone including the proxy, but the username and password for the proxy and the server address are unencrypted.

Tuning

Maximum line speed

Set how fast your internet connection is, in bytes/sec.
NOTE If you have an ISP-speed of 10Mbit/sec, you should enter 1MB/s here.

Percentage of line speed
Advanced

Which percentage of the line speed should SABnzbd use, e.g. 50. This value is used as the default value when SABnzbd starts.
Setting a value of 0 disables any limit.

Article Cache Limit
Advanced

How much memory (RAM) can be used for caching (reducing disk access). This value is set automatically when SABnzbd is started for the first time to 25% of the system’s memory or 2G if you have more than 8GB of memory.
You enter the amount in bytes but you can use factors like K, M, G etc. eg: 70M = 70 MB cache.

• number = Maximum memory (in bytes)
• 0 = Disable Cache
• -1 = Unlimited, up to maximum for your system (1 or 4GB).

See High speed downloading for more information.
Article Cache is limited to 1G on 32bit systems and 4G on 64bit systems.

Backup

Create backup

Create a backup of the configuration file and databases in the Backup Folder. If the Backup Folder is not set, the backup will be created in the Completed Download Folder.
You can also schedule a recurring backup in Scheduling.
WARNING The backup contains all sensitive information like your passwords and API keys!
NOTE The backup can only be created in this folder to prevent an attacker easy access to all your passwords and API-keys if they somehow manage to enter the configuration.

Restore backup

Restore a backup of the configuration file and databases.