diff --git a/conf/nginx/sites-available/off b/conf/nginx/sites-available/off
index f75e7fd69259e..42c70249b825e 100644
--- a/conf/nginx/sites-available/off
+++ b/conf/nginx/sites-available/off
@@ -24,6 +24,8 @@ map $uri $apache_port {
 	"~*^/cgi/product.pl" 8002;
 	# product API read / write
 	"~*^/api/v./product/" 8002;
+        # whitelist most cgi (but display and search)
+        "~*^/cgi/(?!display|search).pl" 8002;
 }
 
 # variables definitions for expiry headers are loaded from /etc/nginx/conf.d/expires-no-json-xml.conf