Icycoide/searxng
1
0
Fork 1
mirror of https://github.com/searxng/searxng.git synced 2025-08-17 01:06:44 +02:00
Code Issues Projects Releases Packages Wiki Activity

[mod] limiter: trusted proxies (#4911)

Browse source 
Replaces `x_for` functionality with `trusted_proxies`. This allows defining
which IP / ranges to trust extracting the client IP address from X-Forwarded-For
and X-Real-IP headers.

We don't know if the proxy chain will give us the proper client
address (REMOTE_ADDR in the WSGI environment), so we rely on reading the headers
of the proxy before SearXNG (if there is one, in that case it must be added to
trusted_proxies) hoping it has done the proper checks. In case a proxy in the
chain does not check the client address correctly, integrity is compromised and
this should be fixed by whoever manages the proxy, not us.

Closes:

- https://github.com/searxng/searxng/issues/4940
- https://github.com/searxng/searxng/issues/4939
- https://github.com/searxng/searxng/issues/4907
- https://github.com/searxng/searxng/issues/3632
- https://github.com/searxng/searxng/issues/3191
- https://github.com/searxng/searxng/issues/1237

Related:

- https://github.com/searxng/searxng-docker/issues/386
- https://github.com/inetol-infrastructure/searxng-container/issues/81
This commit is contained in:
Ivan Gabaldon 2025-08-09 23:03:30 +02:00 committed by GitHub
parent 341d718c7f
commit ce8929cabe
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
24 changed files with 453 additions and 184 deletions
Download patch file Download diff file Expand all files Collapse all files

4
searx/plugins/tor_check.py
View file

@ -5,6 +5,7 @@ user searches for ``tor-check``. It fetches the tor exit node list from
user's IP address is in it.
"""
from __future__ import annotations
from ipaddress import ip_address
import typing
import re
@ -14,7 +15,6 @@ from httpx import HTTPError
from searx.network import get
from searx.plugins import Plugin, PluginInfo
from searx.result_types import EngineResults
from searx.botdetection import get_real_ip
if typing.TYPE_CHECKING:
from searx.search import SearchWithPlugins
@ -66,7 +66,7 @@ class SXNGPlugin(Plugin):
results.add(results.types.Answer(answer=f"{msg} {url_exit_list}"))
return results
real_ip = get_real_ip(request)
real_ip = ip_address(address=str(request.remote_addr)).compressed
if real_ip in node_list:
msg = gettext("You are using Tor and it looks like you have the external IP address")