[mod] botdetection: trusted proxies

Replaces `x_for` functionality with `trusted_proxies`. This allows defining which IP / ranges to trust extracting the client IP address from X-Forwarded-For and X-Real-IP headers. We don't know if the proxy chain will give us the proper client address, so we rely on reading the headers of the proxy before SearXNG (if there is one, in that case it must be added to trusted_proxies) hoping it has done the proper checks. In case a proxy in the chain does not check the client address correctly, integrity is compromised and this should be fixed by whoever manages the proxy, not us. I had to move the get_cnf func to another file (config.py) to prevent cyclic imports since we need to read the list inside _helpers.py Closes https://github.com/searxng/searxng/issues/4907 Closes https://github.com/searxng/searxng/issues/3632 Closes https://github.com/searxng/searxng/issues/3191 Closes https://github.com/searxng/searxng/issues/1237 Related https://github.com/searxng/searxng-docker/issues/386 Related https://github.com/inetol-infrastructure/searxng-container/issues/81
2025-07-18 10:49:25 +02:00 · 2025-06-12 14:16:09 +02:00 · 2025-06-12 14:16:09 +02:00 · eb9f20a823
commit eb9f20a823
parent 4b9644eb27
10 changed files with 147 additions and 102 deletions
--- a/searx/limiter.py
+++ b/searx/limiter.py
@ -95,8 +95,6 @@ Implementation
 from __future__ import annotations
 import sys

-from pathlib import Path
-from ipaddress import ip_address
 import flask
 import werkzeug

@ -124,34 +122,15 @@ from searx.botdetection import (
 # coherency, the logger is "limiter"
 logger = logger.getChild('limiter')

-CFG: config.Config = None  # type: ignore
 _INSTALLED = False

-LIMITER_CFG_SCHEMA = Path(__file__).parent / "limiter.toml"
-"""Base configuration (schema) of the botdetection."""
-
-CFG_DEPRECATED = {
-    # "dummy.old.foo": "config 'dummy.old.foo' exists only for tests.  Don't use it in your real project config."
-}
-
-
-def get_cfg() -> config.Config:
-    global CFG  # pylint: disable=global-statement
-
-    if CFG is None:
-        from . import settings_loader  # pylint: disable=import-outside-toplevel
-
-        cfg_file = (settings_loader.get_user_cfg_folder() or Path("/etc/searxng")) / "limiter.toml"
-        CFG = config.Config.from_toml(LIMITER_CFG_SCHEMA, cfg_file, CFG_DEPRECATED)
-    return CFG
-

 def filter_request(request: SXNG_Request) -> werkzeug.Response | None:
    # pylint: disable=too-many-return-statements

-    cfg = get_cfg()
-    real_ip = ip_address(get_real_ip(request))
-    network = get_network(real_ip, cfg)
+    cfg = config.get_cfg()
+    real_ip = get_real_ip(request)
+    network = get_network(real_ip)

    if request.path == '/healthz':
        return None
@ -228,7 +207,7 @@ def initialize(app: flask.Flask, settings):
    # even if the limiter is not activated, the botdetection must be activated
    # (e.g. the self_info plugin uses the botdetection to get client IP)

-    cfg = get_cfg()
+    cfg = config.get_cfg()
    valkey_client = valkeydb.client()
    botdetection.init(cfg, valkey_client)