mirror of
https://github.com/searxng/searxng.git
synced 2025-08-16 08:46:43 +02:00
ce8929cabe
Replaces `x_for` functionality with `trusted_proxies`. This allows defining which IP / ranges to trust extracting the client IP address from X-Forwarded-For and X-Real-IP headers. We don't know if the proxy chain will give us the proper client address (REMOTE_ADDR in the WSGI environment), so we rely on reading the headers of the proxy before SearXNG (if there is one, in that case it must be added to trusted_proxies) hoping it has done the proper checks. In case a proxy in the chain does not check the client address correctly, integrity is compromised and this should be fixed by whoever manages the proxy, not us. Closes: - https://github.com/searxng/searxng/issues/4940 - https://github.com/searxng/searxng/issues/4939 - https://github.com/searxng/searxng/issues/4907 - https://github.com/searxng/searxng/issues/3632 - https://github.com/searxng/searxng/issues/3191 - https://github.com/searxng/searxng/issues/1237 Related: - https://github.com/searxng/searxng-docker/issues/386 - https://github.com/inetol-infrastructure/searxng-container/issues/81
25 lines
615 B
Python
25 lines
615 B
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
""".. _botdetection src:
|
|
|
|
Implementations used for bot detection.
|
|
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
__all__ = ["init", "dump_request", "get_network", "too_many_requests", "ProxyFix"]
|
|
|
|
|
|
import valkey
|
|
|
|
from ._helpers import dump_request
|
|
from ._helpers import get_network
|
|
from ._helpers import too_many_requests
|
|
from . import config
|
|
from . import valkeydb
|
|
from .trusted_proxies import ProxyFix
|
|
|
|
|
|
def init(cfg: config.Config, valkey_client: valkey.Valkey | None):
|
|
config.set_global_cfg(cfg)
|
|
if valkey_client:
|
|
valkeydb.set_valkey_client(valkey_client)
|