Icycoide/searxng
1
0
Fork 1
mirror of https://github.com/searxng/searxng.git synced 2025-07-23 13:19:17 +02:00
Code Issues Projects Releases Packages Wiki Activity
searxng/searx
History
Ivan Gabaldon eb9f20a823
[mod] botdetection: trusted proxies 
Replaces `x_for` functionality with `trusted_proxies`. This allows defining which IP / ranges to trust extracting the client IP address from X-Forwarded-For and X-Real-IP headers.

We don't know if the proxy chain will give us the proper client address, so we rely on reading the headers of the proxy before SearXNG (if there is one, in that case it must be added to trusted_proxies) hoping it has done the proper checks. In case a proxy in the chain does not check the client address correctly, integrity is compromised and this should be fixed by whoever manages the proxy, not us.

I had to move the get_cnf func to another file (config.py) to prevent cyclic imports since we need to read the list inside _helpers.py

Closes https://github.com/searxng/searxng/issues/4907
Closes https://github.com/searxng/searxng/issues/3632
Closes https://github.com/searxng/searxng/issues/3191
Closes https://github.com/searxng/searxng/issues/1237

Related https://github.com/searxng/searxng-docker/issues/386
Related https://github.com/inetol-infrastructure/searxng-container/issues/81
2025-07-10 20:40:56 +02:00
..
answerers [chore] fix some docstring typos (#4815) 2025-05-20 21:03:54 +02:00
botdetection [mod] botdetection: trusted proxies 2025-07-10 20:40:56 +02:00
data [fix] prevent multiple, parallel initializations of tables in the cache DB (#4991) 2025-07-09 17:32:10 +02:00
enginelib [chore] fix some docstring typos (#4815) 2025-05-20 21:03:54 +02:00
engines [fix] public domain image archive: cloud provider changed angolia -> aws 2025-07-10 15:12:26 +02:00
favicons [chore] fix some docstring typos (#4815) 2025-05-20 21:03:54 +02:00
infopage [chore] docs: various grammatical fixes 2025-06-23 23:01:29 +02:00
metrics [fix] openmetrics: value is None if there's no data 2024-11-25 16:57:03 +01:00
network [fix] searx.network: don't trigger DeprecationWarning (#4845) 2025-05-24 12:40:05 +02:00
plugins [mod] botdetection: trusted proxies 2025-07-10 20:40:56 +02:00
result_types [mod] weather results: add types, i18n/l10n, symbols & unit conversions 2025-05-31 20:34:59 +02:00
search [fix] prevent multiple, parallel initializations of tables in the cache DB (#4991) 2025-07-09 17:32:10 +02:00
static/themes/simple [upd] web-client (simple): Bump vite from 6.3.5 to 7.0.0 in /client/simple (#4944) 2025-07-04 11:04:22 +02:00
templates/simple [chore] docs: various grammatical fixes 2025-06-23 23:01:29 +02:00
translations [l10n] update translations from Weblate (#4966) 2025-07-04 10:20:18 +02:00
__init__.py [fix] issues when launching a local development server 2025-04-22 14:26:11 +02:00
autocomplete.py [fix] restore startpage autocompleter 2025-06-25 17:38:31 +02:00
babel_extract.py [mod] weather results: add types, i18n/l10n, symbols & unit conversions 2025-05-31 20:34:59 +02:00
cache.py [mod] data: implement a simple tracker URL (SQL) database 2025-06-23 22:12:18 +02:00
compat.py [mod] Revision of the favicon solution 2024-10-05 08:18:28 +02:00
exceptions.py [fix] engine: duckduckgo - CAPTCHA detection 2024-10-19 14:55:44 +02:00
extended_types.py [chore] fix some docstring typos (#4815) 2025-05-20 21:03:54 +02:00
external_bang.py [mod] pylint all files with one profile / drop PYLINT_SEARXNG_DISABLE_OPTION 2024-03-11 14:55:38 +01:00
external_urls.py [mod] pylint all files with one profile / drop PYLINT_SEARXNG_DISABLE_OPTION 2024-03-11 14:55:38 +01:00
flaskfix.py [mod] pylint all files with one profile / drop PYLINT_SEARXNG_DISABLE_OPTION 2024-03-11 14:55:38 +01:00
limiter.py [mod] botdetection: trusted proxies 2025-07-10 20:40:56 +02:00
limiter.toml [mod] botdetection: trusted proxies 2025-07-10 20:40:56 +02:00
locales.py [refactor] typification of SearXNG (initial) / result items (part 1) 2025-01-28 07:07:08 +01:00
openmetrics.py [chore] fix some docstring typos (#4815) 2025-05-20 21:03:54 +02:00
preferences.py [refactor] migrate plugins from "module" to class SXNGPlugin 2025-03-29 10:16:43 +01:00
query.py [mod] internal ! and external !! bangs: ignore upper/lower case 2025-04-24 10:40:18 +02:00
results.py [refactor] typification of SearXNG (MainResult) / result items (part 2) 2025-03-15 10:36:33 +01:00
searxng.msg [mod] weather results: add types, i18n/l10n, symbols & unit conversions 2025-05-31 20:34:59 +02:00
settings.yml [mod] migrate from Redis to Valkey (#4795) 2025-07-09 07:55:37 +02:00
settings_defaults.py [mod] migrate from Redis to Valkey (#4795) 2025-07-09 07:55:37 +02:00
settings_loader.py [mod] revision of the settings_loader 2024-07-14 18:10:06 +02:00
sqlitedb.py [chore] fix some docstring typos (#4815) 2025-05-20 21:03:54 +02:00
sxng_locales.py [data] update searx.data - make data.traits (mullvad leta) 2025-04-23 14:06:32 +02:00
unixthreadname.py [mod] pylint all files with one profile / drop PYLINT_SEARXNG_DISABLE_OPTION 2024-03-11 14:55:38 +01:00
utils.py [fix] utils: truncated result (#4949) 2025-06-27 17:52:12 +02:00
valkeydb.py [mod] migrate from Redis to Valkey (#4795) 2025-07-09 07:55:37 +02:00
valkeylib.py [mod] migrate from Redis to Valkey (#4795) 2025-07-09 07:55:37 +02:00
version.py [mod] rework container deployment (#4764) 2025-05-11 18:12:51 +02:00
weather.py [feat] wttr.in: migrate to new weather engine template (#4888) 2025-07-03 16:42:13 +02:00
webadapter.py [chore] *: fix typos detected by typos-cli 2024-11-24 12:41:57 +01:00
webapp.py [mod] botdetection: trusted proxies 2025-07-10 20:40:56 +02:00
webutils.py [fix] issues when launching a local development server 2025-04-22 14:26:11 +02:00
wikidata_units.py [mod] weather results: add types, i18n/l10n, symbols & unit conversions 2025-05-31 20:34:59 +02:00