SearXNG: Add limiter config and whitelist monitoring
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Tobias Manske 2023-06-26 16:27:19 +02:00
parent 54019a2e04
commit 40c6f4ada5
Signed by: tobias
GPG Key ID: 9164B527694A0709
2 changed files with 42 additions and 0 deletions

View File

@ -13,6 +13,7 @@ services:
volumes:
- ./settings.yml:/etc/searxng/settings.yml:ro,z
- ./uwsgi.ini:/etc/searxng/uwsgi.ini:ro,z
- ./limiter.toml:/etc/searxng/limiter.toml:ro,z
labels:
- "traefik.enable=true"
- "traefik.http.routers.searxng.rule=Host(`search.tobiasmanske.de`)"

View File

@ -0,0 +1,41 @@
[real_ip]
# Number of values to trust for X-Forwarded-For.
x_for = 1
# The prefix defines the number of leading bits in an address that are compared
# to determine whether or not an address is part of a (client) network.
ipv4_prefix = 32
ipv6_prefix = 48
[botdetection.ip_limit]
# To get unlimited access in a local network, by default link-lokal addresses
# (networks) are not monitored by the ip_limit
filter_link_local = false
# activate link_token method in the ip_limit method
link_token = false
[botdetection.ip_lists]
# In the limiter, the ip_lists method has priority over all other methods -> if
# an IP is in the pass_ip list, it has unrestricted access and it is also not
# checked if e.g. the "user agent" suggests a bot (e.g. curl).
block_ip = [
# '93.184.216.34', # IPv4 of example.org
# '257.1.1.1', # invalid IP --> will be ignored, logged in ERROR class
]
pass_ip = [
'65.108.60.208' # Monitoring
# '192.168.0.0/16', # IPv4 private network
# 'fe80::/10' # IPv6 linklocal / wins over botdetection.ip_limit.filter_link_local
]
# Activate passlist of (hardcoded) IPs from the SearXNG organization,
# e.g. `check.searx.space`.
pass_searxng_org = true