From 281e36f4b7848374535d5e953050ae73423191ca Mon Sep 17 00:00:00 2001
From: Markus Heiser <markus.heiser@darmarit.de>
Date: Thu, 1 Jun 2023 15:41:48 +0200
Subject: [fix] limiter: replace real_ip by IPv4/v6 network

Closes: https://github.com/searxng/searxng/issues/2477
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
---
 searx/botdetection/limiter.toml | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

(limited to 'searx/botdetection/limiter.toml')

diff --git a/searx/botdetection/limiter.toml b/searx/botdetection/limiter.toml
index af797d32c..71a231e8f 100644
--- a/searx/botdetection/limiter.toml
+++ b/searx/botdetection/limiter.toml
@@ -1,8 +1,22 @@
+[real_ip]
+
+# Number of values to trust for X-Forwarded-For.
+
+x_for = 1
+
+# The prefix defines the number of leading bits in an address that are compared
+# to determine whether or not an address is part of a (client) network.
+
+ipv4_prefix = 32
+ipv6_prefix = 48
+
 [botdetection.ip_limit]
 
+# To get unlimited access in a local network, by default link-lokal addresses
+# (networks) are not monitored by the ip_limit
+filter_link_local = false
+
+# acrivate link_token method in the ip_limit method
 link_token = false
 
-[real_ip]
 
-# Number of values to trust for X-Forwarded-For.
-x_for = 1
-- 
cgit v1.2.3