From 38431d2e142b7da6a9b48aad203f02a2eff7e6fd Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Mon, 29 May 2023 19:46:37 +0200 Subject: [fix] correct determination of the IP for the request For correct determination of the IP to the request the function botdetection.get_real_ip() is implemented. This fonction is used in the ip_limit and link_token method of the botdetection and it is used in the self_info plugin. A documentation about the X-Forwarded-For header has been added. [1] https://github.com/searxng/searxng/pull/2357#issuecomment-1566211059 Signed-off-by: Markus Heiser --- searx/botdetection/link_token.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'searx/botdetection/link_token.py') diff --git a/searx/botdetection/link_token.py b/searx/botdetection/link_token.py index 376d06d61..a83214a33 100644 --- a/searx/botdetection/link_token.py +++ b/searx/botdetection/link_token.py @@ -43,6 +43,7 @@ import flask from searx import logger from searx import redisdb from searx.redislib import secret_hash +from ._helpers import get_real_ip TOKEN_LIVE_TIME = 600 """Livetime (sec) of limiter's CSS token.""" @@ -73,7 +74,7 @@ def is_suspicious(request: flask.Request, renew: bool = False): if not redis_client.get(ping_key): logger.warning( "missing ping (IP: %s) / request: %s", - request.headers.get('X-Forwarded-For', ''), + get_real_ip(request), ping_key, ) return True @@ -111,9 +112,7 @@ def get_ping_key(request: flask.Request): PING_KEY + "[" + secret_hash( - request.headers.get('X-Forwarded-For', '') - + request.headers.get('Accept-Language', '') - + request.headers.get('User-Agent', '') + get_real_ip(request) + request.headers.get('Accept-Language', '') + request.headers.get('User-Agent', '') ) + "]" ) -- cgit v1.2.3