From ce8929cabe27c7cf0bfb21b47786c7442ffb3712 Mon Sep 17 00:00:00 2001 From: Ivan Gabaldon Date: Sat, 9 Aug 2025 23:03:30 +0200 Subject: [mod] limiter: trusted proxies (#4911) Replaces `x_for` functionality with `trusted_proxies`. This allows defining which IP / ranges to trust extracting the client IP address from X-Forwarded-For and X-Real-IP headers. We don't know if the proxy chain will give us the proper client address (REMOTE_ADDR in the WSGI environment), so we rely on reading the headers of the proxy before SearXNG (if there is one, in that case it must be added to trusted_proxies) hoping it has done the proper checks. In case a proxy in the chain does not check the client address correctly, integrity is compromised and this should be fixed by whoever manages the proxy, not us. Closes: - https://github.com/searxng/searxng/issues/4940 - https://github.com/searxng/searxng/issues/4939 - https://github.com/searxng/searxng/issues/4907 - https://github.com/searxng/searxng/issues/3632 - https://github.com/searxng/searxng/issues/3191 - https://github.com/searxng/searxng/issues/1237 Related: - https://github.com/searxng/searxng-docker/issues/386 - https://github.com/inetol-infrastructure/searxng-container/issues/81 --- searx/valkeydb.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'searx/valkeydb.py') diff --git a/searx/valkeydb.py b/searx/valkeydb.py index 2817c6d0a..3a7be1fd9 100644 --- a/searx/valkeydb.py +++ b/searx/valkeydb.py @@ -17,6 +17,7 @@ A valkey DB connect can be tested by:: >>> """ +from __future__ import annotations import os import pwd @@ -26,12 +27,12 @@ import warnings import valkey from searx import get_setting - -_CLIENT = None +_CLIENT: valkey.Valkey | None = None logger = logging.getLogger(__name__) -def client() -> valkey.Valkey: +def client() -> valkey.Valkey | None: + """Returns SearXNG's global Valkey DB connector (Valkey client object).""" return _CLIENT -- cgit v1.2.3