Is it possible to restrict access (say to my IP) to searx?
-
Because the more people use it, the less it works:
Public instances listed here may yield less accurate results as they have much higher traffic and consequently have a higher chance of being blocked by search providers such as Google, Qwant, Bing, Startpage, etc. Hosting your own instance or using an instance that isn't listed here may give you a more consistent search experience.
From: https://searx.space/#
I'm wondering if that's why Searx basically stopped working for me. I pretty much stopped using it then, but would like to do so again.
-
@jdaviescoates Currently, there is no way to IP restrict. Can you make a new feature request post? It's probably quite easy to add (just some nginx firewall rule, I assume).
-
FWIW, you can install it in a non-guessable subdomain If you use wildcard certificates, then the domain name is not logged anywhere in public either (i.e won't be in CT reports).
-
@girish said in Is it possible to restrict access (say to my IP) to searx?:
If you use wildcard certificates,
Just to check you mean not using (in my case) Gandi API but instead just do the wildcard A record, right?
then the domain name is not logged anywhere in public either (i.e won't be in CT reports).
What are CT reports?
Thanks!
(I do actually have one domain currently using a Wildcard so perhaps I'll move my instance to a non guessable sub-domain of that and see how I get on)
-
@jdaviescoates Correct, if you use Gandi API you are using wildcard certs and good.
When a cert is issued, most of the current certificate providers these days "log" the domain name as part of the https://en.wikipedia.org/wiki/Certificate_Transparency project. These reports can then be scanned later. For example, go to https://crt.sh/ and search for say
%google.com%
. This gives various subdomains of google. When you use wildcard certs, only*.domain.com
is logged and thus the subdomain is hidden. So, if you install searx atmysecretsearch.domain.com
, there is no way for anyone to know the subdomainmysecretsearch
since DNS has no subdomain search.