Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Is it possible to restrict access (say to my IP) to searx?


  • Because the more people use it, the less it works:

    Public instances listed here may yield less accurate results as they have much higher traffic and consequently have a higher chance of being blocked by search providers such as Google, Qwant, Bing, Startpage, etc. Hosting your own instance or using an instance that isn't listed here may give you a more consistent search experience.

    From: https://searx.space/#

    I'm wondering if that's why Searx basically stopped working for me. I pretty much stopped using it then, but would like to do so again.

  • Staff

    @jdaviescoates Currently, there is no way to IP restrict. Can you make a new feature request post? It's probably quite easy to add (just some nginx firewall rule, I assume).

  • Staff

    FWIW, you can install it in a non-guessable subdomain 🙂 If you use wildcard certificates, then the domain name is not logged anywhere in public either (i.e won't be in CT reports).


  • @girish said in Is it possible to restrict access (say to my IP) to searx?:

    If you use wildcard certificates,

    Just to check you mean not using (in my case) Gandi API but instead just do the wildcard A record, right?

    then the domain name is not logged anywhere in public either (i.e won't be in CT reports).

    What are CT reports? 🙂

    Thanks!

    (I do actually have one domain currently using a Wildcard so perhaps I'll move my instance to a non guessable sub-domain of that and see how I get on)

  • Staff

    @jdaviescoates Correct, if you use Gandi API you are using wildcard certs and good.

    When a cert is issued, most of the current certificate providers these days "log" the domain name as part of the https://en.wikipedia.org/wiki/Certificate_Transparency project. These reports can then be scanned later. For example, go to https://crt.sh/ and search for say %google.com%. This gives various subdomains of google. When you use wildcard certs, only *.domain.com is logged and thus the subdomain is hidden. So, if you install searx at mysecretsearch.domain.com, there is no way for anyone to know the subdomain mysecretsearch since DNS has no subdomain search.