From 1425bf4efa5d87aa22bf53be7c1c5373db63fcaf Mon Sep 17 00:00:00 2001
From: "Trez.One" <charish.patel@trez.wtf>
Date: Tue, 7 Apr 2026 17:24:48 -0400
Subject: [PATCH] Adding limiter.toml, small settings changes.

---
 app-configs/rinoa/searxng/limiter.toml    | 55 +++++++++++++++++++++++
 app-configs/rinoa/searxng/settings.yml.j2 |  4 +-
 2 files changed, 57 insertions(+), 2 deletions(-)
 create mode 100644 app-configs/rinoa/searxng/limiter.toml

diff --git a/app-configs/rinoa/searxng/limiter.toml b/app-configs/rinoa/searxng/limiter.toml
new file mode 100644
index 0000000..480932a
--- /dev/null
+++ b/app-configs/rinoa/searxng/limiter.toml
@@ -0,0 +1,55 @@
+[botdetection]
+
+# The prefix defines the number of leading bits in an address that are compared
+# to determine whether or not an address is part of a (client) network.
+
+ipv4_prefix = 32
+ipv6_prefix = 48
+
+# If the request IP is in trusted_proxies list, the client IP address is
+# extracted from the X-Forwarded-For and X-Real-IP headers. This should be
+# used if SearXNG is behind a reverse proxy or load balancer.
+
+trusted_proxies = [
+  '127.0.0.0/8',
+  '::1',
+  '192.168.0.0/16',
+  '172.16.0.0/12',
+  '172.17.0.0/12',
+  '172.18.0.0/12'
+  # '10.0.0.0/8',
+  # 'fd00::/8',
+]
+
+[botdetection.ip_limit]
+
+# To get unlimited access in a local network, by default link-local addresses
+# (networks) are not monitored by the ip_limit
+filter_link_local = false
+
+# activate link_token method in the ip_limit method
+link_token = false
+
+[botdetection.ip_lists]
+
+# In the limiter, the ip_lists method has priority over all other methods -> if
+# an IP is in the pass_ip list, it has unrestricted access and it is also not
+# checked if e.g. the "user agent" suggests a bot (e.g. curl).
+
+block_ip = [
+  # '93.184.216.34',  # IPv4 of example.org
+  # '257.1.1.1',      # invalid IP --> will be ignored, logged in ERROR class
+]
+
+pass_ip = [
+  # '192.168.0.0/16',      # IPv4 private network
+  # 'fe80::/10'            # IPv6 linklocal / wins over botdetection.ip_limit.filter_link_local
+  '192.168.0.0/16',
+  '172.16.0.0/12',
+  '172.17.0.0/12',
+  '172.18.0.0/12'
+]
+
+# Activate passlist of (hardcoded) IPs from the SearXNG organization,
+# e.g. `check.searx.space`.
+pass_searxng_org = true
\ No newline at end of file
diff --git a/app-configs/rinoa/searxng/settings.yml.j2 b/app-configs/rinoa/searxng/settings.yml.j2
index ed1bd89..9f89079 100644
--- a/app-configs/rinoa/searxng/settings.yml.j2
+++ b/app-configs/rinoa/searxng/settings.yml.j2
@@ -103,7 +103,7 @@ outgoing:
   # default timeout in seconds, can be override by engine
   request_timeout: 3.0
   # the maximum timeout in seconds
-  # max_request_timeout: 10.0
+  max_request_timeout: 10.0
   # suffix of searxng_useragent, could contain information like an email address
   # to the administrator
   useragent_suffix: ""
@@ -153,7 +153,7 @@ plugins:
     active: true
 
   searx.plugins.infinite_scroll.SXNGPlugin:
-    active: false
+    active: true
 
   searx.plugins.hash_plugin.SXNGPlugin:
     active: true