TheFloatingLab/SearxNG-Captcha
TheFloatingLab/SearxNG-Captcha
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Corrected some errors in the README

Browse source
This commit is contained in:
Frans Veldman 2026-06-16 01:34:13 +00:00
commit c49481f9e9
1 changed files with 5 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

21
README.md
View file

@ -8,16 +8,16 @@ My SearxNG instance on [searx.thefloatinglab.world](https://searx.thefloatinglab
Despite the deployment of botlists, limiters, and manually blocking the most obvious bots, it still remained an endless battle. Despite the deployment of botlists, limiters, and manually blocking the most obvious bots, it still remained an endless battle.
A new problem is the rise of slow trickle bots. They don't hammer the site but launch a request once per 5 minutes or so. If you have 50 or so of these, you have a request every few seconds, enough to get the instance blocked by the upstream providers. And these slow trickle bots are indistinguishable from normal users... that is, until they hit a captcha... A new problem is the rise of slow trickle bots. They don't hammer the site but launch a request once per 5 minutes or so. If you have 50 or so of these, you have a request every few seconds, enough to get the instance blocked by the upstream providers. And these slow trickle bots are indistinguishable from normal users... that is, until they hit a captcha...
Most of the time my instance was useless. So either I had to give up on this project, or find a way to block the bots and let the genuine users through. A captcha system might not be popular, but on the other hand, a useless site is, well, pretty useless. My instance had become most of the time useless due to these bots. So either I had to give up on this project, or find a way to block the endless stream of bots and let the genuine users through. A captcha portal might not be popular, but on the other hand, a useless site is, well, pretty useless.
By combining the captcha system with a cookie, only once in 90 days the user has to solve the captcha. A small price to pay for access to a wonderfull instance! By combining the captcha system with a cookie, only once in 90 days the user has to click the captcha. A small price to pay for access to a wonderfull instance!
# Features # Features
- No modification of the SearxNG code is necessary, the captcha system runs entirely within Nginx. - No modification of the SearxNG code is necessary, the captcha system runs entirely within Nginx.
- The captcha, once solved, stays valid for 90 days. - The captcha, once clicked, stays valid for 90 days.
- No puzzles to solve, just a confirmation click. - No puzzles to solve, just a confirmation click.
- It is recommended to [self host the open source captcha system](https://github.com/tiagozip/cap), so no information leaks to the outside world. - It is recommended to [self host the open source CAP captcha system](https://github.com/tiagozip/cap), so no information leaks to the outside world.
- The privacy and security of SearxNG are fully maintained if this self hosted open source captcha system is used. - The privacy and security of SearxNG are fully maintained if the self hosted open source CAP captcha system is used.
- Effective against slow trickle bots. - Effective against slow trickle bots.
- Optional automatic reporting to [AbuseIPDB](https://www.abuseipdb.com). - Optional automatic reporting to [AbuseIPDB](https://www.abuseipdb.com).
- Optionally, Cloudflare Turnstile can be used as captcha provider instead. - Optionally, Cloudflare Turnstile can be used as captcha provider instead.
@ -84,23 +84,12 @@ You have to modify your nginx searxng vhost file to run the captcha.
- Add the optional line "access_log /var/log/nginx/searx.access.log ts;" for enhanced logging features. - Add the optional line "access_log /var/log/nginx/searx.access.log ts;" for enhanced logging features.
- Add the required line "include snippets/captcha.conf;" - Add the required line "include snippets/captcha.conf;"
- Add the line "access_by_lua_block { require("captcha").guard() }" in every "Location" block that needs protection. - Add the line "access_by_lua_block { require("captcha").guard() }" in every "Location" block that needs protection.
- Duplicate your root location "/" to "/searxng/" to catch the bots that will entry from there.
You likely have no "location" for "/searxng/stats" yet, but if you use a health checker or monitor bot on the /stats directory, you can add it without the reference to the captcha system, so it remains accessible without the need for solving the captcha first.
Most bots search by using "/?q=" but some also from "/searxng/?q=". So both locations should be listed here.
~~~ ~~~
access_log /var/log/nginx/searx.access.log ts; # <-- Optional! The "ts" suffix indicates the extended log format so captcha status is shown. access_log /var/log/nginx/searx.access.log ts; # <-- Optional! The "ts" suffix indicates the extended log format so captcha status is shown.
include snippets/captcha.conf; # <-- REQUIRED! include snippets/captcha.conf; # <-- REQUIRED!
# You need to mention this location specifically to catch the bots that do not search via the root but via /searxng.
location /searxng/ {
access_by_lua_block { require("captcha").guard() } # <-- Add this!
proxy_pass http://127.0.0.1:8886;
}
location / { location / {
access_by_lua_block { require("captcha").guard() } # <-- Add this! access_by_lua_block { require("captcha").guard() } # <-- Add this!
proxy_pass http://127.0.0.1:8886; proxy_pass http://127.0.0.1:8886;