SearProxy

A SearX / SearXNG compatible web content sanitizer proxy, which is heavily inspired by Morty.

I've created this project since I wanted a stricter sanitation proxy which still allows some modern features such as: <video>, <audio>, <picture>, and <source>. To prevent leakage through unknown or unexpected resource links, this project also uses a Content Security Policy which allows only itself. Like Morty it also supports an HTTP or SOCKS5 proxy to tunnel the outgoing traffic. But unlike Morty it requires a HMAC secret to validate the given URL and does not allow direct URL opening.

This project currently has the following features:

• HTML sanitization (<applet>, <canvas>, <embed>)
• Resource reference rewrite
• JavaScript blocking (<script>, on*="code")
• No cookies, caching, or referrers
• HTML <form> with GET or POST
• HTML <img> async decoding and optionally "lazy" loading
• HTML <iframe>, <video>, <audio>

To use it for SearX or SearXNG define a result_proxy section within the settings.yml. Inside this section define a url with the public base URL to this service and a key which is the HMAC secret that's used to validate the given URL. This project can also be used as image proxy if server.image_proxy is set to true. (See SearX settings.yml, SearXNG settings.yml)

result_proxy:
  url: https://proxy.example.com/
  key: !!binary "hmac_secret"

server:
  image_proxy: true

Alternatively, see the documentation for the SearX result proxy. (SearXNG has removed their documentation for result proxies, but still support them just like SearX.)

The source code for this project can be found on GitHub at friedemannsommer/searproxy.