SearProxy
A SearX / SearXNG compatible web content sanitizer proxy, which is heavily inspired by Morty.
I've created this project since I wanted a stricter sanitation proxy which still allows some modern features such as: <video>
, <audio>
, <picture>
, and <source>
. To prevent leakage through unknown or unexpected resource links, this project also uses a Content Security Policy which allows only itself. Like Morty it also supports an HTTP or SOCKS5 proxy to tunnel the outgoing traffic. But unlike Morty it requires a HMAC secret to validate the given URL and does not allow direct URL opening.
This project currently has the following features:
- HTML sanitization (
<applet>
,<canvas>
,<embed>
) - Resource reference rewrite
- JavaScript blocking (
<script>
,on*="code"
) - No cookies, caching, or referrers
- HTML
<form>
withGET
orPOST
- HTML
<img>
async decoding and optionally "lazy" loading - HTML
<iframe>
,<video>
,<audio>
To use it for SearX or SearXNG define a result_proxy
section within the settings.yml
. Inside this section define a url
with the public base URL to this service and a key
which is the HMAC secret that's used to validate the given URL. This project can also be used as image proxy if server.image_proxy
is set to true
. (See SearX settings.yml, SearXNG settings.yml)
result_proxy:
url: https://proxy.example.com/
key: !!binary "hmac_secret"
server:
image_proxy: true
Alternatively, see the documentation for the SearX result proxy. (SearXNG has removed their documentation for result proxies, but still support them just like SearX.)
The source code for this project can be found on GitHub at friedemannsommer/searproxy.