fix(web-search): restrict private network guard

2026-05-06 19:20:43 +00:00 · 2026-05-02 06:39:40 +01:00
parent e052bdcfb6
commit 1771160d2c
12 changed files with 143 additions and 20 deletions
--- a/docs/.generated/plugin-sdk-api-baseline.sha256
+++ b/docs/.generated/plugin-sdk-api-baseline.sha256
@@ -1,2 +1,2 @@
-1fbd0ea7f65901d96653458ba414f9ac69dc0142ff3772e48d63de8b9fa5567f  plugin-sdk-api-baseline.json
-2d29f4e632b05bd365f414096c87a2a3d9718f13fdbf9538824cb32db2902436  plugin-sdk-api-baseline.jsonl
+7c25208c10ba075f76719883b7b2aefe4cf5e42328bad3acff1c5055350d344f  plugin-sdk-api-baseline.json
+6cac90f85065bcbd447911a0c7c54e7d6992278fd1b95a3e78ae4be3f185848a  plugin-sdk-api-baseline.jsonl
--- a/docs/tools/searxng-search.md
+++ b/docs/tools/searxng-search.md
@@ -85,6 +85,9 @@ Transport rules:
 - `https://` works for public or private SearXNG hosts
 - `http://` is only accepted for trusted private-network or loopback hosts
 - public SearXNG hosts must use `https://`
+- private/internal hosts use the self-hosted network guard; public `https://`
+  hosts stay on the strict web-search guard and cannot redirect to private
+  addresses

 ## Environment variable

@@ -112,6 +115,9 @@ key wins first).
 - **No API key** -- works with any SearXNG instance out of the box
 - **Base URL validation** -- `baseUrl` must be a valid `http://` or `https://`
  URL; public hosts must use `https://`
+- **Network guard** -- private/internal SearXNG endpoints opt in to
+  private-network access; public `https://` SearXNG endpoints keep strict SSRF
+  protection
 - **Auto-detection order** -- SearXNG is checked last (order 200) in
  auto-detection. API-backed providers with configured keys run first, then
  DuckDuckGo (order 100), then Ollama Web Search (order 110)