Spent quite a bit of time securing searx so I can put it on the public instance list. One thing that has taken quite a bit of time is figuring out how to configure my apache to present a secure interface. Here's what I came up with, maybe it'll help someone else setting up searx in the future. I got an A+ on mozilla's tester with this configuration.
<IfModule mod_headers.c>
Header always set X-Robots-Tag none
header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
header always set Content-Security-Policy "default-src 'none'; style-src-elem https://search.fbxl.net/static/; img-src https://search.fbxl.net/image_proxy https://search.fbxl.net/static/themes/; script-src-elem https://search.fbxl.net/static/js/ https://search.fbxl.net/static/themes/oscar/js/ https://search.fbxl.net/static/plugins/js/; font-src https://search.fbxl.net/static/fonts/; frame-src https://video.fbxl.net/;base-uri 'self'; style-src https://search.fbxl.net/ 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'none'"
header always set X-Frame-Options DENY
</IfModule>
<IfModule mod_headers.c>
Header always set X-Robots-Tag none
header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
header always set Content-Security-Policy "default-src 'none'; style-src-elem https://search.fbxl.net/static/; img-src https://search.fbxl.net/image_proxy https://search.fbxl.net/static/themes/; script-src-elem https://search.fbxl.net/static/js/ https://search.fbxl.net/static/themes/oscar/js/ https://search.fbxl.net/static/plugins/js/; font-src https://search.fbxl.net/static/fonts/; frame-src https://video.fbxl.net/;base-uri 'self'; style-src https://search.fbxl.net/ 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'none'"
header always set X-Frame-Options DENY
</IfModule>
- replies
- 0
- announces
- 0
- likes
- 0