diff --git a/modules/nixos/services/searx/default.nix b/modules/nixos/services/searx/default.nix
index 98352f7..6a7b8aa 100755
--- a/modules/nixos/services/searx/default.nix
+++ b/modules/nixos/services/searx/default.nix
@@ -46,12 +46,21 @@ in
             virtualHosts = {
               "${configHelpers.host}" = {
                 extraConfig = ''
-                  redir /.well-known/carddav /remote.php/dav/ 301
-                  redir /.well-known/caldav /remote.php/dav/ 301
+                  @allowed_ips {
+                    remote_ip 10.100.0.0/24
+                  }
 
-                  reverse_proxy ${ceres.wireguard.ip0}:${toString configHelpers.service.ports.port0}
-                   tls ${configHelpers.service.ssl.cert} ${configHelpers.service.ssl.key}
+                  handle @allowed_ips {
+                    redir /.well-known/carddav /remote.php/dav/ 301
+                    redir /.well-known/caldav /remote.php/dav/ 301
+                    reverse_proxy ${ceres.wireguard.ip0}:${toString configHelpers.service.ports.port0}
+                  }
 
+                  handle {
+                    respond "Access Denied" 403
+                  }
+
+                  tls ${configHelpers.service.ssl.cert} ${configHelpers.service.ssl.key}
                 '';
               };
             };