diff options
author | return42 <markus.heiser@darmarIT.de> | 2025-01-06 16:15:21 +0000 |
---|---|---|
committer | return42 <markus.heiser@darmarIT.de> | 2025-01-06 16:15:21 +0000 |
commit | cb199d893e15748a7488377007aa464757a4f6e9 (patch) | |
tree | 4239e3c48aa479a4ab0b07d111d391769874c18f /_modules/searx/botdetection/_helpers.html | |
download | searxng-gh-pages.tar.gz searxng-gh-pages.zip |
[doc] build from commit 6dab7fe78be3c8872b8a6d99cf00c597813171bagh-pages
Diffstat (limited to '_modules/searx/botdetection/_helpers.html')
-rw-r--r-- | _modules/searx/botdetection/_helpers.html | 241 |
1 files changed, 241 insertions, 0 deletions
diff --git a/_modules/searx/botdetection/_helpers.html b/_modules/searx/botdetection/_helpers.html new file mode 100644 index 000000000..1f78b62e7 --- /dev/null +++ b/_modules/searx/botdetection/_helpers.html @@ -0,0 +1,241 @@ +<!DOCTYPE html> + +<html lang="en" data-content_root="../../../"> + <head> + <meta charset="utf-8" /> + <meta name="viewport" content="width=device-width, initial-scale=1.0" /> + <meta name="viewport" content="width=device-width, initial-scale=1"> + <title>searx.botdetection._helpers — SearXNG Documentation (2025.1.6+6dab7fe78)</title> + <link rel="stylesheet" type="text/css" href="../../../_static/pygments.css?v=4f649999" /> + <link rel="stylesheet" type="text/css" href="../../../_static/searxng.css?v=52e4ff28" /> + <script src="../../../_static/documentation_options.js?v=ef740023"></script> + <script src="../../../_static/doctools.js?v=9a2dae69"></script> + <script src="../../../_static/sphinx_highlight.js?v=dc90522c"></script> + <script data-project="searxng" data-version="2025.1.6+6dab7fe78" src="../../../_static/describe_version.js?v=fa7f30d0"></script> + <link rel="index" title="Index" href="../../../genindex.html" /> + <link rel="search" title="Search" href="../../../search.html" /> + </head><body> + <div class="related" role="navigation" aria-label="Related"> + <h3>Navigation</h3> + <ul> + <li class="right" style="margin-right: 10px"> + <a href="../../../genindex.html" title="General Index" + accesskey="I">index</a></li> + <li class="right" > + <a href="../../../py-modindex.html" title="Python Module Index" + >modules</a> |</li> + <li class="nav-item nav-item-0"><a href="../../../index.html">SearXNG Documentation (2025.1.6+6dab7fe78)</a> »</li> + <li class="nav-item nav-item-1"><a href="../../index.html" accesskey="U">Module code</a> »</li> + <li class="nav-item nav-item-this"><a href="">searx.botdetection._helpers</a></li> + </ul> + </div> + + <div class="document"> + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body" role="main"> + + <h1>Source code for searx.botdetection._helpers</h1><div class="highlight"><pre> +<span></span><span class="c1"># SPDX-License-Identifier: AGPL-3.0-or-later</span> +<span class="c1"># pylint: disable=missing-module-docstring, invalid-name</span> +<span class="kn">from</span> <span class="nn">__future__</span> <span class="kn">import</span> <span class="n">annotations</span> + +<span class="kn">from</span> <span class="nn">ipaddress</span> <span class="kn">import</span> <span class="p">(</span> + <span class="n">IPv4Network</span><span class="p">,</span> + <span class="n">IPv6Network</span><span class="p">,</span> + <span class="n">IPv4Address</span><span class="p">,</span> + <span class="n">IPv6Address</span><span class="p">,</span> + <span class="n">ip_network</span><span class="p">,</span> +<span class="p">)</span> +<span class="kn">import</span> <span class="nn">flask</span> +<span class="kn">import</span> <span class="nn">werkzeug</span> + +<span class="kn">from</span> <span class="nn">searx</span> <span class="kn">import</span> <span class="n">logger</span> +<span class="kn">from</span> <span class="nn">.</span> <span class="kn">import</span> <span class="n">config</span> + +<span class="n">logger</span> <span class="o">=</span> <span class="n">logger</span><span class="o">.</span><span class="n">getChild</span><span class="p">(</span><span class="s1">'botdetection'</span><span class="p">)</span> + + +<span class="k">def</span> <span class="nf">dump_request</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">flask</span><span class="o">.</span><span class="n">Request</span><span class="p">):</span> + <span class="k">return</span> <span class="p">(</span> + <span class="n">request</span><span class="o">.</span><span class="n">path</span> + <span class="o">+</span> <span class="s2">" || X-Forwarded-For: </span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="n">request</span><span class="o">.</span><span class="n">headers</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'X-Forwarded-For'</span><span class="p">)</span> + <span class="o">+</span> <span class="s2">" || X-Real-IP: </span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="n">request</span><span class="o">.</span><span class="n">headers</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'X-Real-IP'</span><span class="p">)</span> + <span class="o">+</span> <span class="s2">" || form: </span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="n">request</span><span class="o">.</span><span class="n">form</span> + <span class="o">+</span> <span class="s2">" || Accept: </span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="n">request</span><span class="o">.</span><span class="n">headers</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'Accept'</span><span class="p">)</span> + <span class="o">+</span> <span class="s2">" || Accept-Language: </span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="n">request</span><span class="o">.</span><span class="n">headers</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'Accept-Language'</span><span class="p">)</span> + <span class="o">+</span> <span class="s2">" || Accept-Encoding: </span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="n">request</span><span class="o">.</span><span class="n">headers</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'Accept-Encoding'</span><span class="p">)</span> + <span class="o">+</span> <span class="s2">" || Content-Type: </span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="n">request</span><span class="o">.</span><span class="n">headers</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'Content-Type'</span><span class="p">)</span> + <span class="o">+</span> <span class="s2">" || Content-Length: </span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="n">request</span><span class="o">.</span><span class="n">headers</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'Content-Length'</span><span class="p">)</span> + <span class="o">+</span> <span class="s2">" || Connection: </span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="n">request</span><span class="o">.</span><span class="n">headers</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'Connection'</span><span class="p">)</span> + <span class="o">+</span> <span class="s2">" || User-Agent: </span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="n">request</span><span class="o">.</span><span class="n">headers</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'User-Agent'</span><span class="p">)</span> + <span class="p">)</span> + + +<div class="viewcode-block" id="too_many_requests"> +<a class="viewcode-back" href="../../../src/searx.botdetection.html#searx.botdetection.too_many_requests">[docs]</a> +<span class="k">def</span> <span class="nf">too_many_requests</span><span class="p">(</span><span class="n">network</span><span class="p">:</span> <span class="n">IPv4Network</span> <span class="o">|</span> <span class="n">IPv6Network</span><span class="p">,</span> <span class="n">log_msg</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="n">werkzeug</span><span class="o">.</span><span class="n">Response</span> <span class="o">|</span> <span class="kc">None</span><span class="p">:</span> +<span class="w"> </span><span class="sd">"""Returns a HTTP 429 response object and writes a ERROR message to the</span> +<span class="sd"> 'botdetection' logger. This function is used in part by the filter methods</span> +<span class="sd"> to return the default ``Too Many Requests`` response.</span> + +<span class="sd"> """</span> + + <span class="n">logger</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">"BLOCK </span><span class="si">%s</span><span class="s2">: </span><span class="si">%s</span><span class="s2">"</span><span class="p">,</span> <span class="n">network</span><span class="o">.</span><span class="n">compressed</span><span class="p">,</span> <span class="n">log_msg</span><span class="p">)</span> + <span class="k">return</span> <span class="n">flask</span><span class="o">.</span><span class="n">make_response</span><span class="p">((</span><span class="s1">'Too Many Requests'</span><span class="p">,</span> <span class="mi">429</span><span class="p">))</span></div> + + + +<div class="viewcode-block" id="get_network"> +<a class="viewcode-back" href="../../../src/searx.botdetection.html#searx.botdetection.get_network">[docs]</a> +<span class="k">def</span> <span class="nf">get_network</span><span class="p">(</span><span class="n">real_ip</span><span class="p">:</span> <span class="n">IPv4Address</span> <span class="o">|</span> <span class="n">IPv6Address</span><span class="p">,</span> <span class="n">cfg</span><span class="p">:</span> <span class="n">config</span><span class="o">.</span><span class="n">Config</span><span class="p">)</span> <span class="o">-></span> <span class="n">IPv4Network</span> <span class="o">|</span> <span class="n">IPv6Network</span><span class="p">:</span> +<span class="w"> </span><span class="sd">"""Returns the (client) network of whether the real_ip is part of."""</span> + + <span class="k">if</span> <span class="n">real_ip</span><span class="o">.</span><span class="n">version</span> <span class="o">==</span> <span class="mi">6</span><span class="p">:</span> + <span class="n">prefix</span> <span class="o">=</span> <span class="n">cfg</span><span class="p">[</span><span class="s1">'real_ip.ipv6_prefix'</span><span class="p">]</span> + <span class="k">else</span><span class="p">:</span> + <span class="n">prefix</span> <span class="o">=</span> <span class="n">cfg</span><span class="p">[</span><span class="s1">'real_ip.ipv4_prefix'</span><span class="p">]</span> + <span class="n">network</span> <span class="o">=</span> <span class="n">ip_network</span><span class="p">(</span><span class="sa">f</span><span class="s2">"</span><span class="si">{</span><span class="n">real_ip</span><span class="si">}</span><span class="s2">/</span><span class="si">{</span><span class="n">prefix</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="n">strict</span><span class="o">=</span><span class="kc">False</span><span class="p">)</span> + <span class="c1"># logger.debug("get_network(): %s", network.compressed)</span> + <span class="k">return</span> <span class="n">network</span></div> + + + +<span class="n">_logged_errors</span> <span class="o">=</span> <span class="p">[]</span> + + +<span class="k">def</span> <span class="nf">_log_error_only_once</span><span class="p">(</span><span class="n">err_msg</span><span class="p">):</span> + <span class="k">if</span> <span class="n">err_msg</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">_logged_errors</span><span class="p">:</span> + <span class="n">logger</span><span class="o">.</span><span class="n">error</span><span class="p">(</span><span class="n">err_msg</span><span class="p">)</span> + <span class="n">_logged_errors</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">err_msg</span><span class="p">)</span> + + +<div class="viewcode-block" id="get_real_ip"> +<a class="viewcode-back" href="../../../src/searx.botdetection.html#searx.botdetection.get_real_ip">[docs]</a> +<span class="k">def</span> <span class="nf">get_real_ip</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">flask</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="o">-></span> <span class="nb">str</span><span class="p">:</span> +<span class="w"> </span><span class="sd">"""Returns real IP of the request. Since not all proxies set all the HTTP</span> +<span class="sd"> headers and incoming headers can be faked it may happen that the IP cannot</span> +<span class="sd"> be determined correctly.</span> + +<span class="sd"> .. sidebar:: :py:obj:`flask.Request.remote_addr`</span> + +<span class="sd"> SearXNG uses Werkzeug's ProxyFix_ (with it default ``x_for=1``).</span> + +<span class="sd"> This function tries to get the remote IP in the order listed below,</span> +<span class="sd"> additional some tests are done and if inconsistencies or errors are</span> +<span class="sd"> detected, they are logged.</span> + +<span class="sd"> The remote IP of the request is taken from (first match):</span> + +<span class="sd"> - X-Forwarded-For_ header</span> +<span class="sd"> - `X-real-IP header <https://github.com/searxng/searxng/issues/1237#issuecomment-1147564516>`__</span> +<span class="sd"> - :py:obj:`flask.Request.remote_addr`</span> + +<span class="sd"> .. _ProxyFix:</span> +<span class="sd"> https://werkzeug.palletsprojects.com/middleware/proxy_fix/</span> + +<span class="sd"> .. _X-Forwarded-For:</span> +<span class="sd"> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For</span> + +<span class="sd"> """</span> + + <span class="n">forwarded_for</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">headers</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">"X-Forwarded-For"</span><span class="p">)</span> + <span class="n">real_ip</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">headers</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'X-Real-IP'</span><span class="p">)</span> + <span class="n">remote_addr</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">remote_addr</span> + <span class="c1"># logger.debug(</span> + <span class="c1"># "X-Forwarded-For: %s || X-Real-IP: %s || request.remote_addr: %s", forwarded_for, real_ip, remote_addr</span> + <span class="c1"># )</span> + + <span class="k">if</span> <span class="ow">not</span> <span class="n">forwarded_for</span><span class="p">:</span> + <span class="n">_log_error_only_once</span><span class="p">(</span><span class="s2">"X-Forwarded-For header is not set!"</span><span class="p">)</span> + <span class="k">else</span><span class="p">:</span> + <span class="kn">from</span> <span class="nn">.</span> <span class="kn">import</span> <span class="n">cfg</span> <span class="c1"># pylint: disable=import-outside-toplevel, cyclic-import</span> + + <span class="n">forwarded_for</span> <span class="o">=</span> <span class="p">[</span><span class="n">x</span><span class="o">.</span><span class="n">strip</span><span class="p">()</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="n">forwarded_for</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">','</span><span class="p">)]</span> + <span class="n">x_for</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="n">cfg</span><span class="p">[</span><span class="s1">'real_ip.x_for'</span><span class="p">]</span> <span class="c1"># type: ignore</span> + <span class="n">forwarded_for</span> <span class="o">=</span> <span class="n">forwarded_for</span><span class="p">[</span><span class="o">-</span><span class="nb">min</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">forwarded_for</span><span class="p">),</span> <span class="n">x_for</span><span class="p">)]</span> + + <span class="k">if</span> <span class="ow">not</span> <span class="n">real_ip</span><span class="p">:</span> + <span class="n">_log_error_only_once</span><span class="p">(</span><span class="s2">"X-Real-IP header is not set!"</span><span class="p">)</span> + + <span class="k">if</span> <span class="n">forwarded_for</span> <span class="ow">and</span> <span class="n">real_ip</span> <span class="ow">and</span> <span class="n">forwarded_for</span> <span class="o">!=</span> <span class="n">real_ip</span><span class="p">:</span> + <span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s2">"IP from X-Real-IP (</span><span class="si">%s</span><span class="s2">) is not equal to IP from X-Forwarded-For (</span><span class="si">%s</span><span class="s2">)"</span><span class="p">,</span> <span class="n">real_ip</span><span class="p">,</span> <span class="n">forwarded_for</span><span class="p">)</span> + + <span class="k">if</span> <span class="n">forwarded_for</span> <span class="ow">and</span> <span class="n">remote_addr</span> <span class="ow">and</span> <span class="n">forwarded_for</span> <span class="o">!=</span> <span class="n">remote_addr</span><span class="p">:</span> + <span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span> + <span class="s2">"IP from WSGI environment (</span><span class="si">%s</span><span class="s2">) is not equal to IP from X-Forwarded-For (</span><span class="si">%s</span><span class="s2">)"</span><span class="p">,</span> <span class="n">remote_addr</span><span class="p">,</span> <span class="n">forwarded_for</span> + <span class="p">)</span> + + <span class="k">if</span> <span class="n">real_ip</span> <span class="ow">and</span> <span class="n">remote_addr</span> <span class="ow">and</span> <span class="n">real_ip</span> <span class="o">!=</span> <span class="n">remote_addr</span><span class="p">:</span> + <span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s2">"IP from WSGI environment (</span><span class="si">%s</span><span class="s2">) is not equal to IP from X-Real-IP (</span><span class="si">%s</span><span class="s2">)"</span><span class="p">,</span> <span class="n">remote_addr</span><span class="p">,</span> <span class="n">real_ip</span><span class="p">)</span> + + <span class="n">request_ip</span> <span class="o">=</span> <span class="n">forwarded_for</span> <span class="ow">or</span> <span class="n">real_ip</span> <span class="ow">or</span> <span class="n">remote_addr</span> <span class="ow">or</span> <span class="s1">'0.0.0.0'</span> + <span class="c1"># logger.debug("get_real_ip() -> %s", request_ip)</span> + <span class="k">return</span> <span class="n">request_ip</span></div> + +</pre></div> + + <div class="clearer"></div> + </div> + </div> + </div> + <span id="sidebar-top"></span> + <div class="sphinxsidebar" role="navigation" aria-label="Main"> + <div class="sphinxsidebarwrapper"> + + + <p class="logo"><a href="../../../index.html"> + <img class="logo" src="../../../_static/searxng-wordmark.svg" alt="Logo of SearXNG"/> + </a></p> + + +<h3><a href="../../../index.html">Table of Contents</a></h3> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">User information</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../own-instance.html">Why use a private instance?</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">Administrator documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../dev/index.html">Developer documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../utils/index.html">DevOps tooling box</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../src/index.html">Source-Code</a></li> +</ul> + + <h3>Project Links</h3> + <ul> + <li><a href="https://github.com/searxng/searxng/tree/master">Source</a> + + <li><a href="https://github.com/searxng/searxng/wiki">Wiki</a> + + <li><a href="https://searx.space">Public instances</a> + + <li><a href="https://github.com/searxng/searxng/issues">Issue Tracker</a> + </ul><h3>Navigation</h3> +<ul> + <li><a href="../../../index.html">Overview</a> + <ul> + <li><a href="../../index.html">Module code</a> + + + </ul> + </li> + </ul> + </li> +</ul> +<search id="searchbox" style="display: none" role="search"> + <h3 id="searchlabel">Quick search</h3> + <div class="searchformwrapper"> + <form class="search" action="../../../search.html" method="get"> + <input type="text" name="q" aria-labelledby="searchlabel" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"/> + <input type="submit" value="Go" /> + </form> + </div> +</search> +<script>document.getElementById('searchbox').style.display = "block"</script> + </div> + </div> + <div class="clearer"></div> + </div> + <div class="footer" role="contentinfo"> + © Copyright SearXNG team. + </div> + </body> +</html>
\ No newline at end of file |