[mod] hardening SearXNG instances by default (formats)

Deny formats has been implemented in 6ed4616d. To harden SearXNG instances by default, other formats than HTML should be denied. Most of JSON, RSS and CSV requests are bots [1]:: Bots are the only users of this feature on a public instance, and they abuse it too much that the engines rate limit pretty quickly the IP address of the instance. [1] https://github.com/searxng/searxng/issues/95 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
author: Markus Heiser <markus.heiser@darmarit.de> 2021-07-24 15:17:08 +0200
committer: Markus Heiser <markus.heiser@darmarit.de> 2021-07-25 12:59:09 +0200
commit: 7b40c736e6deac831eb00d8a988516ac9adfad79 (patch)
tree: 926d442e017a54e3b15fa96469538984d79d91ae /searx/settings.yml
parent: e02b5469f0ade144f0c6712d95eb4999a69b66b6 (diff)
download: searxng-7b40c736e6deac831eb00d8a988516ac9adfad79.tar.gz
searxng-7b40c736e6deac831eb00d8a988516ac9adfad79.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/searx/settings.yml b/searx/settings.yml
index faadb36d1..0306f00bd 100644
--- a/searx/settings.yml
+++ b/searx/settings.yml
@@ -27,7 +27,9 @@ search:
   # max ban time in seconds after engine errors
   max_ban_time_on_fail: 120
   # remove format to deny access, use lower case.
-  formats: [html, csv, json, rss]
+  # formats: [html, csv, json, rss]
+  formats:
+    - html
 
 server:
   port: 8888
author	Markus Heiser <markus.heiser@darmarit.de>	2021-07-24 15:17:08 +0200
committer	Markus Heiser <markus.heiser@darmarit.de>	2021-07-25 12:59:09 +0200
commit	7b40c736e6deac831eb00d8a988516ac9adfad79 (patch)
tree	926d442e017a54e3b15fa96469538984d79d91ae /searx/settings.yml
parent	e02b5469f0ade144f0c6712d95eb4999a69b66b6 (diff)
download	searxng-7b40c736e6deac831eb00d8a988516ac9adfad79.tar.gz searxng-7b40c736e6deac831eb00d8a988516ac9adfad79.zip