utils/filtron.sh: various fix from first installation test (WIP)

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
author: Markus Heiser <markus.heiser@darmarit.de> 2020-01-09 16:25:05 +0100
committer: Markus Heiser <markus.heiser@darmarit.de> 2020-01-09 16:25:05 +0100
commit: 4990b07b4bc42b0caf0d890f8c81c3545bbb807b (patch)
tree: a208f8e3693298bb547c6d08d19e2c24b527c7fb /utils/templates
parent: f20193155a831b7628903909c372bf0873d93260 (diff)
download: searxng-4990b07b4bc42b0caf0d890f8c81c3545bbb807b.tar.gz
searxng-4990b07b4bc42b0caf0d890f8c81c3545bbb807b.zip
2 files changed, 93 insertions, 51 deletions
diff --git a/utils/templates/etc/filtron/rules.json b/utils/templates/etc/filtron/rules.json
index 4a232388e..b54e097a5 100644
--- a/utils/templates/etc/filtron/rules.json
+++ b/utils/templates/etc/filtron/rules.json
@@ -1,56 +1,98 @@
-[
+[{
+  "name":"search request",
+  "filters":[
+    "Param:q",
+    "Path=^(/|/search)$"
+  ],
+  "interval":60,
+  "limit":15,
+  "subrules":[
     {
-        "name": "api limit",
-        "interval": 60,
-        "limit": 1000,
-        "filters": ["Path=^/api"],
-        "aggregations": ["Path"],
-        "actions": [
-            {"name": "block"}
-        ],
-        "subrules": [
-            {
-                "name": "drop put",
-                "interval": 60,
-                "limit": 100,
-                "filters": ["Method=PUT"],
-                "aggregations": ["Header:X-Forwarded-For"],
-                "actions": [
-                    {"name": "shell",
-                     "params": {"cmd": "iptables -A INPUT -s %v -j DROP", "args": ["Header:X-Forwarded-For"]}}
-                ]
-            }
-        ]
+      "name":"roboagent limit",
+      "interval":60,
+      "limit":15,
+      "filters":[
+        "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)"
+      ],
+      "actions":[
+	{"name": "log"},
+	{
+          "name":"block",
+          "params":{
+            "message":"Rate limit exceeded"
+          }
+        }
+      ]
     },
     {
-        "name": "log'n'block rss",
-        "interval": 300,
-        "limit": 2500,
-        "filters": ["Path=^/$", "GET:format=rss"],
-        "actions": [
-            {"name": "log"},
-            {"name": "block"}
-        ]
+      "name":"botlimit",
+      "limit":0,
+      "stop":true,
+      "filters":[
+        "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
+      ],
+      "actions":[
+	{"name": "log"},
+        {
+          "name":"block",
+          "params":{
+            "message":"Rate limit exceeded"
+          }
+        }
+      ]
     },
     {
-        "name": "log rule",
-        "filters": ["Path=/"],
-        "actions": [ {"name": "log"} ],
-        "subrules": [
-            {
-                "name": "block missing accept-language",
-                "filters": ["!Header:Accept-Language"],
-                "actions": [
-                    {"name": "block"}
-                ]
-            },
-            {
-                "name": "block curl",
-                "filters": ["Header:User-Agent=[Cc]url"],
-                "actions": [
-                    {"name": "block"}
-                ]
-            }
-        ]
+      "name":"IP limit",
+      "interval":60,
+      "limit":15,
+      "stop":true,
+      "aggregations":[
+        "Header:X-Forwarded-For"
+      ],
+      "actions":[
+	{"name": "log"},
+        {
+          "name":"block",
+          "params":{
+            "message":"Rate limit exceeded"
+          }
+        }
+      ]
+    },
+    {
+      "name":"rss/json limit",
+      "interval":60,
+      "limit":15,
+      "stop":true,
+      "filters":[
+        "Param:format=(csv|json|rss)"
+      ],
+      "actions":[
+	{"name": "log"},
+        {
+          "name":"block",
+          "params":{
+            "message":"Rate limit exceeded"
+          }
+        }
+      ]
+      },
+    {
+      "name":"useragent limit",
+      "interval":60,
+      "limit":15,
+      "aggregations":[
+        "Header:User-Agent"
+      ],
+      "actions":[
+	{"name": "log"},
+        {
+          "name":"block",
+          "params":{
+            "message":"Rate limit exceeded"
+          }
+        }
+      ]
     }
-]
+  ]
+}]
diff --git a/utils/templates/lib/systemd/system/filtron.service b/utils/templates/lib/systemd/system/filtron.service
index fdb67731a..3b0c6edcc 100644
--- a/utils/templates/lib/systemd/system/filtron.service
+++ b/utils/templates/lib/systemd/system/filtron.service
@@ -10,7 +10,7 @@ Type=simple
 User=${SERVICE_USER}
 Group=${SERVICE_GROUP}
 WorkingDirectory=${SERVICE_HOME}
-ExecStart=${SERVICE_HOME}/go-apps/bin/filtron -rules ${FILTRON_RULES}
+ExecStart=${SERVICE_HOME}/go-apps/bin/filtron -api '${FILTRON_API}' -listen '${FILTRON_LISTEN}' -rules '${FILTRON_RULES}' -target '${FILTRON_TARGET}'
 
 Restart=always
 Environment=USER=${SERVICE_USER} HOME=${SERVICE_HOME}
author	Markus Heiser <markus.heiser@darmarit.de>	2020-01-09 16:25:05 +0100
committer	Markus Heiser <markus.heiser@darmarit.de>	2020-01-09 16:25:05 +0100
commit	4990b07b4bc42b0caf0d890f8c81c3545bbb807b (patch)
tree	a208f8e3693298bb547c6d08d19e2c24b527c7fb /utils/templates
parent	f20193155a831b7628903909c372bf0873d93260 (diff)
download	searxng-4990b07b4bc42b0caf0d890f8c81c3545bbb807b.tar.gz searxng-4990b07b4bc42b0caf0d890f8c81c3545bbb807b.zip