1 files changed, 127 insertions, 0 deletions

diff --git a/utils/templates/etc/filtron/rules.json b/utils/templates/etc/filtron/rules.json
new file mode 100644
index 000000000..8fbffa937
--- /dev/null
+++ b/utils/templates/etc/filtron/rules.json
@@ -0,0 +1,127 @@
+[
+    {
+	"name": "roboagent limit",
+	"filters": [
+	    "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)"
+	],
+	"limit": 0,
+	"stop": true,
+	"actions": [
+	    { "name": "log"},
+	    { "name": "block",
+              "params": {
+		  "message": "Rate limit exceeded"
+              }
+	    }
+	]
+    },
+    {
+	"name": "botlimit",
+	"filters": [
+	    "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
+	],
+	"limit": 0,
+	"stop": true,
+	"actions": [
+	    { "name": "log"},
+	    { "name": "block",
+              "params": {
+		  "message": "Rate limit exceeded"
+              }
+	    }
+	]
+    },
+    { "name": "suspiciously frequent IP",
+      "filters": [],
+      "interval": 600,
+      "limit": 30,
+      "aggregations": [
+	  "Header:X-Forwarded-For"
+      ],
+      "actions":[
+	  {"name":"log"}
+      ]
+    },
+    { "name": "search request",
+      "filters": [
+	  "Param:q",
+	  "Path=^(/|/search)$"
+      ],
+      "interval": 61,
+      "limit": 999,
+      "subrules": [
+	  {
+	      "name": "missing Accept-Language",
+	      "filters": ["!Header:Accept-Language"],
+	      "limit": 0,
+	      "stop": true,
+	      "actions": [
+		  {"name":"log"},
+		  {"name": "block",
+		   "params": {"message": "Rate limit exceeded"}}
+	      ]
+	  },
+	  {
+              "name": "suspiciously Connection=close header",
+              "filters": ["Header:Connection=close"],
+              "limit": 0,
+              "stop": true,
+              "actions": [
+		  {"name":"log"},
+		  {"name": "block",
+		   "params": {"message": "Rate limit exceeded"}}
+              ]
+	  },
+	  {
+              "name": "IP limit",
+              "interval": 61,
+              "limit": 9,
+              "stop": true,
+              "aggregations": [
+		  "Header:X-Forwarded-For"
+              ],
+              "actions": [
+		  { "name": "log"},
+		  { "name": "block",
+		    "params": {
+			"message": "Rate limit exceeded"
+		    }
+		  }
+              ]
+	  },
+	  {
+              "name": "rss/json limit",
+              "filters": [
+		  "Param:format=(csv|json|rss)"
+              ],
+              "interval": 121,
+              "limit": 2,
+              "stop": true,
+              "actions": [
+		  { "name": "log"},
+		  { "name": "block",
+		    "params": {
+			"message": "Rate limit exceeded"
+		    }
+		  }
+              ]
+	  },
+	  {
+              "name": "useragent limit",
+              "interval": 61,
+              "limit": 199,
+              "aggregations": [
+		  "Header:User-Agent"
+              ],
+              "actions": [
+		  { "name": "log"},
+		  { "name": "block",
+		    "params": {
+			"message": "Rate limit exceeded"
+		    }
+		  }
+              ]
+	  }
+      ]
+    }
+]