diff options
| author | Quentin Aristote <quentin@aristote.fr> | 2021-08-14 19:33:50 +0200 |
|---|---|---|
| committer | Quentin Aristote <quentin@aristote.fr> | 2021-08-14 19:33:50 +0200 |
| commit | 098da93e5deb2fc0043e15f3817191f5bd668e34 (patch) | |
| tree | e779f777197a29a71dad5803b1d32f6302db7fb6 /config/services/web/searx/filtron/default.nix | |
| parent | b08e8f21a4da329f0507eef1781a2e6922c27dc5 (diff) | |
restructure project
Diffstat (limited to 'config/services/web/searx/filtron/default.nix')
| -rw-r--r-- | config/services/web/searx/filtron/default.nix | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/config/services/web/searx/filtron/default.nix b/config/services/web/searx/filtron/default.nix new file mode 100644 index 0000000..cc637c3 --- /dev/null +++ b/config/services/web/searx/filtron/default.nix @@ -0,0 +1,122 @@ +{ ... }: + +{ + services.filtron = { + enable = true; + rules = [ + { + name = "roboagent limit"; + filters = [ + "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)" + ]; + limit = 0; + stop = true; + actions = [ + { name = "log"; } + { + name = "block"; + params = { message = "Rate limit exceeded"; }; + } + ]; + } + { + name = "botlimit"; + filters = [ + "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" + ]; + limit = 0; + stop = true; + actions = [ + { name = "log"; } + { + name = "block"; + params = { message = "Rate limit exceeded"; }; + } + ]; + } + { + name = "suspiciously frequent IP"; + filters = [ ]; + interval = 600; + limit = 30; + aggregations = [ "Header:X-Forwarded-For" ]; + actions = [{ name = "log"; }]; + } + { + name = "search request"; + filters = [ "Param:q" "Path=^(/|/search)$" ]; + interval = 61; + limit = 999; + subrules = [ + { + name = "missing Accept-Language"; + filters = [ "!Header:Accept-Language" ]; + limit = 0; + stop = true; + actions = [ + { name = "log"; } + { + name = "block"; + params = { message = "Rate limit exceeded"; }; + } + ]; + } + # { + # name = "suspiciously Connection=close header"; + # filters = [ "Header:Connection=close" ]; + # limit = 0; + # stop = true; + # actions = [ + # { name = "log"; } + # { + # name = "block"; + # params = { message = "Rate limit exceeded"; }; + # } + # ]; + # } + { + name = "IP limit"; + interval = 61; + limit = 9; + stop = true; + aggregations = [ "Header:X-Forwarded-For" ]; + actions = [ + { name = "log"; } + { + name = "block"; + params = { message = "Rate limit exceeded"; }; + } + ]; + } + { + name = "rss/json limit"; + filters = [ "Param:format=(csv|json|rss)" ]; + interval = 121; + limit = 2; + stop = true; + actions = [ + { name = "log"; } + { + name = "block"; + params = { message = "Rate limit exceeded"; }; + } + ]; + } + { + name = "useragent limit"; + interval = 61; + limit = 199; + aggregations = [ "Header:User-Agent" ]; + actions = [ + { name = "log"; } + { + name = "block"; + params = { message = "Rate limit exceeded"; }; + } + ]; + } + ]; + } + ]; + }; +} |