blob: 285d9333d1ac15c503b6146d636208c7091d81aa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
[
{
name = "roboagent limit";
filters = [
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)"
];
limit = 0;
stop = true;
actions = [
{ name = "log"; };
{ name = "block";
params = {
message = "Rate limit exceeded"
};
};
];
};
{
name = "botlimit";
filters = [
"Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
];
limit = 0;
stop = true;
actions = [
{ name = "log"; };
{ name = "block";
params = {
message = "Rate limit exceeded"
};
};
];
};
{
name = "suspiciously frequent IP";
filters = [];
interval = 600;
limit = 30;
aggregations = [
"Header:X-Forwarded-For"
];
actions =[
{name ="log"; };
];
};
{
name = "search request";
filters = [
"Param:q";
"Path=^(/|/search)$"
];
interval = 61;
limit = 999;
subrules = [
{
name = "missing Accept-Language";
filters = ["!Header:Accept-Language"];
limit = 0;
stop = true;
actions = [
{name ="log"; };
{name = "block";
params = {"message": "Rate limit exceeded"; }};
];
};
{
name = "suspiciously Connection=close header";
filters = ["Header:Connection=close"];
limit = 0;
stop = true;
actions = [
{name ="log"; };
{name = "block";
params = {"message": "Rate limit exceeded"; }};
];
};
{
name = "IP limit";
interval = 61;
limit = 9;
stop = true;
aggregations = [
"Header:X-Forwarded-For"
];
actions = [
{ name = "log"; };
{ name = "block";
params = {
message = "Rate limit exceeded"
};
};
];
};
{
name = "rss/json limit";
filters = [
"Param:format=(csv|json|rss)"
];
interval = 121;
limit = 2;
stop = true;
actions = [
{ name = "log"; };
{ name = "block";
params = {
message = "Rate limit exceeded"
};
};
];
};
{
name = "useragent limit";
interval = 61;
limit = 199;
aggregations = [
"Header:User-Agent"
];
actions = [
{ name = "log"; };
{ name = "block";
params = {
message = "Rate limit exceeded"
};
};
];
};
];
};
];
|
