blob: cc637c374dc26c6afc53f722363e48ceadcfda33 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
{ ... }:
{
services.filtron = {
enable = true;
rules = [
{
name = "roboagent limit";
filters = [
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)"
];
limit = 0;
stop = true;
actions = [
{ name = "log"; }
{
name = "block";
params = { message = "Rate limit exceeded"; };
}
];
}
{
name = "botlimit";
filters = [
"Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
];
limit = 0;
stop = true;
actions = [
{ name = "log"; }
{
name = "block";
params = { message = "Rate limit exceeded"; };
}
];
}
{
name = "suspiciously frequent IP";
filters = [ ];
interval = 600;
limit = 30;
aggregations = [ "Header:X-Forwarded-For" ];
actions = [{ name = "log"; }];
}
{
name = "search request";
filters = [ "Param:q" "Path=^(/|/search)$" ];
interval = 61;
limit = 999;
subrules = [
{
name = "missing Accept-Language";
filters = [ "!Header:Accept-Language" ];
limit = 0;
stop = true;
actions = [
{ name = "log"; }
{
name = "block";
params = { message = "Rate limit exceeded"; };
}
];
}
# {
# name = "suspiciously Connection=close header";
# filters = [ "Header:Connection=close" ];
# limit = 0;
# stop = true;
# actions = [
# { name = "log"; }
# {
# name = "block";
# params = { message = "Rate limit exceeded"; };
# }
# ];
# }
{
name = "IP limit";
interval = 61;
limit = 9;
stop = true;
aggregations = [ "Header:X-Forwarded-For" ];
actions = [
{ name = "log"; }
{
name = "block";
params = { message = "Rate limit exceeded"; };
}
];
}
{
name = "rss/json limit";
filters = [ "Param:format=(csv|json|rss)" ];
interval = 121;
limit = 2;
stop = true;
actions = [
{ name = "log"; }
{
name = "block";
params = { message = "Rate limit exceeded"; };
}
];
}
{
name = "useragent limit";
interval = 61;
limit = 199;
aggregations = [ "Header:User-Agent" ];
actions = [
{ name = "log"; }
{
name = "block";
params = { message = "Rate limit exceeded"; };
}
];
}
];
}
];
};
}
|
