diff options
| author | Markus Heiser <markus.heiser@darmarIT.de> | 2023-06-03 06:00:15 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-03 06:00:15 +0200 |
| commit | 80aaef6c95b572df1fa3a8c30b7fdc1538d7a306 (patch) | |
| tree | a023de5925099e69b6b5de850cab1e0ddc330f39 /searx/webapp.py | |
| parent | 1a1ab34d9dba7368b146bc7402e8f54bafea98bb (diff) | |
| parent | 80af38d37b21dc6e5edbf27bd22310db42a6f923 (diff) | |
Merge pull request #2357 / limiter -> botdetection
The monolithic implementation of the limiter was divided into methods and
implemented in the Python package searx.botdetection. Detailed documentation on
the methods has been added.
The methods are divided into two groups:
1. Probe HTTP headers
- Method http_accept
- Method http_accept_encoding
- Method http_accept_language
- Method http_connection
- Method http_user_agent
2. Rate limit:
- Method ip_limit
- Method link_token (new)
The (reduced) implementation of the limiter is now in the module
searx.botdetection.limiter. The first group was transferred unchanged to this
module. The ip_limit contains the sliding windows implemented by the limiter so
far.
This merge also fixes some long outstandig issue:
- limiter does not evaluate the Accept-Language correct [1]
- limiter needs a IPv6 prefix to block networks instead of IPs [2]
Without additional configuration the limiter works as before (apart from the
bugfixes). For the commissioning of additional methods (link_toke), a
configuration must be made in an additional configuration file. Without this
configuration, the limiter runs as before (zero configuration).
The ip_limit Method implements the sliding windows of the vanilla limiter,
additionally the link_token method can be used in this method. The link_token
method can be used to investigate whether a request is suspicious. To activate
the link_token method in the ip_limit method add the following to your
/etc/searxng/limiter.toml::
[botdetection.ip_limit]
link_token = true
[1] https://github.com/searxng/searxng/issues/2455
[2] https://github.com/searxng/searxng/issues/2477
Diffstat (limited to 'searx/webapp.py')
| -rwxr-xr-x | searx/webapp.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/searx/webapp.py b/searx/webapp.py index 79255652f..d6322447a 100755 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -94,6 +94,7 @@ from searx.utils import ( from searx.version import VERSION_STRING, GIT_URL, GIT_BRANCH from searx.query import RawTextQuery from searx.plugins import Plugin, plugins, initialize as plugin_initialize +from searx.botdetection import link_token from searx.plugins.oa_doi_rewrite import get_doi_resolver from searx.preferences import ( Preferences, @@ -416,6 +417,7 @@ def render(template_name: str, **kwargs): kwargs['endpoint'] = 'results' if 'q' in kwargs else request.endpoint kwargs['cookies'] = request.cookies kwargs['errors'] = request.errors + kwargs['link_token'] = link_token.get_token() # values from the preferences kwargs['preferences'] = request.preferences @@ -642,6 +644,12 @@ def health(): return Response('OK', mimetype='text/plain') +@app.route('/client<token>.css', methods=['GET', 'POST']) +def client_token(token=None): + link_token.ping(request, token) + return Response('', mimetype='text/css') + + @app.route('/search', methods=['GET', 'POST']) def search(): """Search query in q and return results. |