summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-06-01[fix] limiter: replace real_ip by IPv4/v6 networkMarkus Heiser
Closes: https://github.com/searxng/searxng/issues/2477 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-06-01[fix] correct determination of the IP for the requestMarkus Heiser
For correct determination of the IP to the request the function botdetection.get_real_ip() is implemented. This fonction is used in the ip_limit and link_token method of the botdetection and it is used in the self_info plugin. A documentation about the X-Forwarded-For header has been added. [1] https://github.com/searxng/searxng/pull/2357#issuecomment-1566211059 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-06-01[mod] botdetection - improve ip_limit and link_token methodsMarkus Heiser
- counting requests in LONG_WINDOW and BURST_WINDOW is not needed when the request is validated by the link_token method [1] - renew a ping-key on validation [2], this is needed for infinite scrolling, where no new token (CSS) is loaded. / this does not fix the BURST_MAX issue in the vanilla limiter - normalize the counter names of the ip_limit method to 'ip_limit.*' - just integrate the ip_limit method straight forward in the limiter plugin / non intermediate code --> ip_limit now returns None or a werkzeug.Response object that can be passed by the plugin to the flask application / non intermediate code that returns a tuple [1] https://github.com/searxng/searxng/pull/2357#issuecomment-1566113277 [2] https://github.com/searxng/searxng/pull/2357#discussion_r1208542206 [3] https://github.com/searxng/searxng/pull/2357#issuecomment-1566125979 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-06-01[mod] limiter: ip_limt - monitore suspicious IPsMarkus Heiser
To intercept bots that get their IPs from a range of IPs, there is a ``SUSPICIOUS_IP_WINDOW``. In this window the suspicious IPs are stored for a longer time. IPs stored in this sliding window have a maximum of ``SUSPICIOUS_IP_MAX`` accesses before they are blocked. As soon as the IP makes a request that is not suspicious, the sliding window for this IP is droped. Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-06-01[fix] limiter.toml: botdetection.ip_limit turn off link_token by defaultMarkus Heiser
To activate the ``link_token`` method in the ``ip_limit`` method add the following to your ``/etc/searxng/limiter.toml``:: [botdetection.ip_limit] link_token = true Related: https://github.com/searxng/searxng/pull/2357#issuecomment-1554116941 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-06-01[mod] limiter: add config file /etc/searxng/limiter.tomlMarkus Heiser
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-29[mod] limiter -> botdetection: modularization and documentationMarkus Heiser
In order to be able to meet the outstanding requirements, the implementation is modularized and supplemented with documentation. This patch does not contain functional change, except it fixes issue #2455 ---- Aktivate limiter in the settings.yml and simulate a bot request by:: curl -H 'Accept-Language: de-DE,en-US;q=0.7,en;q=0.3' \ -H 'Accept: text/html' -H 'User-Agent: xyz' \ -H 'Accept-Encoding: gzip' \ 'http://127.0.0.1:8888/search?q=foo' In the LOG: DEBUG searx.botdetection.link_token : missing ping for this request: ..... Since ``BURST_MAX_SUSPICIOUS = 2`` you can repeat the query above two time before you get a "Too Many Requests" response. Closes: https://github.com/searxng/searxng/issues/2455 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-29[mod] limiter: add random token to the limiter URLMarkus Heiser
By adding a random component in the limiter URL a bot can no longer send a ping by request a static URL. Related: https://github.com/searxng/searxng/pull/2357#issuecomment-1518525094 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-29[mod] limiter: reduce request rates for requests without a pingMarkus Heiser
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-29Update searx.data - update_engine_descriptions.pydalf
2023-05-29Update searx.data - update_currencies.pydalf
2023-05-29Update searx.data - update_engine_traits.pydalf
2023-05-29Update searx.data - update_firefox_version.pydalf
2023-05-29Update searx.data - update_wikidata_units.pydalf
2023-05-29Update searx.data - update_ahmia_blacklist.pydalf
2023-05-28[fix] simple theme: move engine alerts in case of no results into sidebarMarkus Heiser
If there were no results but errors in the engines then the error dialogs of the engines was displayed in the result list. With the new design errors of the engines should only be displayed in the sidebar and at the same time duplications of the (template) code will be avoided. Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-28[build] /staticmrpaulblack
2023-05-28[mod] simple theme: build design for details (collapsables)mrpaulblack
* set border top and bottom on sidebar collasables * inrease peading on summary so its easier to click on mobile * remove margins and add flex wrapper to normalize elements in sidebar
2023-05-28[mod] simple theme: collaps/expand elements in the sidebarMarkus Heiser
Make elements in the sidebar collapse able. Except infoboxes all elements in the sidebar are collapsed by default. By folding out the sidebar elements, the UI looks less cluttered. Especially on small devices like smartphones, where the sidebar is above the results list, the UX should be improved [1]. [1] https://github.com/searxng/searxng/issues/2140 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-26Merge pull request #2462 from return42/fix-typosMarkus Heiser
[doc] fix tyops in docs/dev/reST.rst
2023-05-26Merge pull request #2459 from searxng/translations_updateMarkus Heiser
Update translations
2023-05-26Merge pull request #2460 from ↵Markus Heiser
searxng/dependabot/pip/master/typing-extensions-4.6.2 Bump typing-extensions from 4.5.0 to 4.6.2
2023-05-26Merge pull request #2461 from searxng/dependabot/pip/master/yamllint-1.32.0Markus Heiser
Bump yamllint from 1.31.0 to 1.32.0
2023-05-26[doc] fix tyops in docs/dev/reST.rstMarkus Heiser
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-26Bump yamllint from 1.31.0 to 1.32.0dependabot[bot]
Bumps [yamllint](https://github.com/adrienverge/yamllint) from 1.31.0 to 1.32.0. - [Changelog](https://github.com/adrienverge/yamllint/blob/master/CHANGELOG.rst) - [Commits](https://github.com/adrienverge/yamllint/compare/v1.31.0...v1.32.0) --- updated-dependencies: - dependency-name: yamllint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
2023-05-26Bump typing-extensions from 4.5.0 to 4.6.2dependabot[bot]
Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.5.0 to 4.6.2. - [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md) - [Commits](https://github.com/python/typing_extensions/compare/4.5.0...4.6.2) --- updated-dependencies: - dependency-name: typing-extensions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
2023-05-26[translations] update from Weblatesearxng-bot
69171f12 - 2023-05-25 - fabiosantoscode <fabiosantosart@gmail.com> 2caaed0a - 2023-05-23 - trmx <borcan.cristian1@gmail.com> 84d1702b - 2023-05-21 - return42 <markus.heiser@darmarit.de> 65cc6eb8 - 2023-05-21 - return42 <markus.heiser@darmarit.de> e0ab3383 - 2023-05-22 - return42 <markus.heiser@darmarit.de> 23e87f15 - 2023-05-21 - return42 <markus.heiser@darmarit.de> 14f0fc6b - 2023-05-21 - return42 <markus.heiser@darmarit.de> 5b7c7b7d - 2023-05-21 - return42 <markus.heiser@darmarit.de> c725b38d - 2023-05-21 - return42 <markus.heiser@darmarit.de>
2023-05-22Merge pull request #2453 from return42/fix-typoMarkus Heiser
[fix] typo: dues --> does
2023-05-22[fix] typo: dues --> doesMarkus Heiser
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-22Merge pull request #2452 from return42/fix-2434Markus Heiser
[fix] ClientPref - don't raise exception if Accept-Language is invalid
2023-05-22[fix] ClientPref - don't raise exception if Accept-Language is invalidMarkus Heiser
If the Accept-Language header [1] is set but empty or holds a value that is unknown to babel, an excpetion is raised:: $ curl --header 'Accept-Language: xyz' 'http://127.0.0.1:8888/search?q=foo' ... Traceback (most recent call last): File "searx/preferences.py", line 335, in from_http_request return cls(locale=pairs[0][0]) IndexError: list index out of range [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language Reported by: @Eolien55 in https://github.com/searxng/searxng/issues/2434#issuecomment-1556199789 Closes: https://github.com/searxng/searxng/issues/2434 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-22Merge pull request #2451 from return42/doc-captcha-from-server-ipMarkus Heiser
[doc] answer CAPTCHA from server's IP
2023-05-22[doc] answer CAPTCHA from server's IPMarkus Heiser
Related: https://github.com/searxng/searxng/issues/2011#issuecomment-1553317619 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-21Merge pull request #2450 from return42/lxc-docMarkus Heiser
[doc] update & fix documentation of the "SearXNG LXC suite"
2023-05-21[doc] update & fix documentation of the "SearXNG LXC suite"Markus Heiser
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-19Merge pull request #2447 from searxng/dependabot/pip/master/linuxdoc-20230506Markus Heiser
Bump linuxdoc from 20230321 to 20230506
2023-05-19Merge pull request #2446 from searxng/translations_updateMarkus Heiser
Update translations
2023-05-19Merge pull request #2448 from Pankwings/logger_warningMarkus Heiser
use logger.warning
2023-05-19use logger.warningpankaj
logger.warn() is depricated. logger.warning is already being used in some files.
2023-05-19Bump linuxdoc from 20230321 to 20230506dependabot[bot]
Bumps [linuxdoc](https://github.com/return42/linuxdoc) from 20230321 to 20230506. - [Changelog](https://github.com/return42/linuxdoc/blob/master/CHANGELOG) - [Commits](https://github.com/return42/linuxdoc/commits) --- updated-dependencies: - dependency-name: linuxdoc dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
2023-05-19[translations] update from Weblatesearxng-bot
2eeec66c - 2023-05-13 - return42 <markus.heiser@darmarit.de> 87058e51 - 2023-05-13 - return42 <markus.heiser@darmarit.de>
2023-05-15Merge pull request #2435 from return42/disable-donationMarkus Heiser
[mod] donation_url: disable by default
2023-05-15[mod] donation_url: disable by defaultMarkus Heiser
SearXNG's donation campaign has been ended. Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-13Merge pull request #2408 from return42/changelogMarkus Heiser
[releases] rolling release: commit history replaces the CHANGELOG
2023-05-13Merge pull request #2414 from nberlee/masterMarkus Heiser
Bump Alpine 3.18 (Python 3.11)
2023-05-13Merge pull request #2421 from searxng/dependabot/pip/master/redis-4.5.5Markus Heiser
Bump redis from 4.5.4 to 4.5.5
2023-05-13Merge pull request #2423 from searxng/dependabot/pip/master/selenium-4.9.1Markus Heiser
Bump selenium from 4.9.0 to 4.9.1
2023-05-13Merge pull request #2424 from searxng/dependabot/pip/master/certifi-2023.5.7Markus Heiser
Bump certifi from 2022.12.7 to 2023.5.7
2023-05-13Bump selenium from 4.9.0 to 4.9.1dependabot[bot]
Bumps [selenium](https://github.com/SeleniumHQ/Selenium) from 4.9.0 to 4.9.1. - [Release notes](https://github.com/SeleniumHQ/Selenium/releases) - [Commits](https://github.com/SeleniumHQ/Selenium/compare/selenium-4.9.0...selenium-4.9.1) --- updated-dependencies: - dependency-name: selenium dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
2023-05-13Merge pull request #2420 from searxng/translations_updateMarkus Heiser
Update translations
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-19 19:34:31 +0000