From 4139c63d23a1f4cc427eb428bcff0594c395c1c5 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Wed, 8 Jan 2020 19:21:07 +0100 Subject: utils/filtron.sh: add script to install filtron middleware Signed-off-by: Markus Heiser --- utils/templates/etc/filtron/rules.json | 56 ++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 utils/templates/etc/filtron/rules.json (limited to 'utils/templates/etc/filtron/rules.json') diff --git a/utils/templates/etc/filtron/rules.json b/utils/templates/etc/filtron/rules.json new file mode 100644 index 000000000..4a232388e --- /dev/null +++ b/utils/templates/etc/filtron/rules.json @@ -0,0 +1,56 @@ +[ + { + "name": "api limit", + "interval": 60, + "limit": 1000, + "filters": ["Path=^/api"], + "aggregations": ["Path"], + "actions": [ + {"name": "block"} + ], + "subrules": [ + { + "name": "drop put", + "interval": 60, + "limit": 100, + "filters": ["Method=PUT"], + "aggregations": ["Header:X-Forwarded-For"], + "actions": [ + {"name": "shell", + "params": {"cmd": "iptables -A INPUT -s %v -j DROP", "args": ["Header:X-Forwarded-For"]}} + ] + } + ] + }, + { + "name": "log'n'block rss", + "interval": 300, + "limit": 2500, + "filters": ["Path=^/$", "GET:format=rss"], + "actions": [ + {"name": "log"}, + {"name": "block"} + ] + }, + { + "name": "log rule", + "filters": ["Path=/"], + "actions": [ {"name": "log"} ], + "subrules": [ + { + "name": "block missing accept-language", + "filters": ["!Header:Accept-Language"], + "actions": [ + {"name": "block"} + ] + }, + { + "name": "block curl", + "filters": ["Header:User-Agent=[Cc]url"], + "actions": [ + {"name": "block"} + ] + } + ] + } +] -- cgit v1.2.3 From 4990b07b4bc42b0caf0d890f8c81c3545bbb807b Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Thu, 9 Jan 2020 16:25:05 +0100 Subject: utils/filtron.sh: various fix from first installation test (WIP) Signed-off-by: Markus Heiser --- utils/templates/etc/filtron/rules.json | 142 +++++++++++++++++++++------------ 1 file changed, 92 insertions(+), 50 deletions(-) (limited to 'utils/templates/etc/filtron/rules.json') diff --git a/utils/templates/etc/filtron/rules.json b/utils/templates/etc/filtron/rules.json index 4a232388e..b54e097a5 100644 --- a/utils/templates/etc/filtron/rules.json +++ b/utils/templates/etc/filtron/rules.json @@ -1,56 +1,98 @@ -[ +[{ + "name":"search request", + "filters":[ + "Param:q", + "Path=^(/|/search)$" + ], + "interval":60, + "limit":15, + "subrules":[ { - "name": "api limit", - "interval": 60, - "limit": 1000, - "filters": ["Path=^/api"], - "aggregations": ["Path"], - "actions": [ - {"name": "block"} - ], - "subrules": [ - { - "name": "drop put", - "interval": 60, - "limit": 100, - "filters": ["Method=PUT"], - "aggregations": ["Header:X-Forwarded-For"], - "actions": [ - {"name": "shell", - "params": {"cmd": "iptables -A INPUT -s %v -j DROP", "args": ["Header:X-Forwarded-For"]}} - ] - } - ] + "name":"roboagent limit", + "interval":60, + "limit":15, + "filters":[ + "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)" + ], + "actions":[ + {"name": "log"}, + { + "name":"block", + "params":{ + "message":"Rate limit exceeded" + } + } + ] }, { - "name": "log'n'block rss", - "interval": 300, - "limit": 2500, - "filters": ["Path=^/$", "GET:format=rss"], - "actions": [ - {"name": "log"}, - {"name": "block"} - ] + "name":"botlimit", + "limit":0, + "stop":true, + "filters":[ + "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" + ], + "actions":[ + {"name": "log"}, + { + "name":"block", + "params":{ + "message":"Rate limit exceeded" + } + } + ] }, { - "name": "log rule", - "filters": ["Path=/"], - "actions": [ {"name": "log"} ], - "subrules": [ - { - "name": "block missing accept-language", - "filters": ["!Header:Accept-Language"], - "actions": [ - {"name": "block"} - ] - }, - { - "name": "block curl", - "filters": ["Header:User-Agent=[Cc]url"], - "actions": [ - {"name": "block"} - ] - } - ] + "name":"IP limit", + "interval":60, + "limit":15, + "stop":true, + "aggregations":[ + "Header:X-Forwarded-For" + ], + "actions":[ + {"name": "log"}, + { + "name":"block", + "params":{ + "message":"Rate limit exceeded" + } + } + ] + }, + { + "name":"rss/json limit", + "interval":60, + "limit":15, + "stop":true, + "filters":[ + "Param:format=(csv|json|rss)" + ], + "actions":[ + {"name": "log"}, + { + "name":"block", + "params":{ + "message":"Rate limit exceeded" + } + } + ] + }, + { + "name":"useragent limit", + "interval":60, + "limit":15, + "aggregations":[ + "Header:User-Agent" + ], + "actions":[ + {"name": "log"}, + { + "name":"block", + "params":{ + "message":"Rate limit exceeded" + } + } + ] } -] + ] +}] -- cgit v1.2.3 From b5449ec47cff805a05329a3e5f925cd661457530 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Mon, 13 Jan 2020 18:37:05 +0100 Subject: filtron: log suspiciously frequent queries (WIP) Signed-off-by: Markus Heiser --- utils/templates/etc/filtron/rules.json | 59 +++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 19 deletions(-) (limited to 'utils/templates/etc/filtron/rules.json') diff --git a/utils/templates/etc/filtron/rules.json b/utils/templates/etc/filtron/rules.json index b54e097a5..634f5f2d6 100644 --- a/utils/templates/etc/filtron/rules.json +++ b/utils/templates/etc/filtron/rules.json @@ -1,42 +1,63 @@ [{ + "name":"suspiciously frequent queries", + "filters":[ + "Param:q", + "Path=^(/|/search)$" + ], + "interval":120, + "limit":9, + "actions":[ + {"name":"log"} + ] + }, + { "name":"search request", "filters":[ "Param:q", "Path=^(/|/search)$" ], - "interval":60, - "limit":15, + "interval":120, + "limit":19, + "actions":[ + { + "name":"block", + "params":{ + "message":"common rate limit exceeded" + } + } + ], "subrules":[ { "name":"roboagent limit", "interval":60, - "limit":15, + "limit":3, "filters":[ - "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)" + "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby)" ], "actions":[ - {"name": "log"}, - { + {"name":"log"}, + { "name":"block", "params":{ - "message":"Rate limit exceeded" + "message":"rate limit exceeded" } } ] }, { "name":"botlimit", + "interval":60, "limit":0, "stop":true, "filters":[ "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" ], "actions":[ - {"name": "log"}, + {"name":"log"}, { "name":"block", "params":{ - "message":"Rate limit exceeded" + "message":"rate limit exceeded" } } ] @@ -44,17 +65,17 @@ { "name":"IP limit", "interval":60, - "limit":15, + "limit":13, "stop":true, "aggregations":[ "Header:X-Forwarded-For" ], "actions":[ - {"name": "log"}, + {"name":"log"}, { "name":"block", "params":{ - "message":"Rate limit exceeded" + "message":"rate limit exceeded" } } ] @@ -62,34 +83,34 @@ { "name":"rss/json limit", "interval":60, - "limit":15, + "limit":13, "stop":true, "filters":[ "Param:format=(csv|json|rss)" ], "actions":[ - {"name": "log"}, + {"name":"log"}, { "name":"block", "params":{ - "message":"Rate limit exceeded" + "message":"rate limit exceeded" } } ] - }, + }, { "name":"useragent limit", "interval":60, - "limit":15, + "limit":13, "aggregations":[ "Header:User-Agent" ], "actions":[ - {"name": "log"}, + {"name":"log"}, { "name":"block", "params":{ - "message":"Rate limit exceeded" + "message":"rate limit exceeded" } } ] -- cgit v1.2.3 From 0bb884708745a708b35a3185afc6ad99f20c1838 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Fri, 31 Jan 2020 17:25:38 +0100 Subject: utils/filtron.sh: add option to debug filtron requests Signed-off-by: Markus Heiser --- utils/templates/etc/filtron/rules.json | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'utils/templates/etc/filtron/rules.json') diff --git a/utils/templates/etc/filtron/rules.json b/utils/templates/etc/filtron/rules.json index 634f5f2d6..f333306e1 100644 --- a/utils/templates/etc/filtron/rules.json +++ b/utils/templates/etc/filtron/rules.json @@ -1,16 +1,4 @@ [{ - "name":"suspiciously frequent queries", - "filters":[ - "Param:q", - "Path=^(/|/search)$" - ], - "interval":120, - "limit":9, - "actions":[ - {"name":"log"} - ] - }, - { "name":"search request", "filters":[ "Param:q", -- cgit v1.2.3 From 2f40f61f83afb34f0c4b95019a53050a504ce43a Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Tue, 4 Feb 2020 17:59:58 +0100 Subject: /etc/filtron/rules.json: normalize rules from docs & tooling box Signed-off-by: Markus Heiser --- utils/templates/etc/filtron/rules.json | 202 ++++++++++++++++----------------- 1 file changed, 100 insertions(+), 102 deletions(-) (limited to 'utils/templates/etc/filtron/rules.json') diff --git a/utils/templates/etc/filtron/rules.json b/utils/templates/etc/filtron/rules.json index f333306e1..1c7005ae5 100644 --- a/utils/templates/etc/filtron/rules.json +++ b/utils/templates/etc/filtron/rules.json @@ -1,107 +1,105 @@ -[{ - "name":"search request", - "filters":[ - "Param:q", - "Path=^(/|/search)$" - ], - "interval":120, - "limit":19, - "actions":[ - { - "name":"block", - "params":{ - "message":"common rate limit exceeded" - } - } - ], - "subrules":[ - { - "name":"roboagent limit", - "interval":60, - "limit":3, - "filters":[ - "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby)" - ], - "actions":[ - {"name":"log"}, - { - "name":"block", - "params":{ - "message":"rate limit exceeded" +[ + { "name": "suspiciously frequent IP", + "filters": [], + "interval": 600, + "limit": 30, + "aggregations": [ + "Header:X-Forwarded-For" + ], + "actions":[ + {"name":"log"} + ] + }, + { "name": "search request", + "filters": [ + "Param:q", + "Path=^(/|/search)$" + ], + "interval": 61, + "limit": 999, + "subrules": [ + { + "name": "roboagent limit", + "interval": 61, + "limit": 1, + "filters": [ + "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)" + ], + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } } - } - ] - }, - { - "name":"botlimit", - "interval":60, - "limit":0, - "stop":true, - "filters":[ - "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" - ], - "actions":[ - {"name":"log"}, - { - "name":"block", - "params":{ - "message":"rate limit exceeded" + ] + }, + { + "name": "botlimit", + "limit": 0, + "stop": true, + "filters": [ + "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" + ], + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } } - } - ] - }, - { - "name":"IP limit", - "interval":60, - "limit":13, - "stop":true, - "aggregations":[ - "Header:X-Forwarded-For" - ], - "actions":[ - {"name":"log"}, - { - "name":"block", - "params":{ - "message":"rate limit exceeded" + ] + }, + { + "name": "IP limit", + "interval": 61, + "limit": 9, + "stop": true, + "aggregations": [ + "Header:X-Forwarded-For" + ], + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } } - } - ] - }, - { - "name":"rss/json limit", - "interval":60, - "limit":13, - "stop":true, - "filters":[ - "Param:format=(csv|json|rss)" - ], - "actions":[ - {"name":"log"}, - { - "name":"block", - "params":{ - "message":"rate limit exceeded" + ] + }, + { + "name": "rss/json limit", + "interval": 121, + "limit": 2, + "stop": true, + "filters": [ + "Param:format=(csv|json|rss)" + ], + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } } - } - ] - }, - { - "name":"useragent limit", - "interval":60, - "limit":13, - "aggregations":[ - "Header:User-Agent" - ], - "actions":[ - {"name":"log"}, - { - "name":"block", - "params":{ - "message":"rate limit exceeded" + ] + }, + { + "name": "useragent limit", + "interval": 61, + "limit": 199, + "aggregations": [ + "Header:User-Agent" + ], + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } } - } - ] - } - ] -}] + ] + } + ] + } +] -- cgit v1.2.3 From 0d6153db127133e59137f4359975bafd705e0f4b Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Tue, 11 Feb 2020 15:57:42 +0100 Subject: filtron.sh: updated rules from production Signed-off-by: Markus Heiser --- utils/templates/etc/filtron/rules.json | 226 ++++++++++++++++++--------------- 1 file changed, 123 insertions(+), 103 deletions(-) (limited to 'utils/templates/etc/filtron/rules.json') diff --git a/utils/templates/etc/filtron/rules.json b/utils/templates/etc/filtron/rules.json index 1c7005ae5..f4a99b3e8 100644 --- a/utils/templates/etc/filtron/rules.json +++ b/utils/templates/etc/filtron/rules.json @@ -1,105 +1,125 @@ [ - { "name": "suspiciously frequent IP", - "filters": [], - "interval": 600, - "limit": 30, - "aggregations": [ - "Header:X-Forwarded-For" - ], - "actions":[ - {"name":"log"} - ] - }, - { "name": "search request", - "filters": [ - "Param:q", - "Path=^(/|/search)$" - ], - "interval": 61, - "limit": 999, - "subrules": [ - { - "name": "roboagent limit", - "interval": 61, - "limit": 1, - "filters": [ - "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "botlimit", - "limit": 0, - "stop": true, - "filters": [ - "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "IP limit", - "interval": 61, - "limit": 9, - "stop": true, - "aggregations": [ - "Header:X-Forwarded-For" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "rss/json limit", - "interval": 121, - "limit": 2, - "stop": true, - "filters": [ - "Param:format=(csv|json|rss)" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "useragent limit", - "interval": 61, - "limit": 199, - "aggregations": [ - "Header:User-Agent" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - } - ] - } + { + "name": "roboagent limit", + "filters": [ + "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)" + ], + "limit": 0, + "stop": true, + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } + } + ] + }, + { + "name": "botlimit", + "filters": [ + "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" + ], + "limit": 0, + "stop": true, + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } + } + ] + }, + { "name": "suspiciously frequent IP", + "filters": [], + "interval": 600, + "limit": 30, + "aggregations": [ + "Header:X-Forwarded-For" + ], + "actions":[ + {"name":"log"} + ] + }, + { "name": "search request", + "filters": [ + "Param:q", + "Path=^(/|/search)$" + ], + "interval": 61, + "limit": 999, + "subrules": [ + { + "name": "missing Accept-Language", + "filters": ["!Header:Accept-Language"], + "limit": 0, + "stop": true, + "actions": [ + {"name": "block", + "params": {"message": "Rate limit exceeded"}} + ] + }, + { + "name": "suspiciously Connection=close header", + "filters": ["Header:Connection=close"], + "limit": 0, + "stop": true, + "actions": [ + {"name": "block", + "params": {"message": "Rate limit exceeded"}} + ] + }, + { + "name": "IP limit", + "interval": 61, + "limit": 9, + "stop": true, + "aggregations": [ + "Header:X-Forwarded-For" + ], + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } + } + ] + }, + { + "name": "rss/json limit", + "filters": [ + "Param:format=(csv|json|rss)" + ], + "interval": 121, + "limit": 2, + "stop": true, + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } + } + ] + }, + { + "name": "useragent limit", + "interval": 61, + "limit": 199, + "aggregations": [ + "Header:User-Agent" + ], + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } + } + ] + } + ] + } ] -- cgit v1.2.3 From de58f02f6b502f05a86df50e3e6fa77d0b666ec9 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Mon, 17 Feb 2020 15:36:10 +0100 Subject: filtron: add missing log action to the filtron rules Signed-off-by: Markus Heiser --- utils/templates/etc/filtron/rules.json | 2 ++ 1 file changed, 2 insertions(+) (limited to 'utils/templates/etc/filtron/rules.json') diff --git a/utils/templates/etc/filtron/rules.json b/utils/templates/etc/filtron/rules.json index f4a99b3e8..8fbffa937 100644 --- a/utils/templates/etc/filtron/rules.json +++ b/utils/templates/etc/filtron/rules.json @@ -56,6 +56,7 @@ "limit": 0, "stop": true, "actions": [ + {"name":"log"}, {"name": "block", "params": {"message": "Rate limit exceeded"}} ] @@ -66,6 +67,7 @@ "limit": 0, "stop": true, "actions": [ + {"name":"log"}, {"name": "block", "params": {"message": "Rate limit exceeded"}} ] -- cgit v1.2.3 From 6ff20cef7385d6827042f00d295f51bbc213afab Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Thu, 18 Jun 2020 18:31:46 +0200 Subject: [fix] indentation of filtron's rules (json) Signed-off-by: Markus Heiser --- utils/templates/etc/filtron/rules.json | 228 +++++++++++++++++---------------- 1 file changed, 115 insertions(+), 113 deletions(-) (limited to 'utils/templates/etc/filtron/rules.json') diff --git a/utils/templates/etc/filtron/rules.json b/utils/templates/etc/filtron/rules.json index 8fbffa937..fff70fa8f 100644 --- a/utils/templates/etc/filtron/rules.json +++ b/utils/templates/etc/filtron/rules.json @@ -1,127 +1,129 @@ [ { - "name": "roboagent limit", - "filters": [ - "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)" - ], - "limit": 0, - "stop": true, - "actions": [ - { "name": "log"}, - { "name": "block", + "name": "roboagent limit", + "filters": [ + "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)" + ], + "limit": 0, + "stop": true, + "actions": [ + { "name": "log"}, + { "name": "block", "params": { - "message": "Rate limit exceeded" + "message": "Rate limit exceeded" } - } - ] + } + ] }, { - "name": "botlimit", - "filters": [ - "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" - ], - "limit": 0, - "stop": true, - "actions": [ - { "name": "log"}, - { "name": "block", + "name": "botlimit", + "filters": [ + "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" + ], + "limit": 0, + "stop": true, + "actions": [ + { "name": "log"}, + { "name": "block", "params": { - "message": "Rate limit exceeded" + "message": "Rate limit exceeded" } - } - ] + } + ] }, - { "name": "suspiciously frequent IP", - "filters": [], - "interval": 600, - "limit": 30, - "aggregations": [ - "Header:X-Forwarded-For" + { + "name": "suspiciously frequent IP", + "filters": [], + "interval": 600, + "limit": 30, + "aggregations": [ + "Header:X-Forwarded-For" ], - "actions":[ - {"name":"log"} + "actions":[ + {"name":"log"} ] }, - { "name": "search request", - "filters": [ - "Param:q", - "Path=^(/|/search)$" - ], - "interval": 61, - "limit": 999, - "subrules": [ - { - "name": "missing Accept-Language", - "filters": ["!Header:Accept-Language"], - "limit": 0, - "stop": true, - "actions": [ - {"name":"log"}, - {"name": "block", - "params": {"message": "Rate limit exceeded"}} - ] - }, - { - "name": "suspiciously Connection=close header", - "filters": ["Header:Connection=close"], - "limit": 0, - "stop": true, - "actions": [ - {"name":"log"}, - {"name": "block", - "params": {"message": "Rate limit exceeded"}} - ] - }, - { - "name": "IP limit", - "interval": 61, - "limit": 9, - "stop": true, - "aggregations": [ - "Header:X-Forwarded-For" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "rss/json limit", - "filters": [ - "Param:format=(csv|json|rss)" - ], - "interval": 121, - "limit": 2, - "stop": true, - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "useragent limit", - "interval": 61, - "limit": 199, - "aggregations": [ - "Header:User-Agent" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - } - ] + { + "name": "search request", + "filters": [ + "Param:q", + "Path=^(/|/search)$" + ], + "interval": 61, + "limit": 999, + "subrules": [ + { + "name": "missing Accept-Language", + "filters": ["!Header:Accept-Language"], + "limit": 0, + "stop": true, + "actions": [ + {"name":"log"}, + {"name": "block", + "params": {"message": "Rate limit exceeded"}} + ] + }, + { + "name": "suspiciously Connection=close header", + "filters": ["Header:Connection=close"], + "limit": 0, + "stop": true, + "actions": [ + {"name":"log"}, + {"name": "block", + "params": {"message": "Rate limit exceeded"}} + ] + }, + { + "name": "IP limit", + "interval": 61, + "limit": 9, + "stop": true, + "aggregations": [ + "Header:X-Forwarded-For" + ], + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } + } + ] + }, + { + "name": "rss/json limit", + "filters": [ + "Param:format=(csv|json|rss)" + ], + "interval": 121, + "limit": 2, + "stop": true, + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } + } + ] + }, + { + "name": "useragent limit", + "interval": 61, + "limit": 199, + "aggregations": [ + "Header:User-Agent" + ], + "actions": [ + { "name": "log"}, + { "name": "block", + "params": { + "message": "Rate limit exceeded" + } + } + ] + } + ] } ] -- cgit v1.2.3