2023-05-28 16:58:31 +00:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
# lint: pylint
|
2023-05-26 15:24:43 +00:00
|
|
|
""".. _botdetection.ip_limit:
|
|
|
|
|
2023-05-23 16:16:37 +00:00
|
|
|
Method ``ip_limit``
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
The ``ip_limit`` method counts request from an IP in *sliding windows*. If
|
|
|
|
there are to many requests in a sliding window, the request is evaluated as a
|
|
|
|
bot request. This method requires a redis DB and needs a HTTP X-Forwarded-For_
|
|
|
|
header. To take privacy only the hash value of an IP is stored in the redis DB
|
|
|
|
and at least for a maximum of 10 minutes.
|
|
|
|
|
2023-05-27 16:58:06 +00:00
|
|
|
The :py:obj:`.link_token` method can be used to investigate whether a request is
|
|
|
|
*suspicious*. To activate the :py:obj:`.link_token` method in the
|
|
|
|
:py:obj:`.ip_limit` method add the following to your
|
|
|
|
``/etc/searxng/limiter.toml``:
|
|
|
|
|
|
|
|
.. code:: toml
|
|
|
|
|
|
|
|
[botdetection.ip_limit]
|
|
|
|
link_token = true
|
|
|
|
|
|
|
|
If the :py:obj:`.link_token` method is activated and a request is *suspicious*
|
|
|
|
the request rates are reduced:
|
2023-05-23 16:16:37 +00:00
|
|
|
|
|
|
|
- :py:obj:`BURST_MAX` -> :py:obj:`BURST_MAX_SUSPICIOUS`
|
|
|
|
- :py:obj:`LONG_MAX` -> :py:obj:`LONG_MAX_SUSPICIOUS`
|
|
|
|
|
2023-05-27 19:36:34 +00:00
|
|
|
To intercept bots that get their IPs from a range of IPs, there is a
|
|
|
|
:py:obj:`SUSPICIOUS_IP_WINDOW`. In this window the suspicious IPs are stored
|
|
|
|
for a longer time. IPs stored in this sliding window have a maximum of
|
|
|
|
:py:obj:`SUSPICIOUS_IP_MAX` accesses before they are blocked. As soon as the IP
|
|
|
|
makes a request that is not suspicious, the sliding window for this IP is
|
|
|
|
droped.
|
|
|
|
|
2023-05-23 16:16:37 +00:00
|
|
|
.. _X-Forwarded-For:
|
|
|
|
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
2023-05-28 16:58:31 +00:00
|
|
|
from typing import Optional
|
2023-05-23 16:16:37 +00:00
|
|
|
import flask
|
2023-05-28 16:58:31 +00:00
|
|
|
import werkzeug
|
2023-05-26 15:24:43 +00:00
|
|
|
from searx.tools import config
|
|
|
|
|
2023-05-23 16:16:37 +00:00
|
|
|
from searx import redisdb
|
|
|
|
from searx import logger
|
2023-05-27 19:36:34 +00:00
|
|
|
from searx.redislib import incr_sliding_window, drop_counter
|
2023-05-23 16:16:37 +00:00
|
|
|
|
|
|
|
from . import link_token
|
2023-05-29 17:46:37 +00:00
|
|
|
from ._helpers import too_many_requests, get_real_ip
|
2023-05-28 16:58:31 +00:00
|
|
|
|
2023-05-23 16:16:37 +00:00
|
|
|
|
|
|
|
logger = logger.getChild('botdetection.ip_limit')
|
|
|
|
|
|
|
|
BURST_WINDOW = 20
|
|
|
|
"""Time (sec) before sliding window for *burst* requests expires."""
|
|
|
|
|
|
|
|
BURST_MAX = 15
|
|
|
|
"""Maximum requests from one IP in the :py:obj:`BURST_WINDOW`"""
|
|
|
|
|
|
|
|
BURST_MAX_SUSPICIOUS = 2
|
|
|
|
"""Maximum of suspicious requests from one IP in the :py:obj:`BURST_WINDOW`"""
|
|
|
|
|
|
|
|
LONG_WINDOW = 600
|
|
|
|
"""Time (sec) before the longer sliding window expires."""
|
|
|
|
|
|
|
|
LONG_MAX = 150
|
|
|
|
"""Maximum requests from one IP in the :py:obj:`LONG_WINDOW`"""
|
|
|
|
|
|
|
|
LONG_MAX_SUSPICIOUS = 10
|
|
|
|
"""Maximum suspicious requests from one IP in the :py:obj:`LONG_WINDOW`"""
|
|
|
|
|
|
|
|
API_WONDOW = 3600
|
|
|
|
"""Time (sec) before sliding window for API requests (format != html) expires."""
|
|
|
|
|
|
|
|
API_MAX = 4
|
|
|
|
"""Maximum requests from one IP in the :py:obj:`API_WONDOW`"""
|
|
|
|
|
2023-05-27 19:36:34 +00:00
|
|
|
SUSPICIOUS_IP_WINDOW = 3600 * 24
|
|
|
|
"""Time (sec) before sliding window for one suspicious IP expires."""
|
|
|
|
|
|
|
|
SUSPICIOUS_IP_MAX = 3
|
|
|
|
"""Maximum requests from one suspicious IP in the :py:obj:`SUSPICIOUS_IP_WINDOW`."""
|
|
|
|
|
2023-05-23 16:16:37 +00:00
|
|
|
|
2023-05-28 16:58:31 +00:00
|
|
|
def filter_request(request: flask.Request, cfg: config.Config) -> Optional[werkzeug.Response]:
|
|
|
|
# pylint: disable=too-many-return-statements
|
2023-05-23 16:16:37 +00:00
|
|
|
redis_client = redisdb.client()
|
|
|
|
|
2023-05-29 17:46:37 +00:00
|
|
|
client_ip = get_real_ip(request)
|
2023-05-23 16:16:37 +00:00
|
|
|
|
|
|
|
if request.args.get('format', 'html') != 'html':
|
2023-05-28 16:58:31 +00:00
|
|
|
c = incr_sliding_window(redis_client, 'ip_limit.API_WONDOW:' + client_ip, API_WONDOW)
|
2023-05-23 16:16:37 +00:00
|
|
|
if c > API_MAX:
|
2023-05-28 16:58:31 +00:00
|
|
|
return too_many_requests(request, "too many request in API_WINDOW")
|
2023-05-27 19:36:34 +00:00
|
|
|
|
2023-05-26 15:24:43 +00:00
|
|
|
if cfg['botdetection.ip_limit.link_token']:
|
2023-05-23 16:16:37 +00:00
|
|
|
|
2023-05-28 16:58:31 +00:00
|
|
|
suspicious = link_token.is_suspicious(request, True)
|
|
|
|
|
|
|
|
if not suspicious:
|
|
|
|
# this IP is no longer suspicious: release ip again / delete the counter of this IP
|
|
|
|
drop_counter(redis_client, 'ip_limit.SUSPICIOUS_IP_WINDOW' + client_ip)
|
|
|
|
return None
|
2023-05-27 19:36:34 +00:00
|
|
|
|
|
|
|
# this IP is suspicious: count requests from this IP
|
2023-05-28 16:58:31 +00:00
|
|
|
c = incr_sliding_window(redis_client, 'ip_limit.SUSPICIOUS_IP_WINDOW' + client_ip, SUSPICIOUS_IP_WINDOW)
|
2023-05-27 19:36:34 +00:00
|
|
|
if c > SUSPICIOUS_IP_MAX:
|
2023-05-28 16:58:31 +00:00
|
|
|
logger.error("BLOCK: too many request from %s in SUSPICIOUS_IP_WINDOW (redirect to /)", client_ip)
|
|
|
|
return flask.redirect(flask.url_for('index'), code=302)
|
2023-05-27 19:36:34 +00:00
|
|
|
|
2023-05-28 16:58:31 +00:00
|
|
|
c = incr_sliding_window(redis_client, 'ip_limit.BURST_WINDOW' + client_ip, BURST_WINDOW)
|
2023-05-23 16:16:37 +00:00
|
|
|
if c > BURST_MAX_SUSPICIOUS:
|
2023-05-28 16:58:31 +00:00
|
|
|
return too_many_requests(request, "too many request in BURST_WINDOW (BURST_MAX_SUSPICIOUS)")
|
2023-05-23 16:16:37 +00:00
|
|
|
|
2023-05-28 16:58:31 +00:00
|
|
|
c = incr_sliding_window(redis_client, 'ip_limit.LONG_WINDOW' + client_ip, LONG_WINDOW)
|
2023-05-23 16:16:37 +00:00
|
|
|
if c > LONG_MAX_SUSPICIOUS:
|
2023-05-28 16:58:31 +00:00
|
|
|
return too_many_requests(request, "too many request in LONG_WINDOW (LONG_MAX_SUSPICIOUS)")
|
2023-05-23 16:16:37 +00:00
|
|
|
|
2023-05-28 16:58:31 +00:00
|
|
|
return None
|
2023-05-27 19:36:34 +00:00
|
|
|
|
2023-05-28 16:58:31 +00:00
|
|
|
# vanilla limiter without extensions counts BURST_MAX and LONG_MAX
|
|
|
|
c = incr_sliding_window(redis_client, 'ip_limit.BURST_WINDOW' + client_ip, BURST_WINDOW)
|
|
|
|
if c > BURST_MAX:
|
|
|
|
return too_many_requests(request, "too many request in BURST_WINDOW (BURST_MAX)")
|
2023-05-27 19:36:34 +00:00
|
|
|
|
2023-05-28 16:58:31 +00:00
|
|
|
c = incr_sliding_window(redis_client, 'ip_limit.LONG_WINDOW' + client_ip, LONG_WINDOW)
|
|
|
|
if c > LONG_MAX:
|
|
|
|
return too_many_requests(request, "too many request in LONG_WINDOW (LONG_MAX)")
|
2023-05-23 16:16:37 +00:00
|
|
|
|
|
|
|
return None
|