[mod] hardening SearXNG instances by default (formats)

Deny formats has been implemented in 6ed4616d. To harden SearXNG instances by default, other formats than HTML should be denied. Most of JSON, RSS and CSV requests are bots [1]:: Bots are the only users of this feature on a public instance, and they abuse it too much that the engines rate limit pretty quickly the IP address of the instance. [1] https://github.com/searxng/searxng/issues/95 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
3 years ago · 7b40c736e6
parent e02b5469f0
commit 7b40c736e6
1 changed files with 3 additions and 1 deletions
--- a/searx/settings.yml
+++ b/searx/settings.yml
@ -27,7 +27,9 @@ search:
  # max ban time in seconds after engine errors
  max_ban_time_on_fail: 120
  # remove format to deny access, use lower case.
-  formats: [html, csv, json, rss]
+  # formats: [html, csv, json, rss]
+  formats:
+    - html

 server:
  port: 8888