/etc/filtron/rules.json: normalize rules from docs & tooling box

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
Markus Heiser 2020-02-04 17:59:58 +01:00
parent d07119ca49
commit 2f40f61f83
5 changed files with 210 additions and 207 deletions

View file

@ -39,6 +39,10 @@ an installation and the maintenance of, use our script :ref:`filtron.sh`.
Sample configuration of filtron Sample configuration of filtron
=============================== ===============================
.. sidebar:: Tooling box
- :origin:`/etc/filtron/rules.json <utils/templates/etc/filtron/rules.json>`
An example configuration can be find below. This configuration limits the access An example configuration can be find below. This configuration limits the access
of: of:
@ -50,100 +54,100 @@ of:
.. code:: json .. code:: json
[{ [
"name":"search request", { "name": "search request",
"filters":[ "filters": [
"Param:q", "Param:q",
"Path=^(/|/search)$" "Path=^(/|/search)$"
], ],
"interval":"<time-interval-in-sec (int)>", "interval": "<time-interval-in-sec (int)>",
"limit":"<max-request-number-in-interval (int)>", "limit": "<max-request-number-in-interval (int)>",
"subrules":[ "subrules": [
{ {
"name":"roboagent limit", "name": "roboagent limit",
"interval":"<time-interval-in-sec (int)>", "interval": "<time-interval-in-sec (int)>",
"limit":"<max-request-number-in-interval (int)>", "limit": "<max-request-number-in-interval (int)>",
"filters":[ "filters": [
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)" "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)"
], ],
"actions":[ "actions": [
{ { "name": "log"},
"name":"block", { "name": "block",
"params":{ "params": {
"message":"Rate limit exceeded" "message": "Rate limit exceeded"
} }
} }
] ]
}, },
{ {
"name":"botlimit", "name": "botlimit",
"limit":0, "limit": 0,
"stop":true, "stop": true,
"filters":[ "filters": [
"Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
], ],
"actions":[ "actions": [
{ { "name": "log"},
"name":"block", { "name": "block",
"params":{ "params": {
"message":"Rate limit exceeded" "message": "Rate limit exceeded"
} }
} }
] ]
}, },
{ {
"name":"IP limit", "name": "IP limit",
"interval":"<time-interval-in-sec (int)>", "interval": "<time-interval-in-sec (int)>",
"limit":"<max-request-number-in-interval (int)>", "limit": "<max-request-number-in-interval (int)>",
"stop":true, "stop": true,
"aggregations":[ "aggregations": [
"Header:X-Forwarded-For" "Header:X-Forwarded-For"
], ],
"actions":[ "actions": [
{ { "name": "log"},
"name":"block", { "name": "block",
"params":{ "params": {
"message":"Rate limit exceeded" "message": "Rate limit exceeded"
} }
} }
] ]
}, },
{ {
"name":"rss/json limit", "name": "rss/json limit",
"interval":"<time-interval-in-sec (int)>", "interval": "<time-interval-in-sec (int)>",
"limit":"<max-request-number-in-interval (int)>", "limit": "<max-request-number-in-interval (int)>",
"stop":true, "stop": true,
"filters":[ "filters": [
"Param:format=(csv|json|rss)" "Param:format=(csv|json|rss)"
], ],
"actions":[ "actions": [
{ { "name": "log"},
"name":"block", { "name": "block",
"params":{ "params": {
"message":"Rate limit exceeded" "message": "Rate limit exceeded"
} }
} }
] ]
}, },
{ {
"name":"useragent limit", "name": "useragent limit",
"interval":"<time-interval-in-sec (int)>", "interval": "<time-interval-in-sec (int)>",
"limit":"<max-request-number-in-interval (int)>", "limit": "<max-request-number-in-interval (int)>",
"aggregations":[ "aggregations": [
"Header:User-Agent" "Header:User-Agent"
], ],
"actions":[ "actions": [
{ { "name": "log"},
"name":"block", { "name": "block",
"params":{ "params": {
"message":"Rate limit exceeded" "message": "Rate limit exceeded"
} }
} }
] ]
} }
] ]
}] }
]
Route request through filtron Route request through filtron

View file

@ -94,8 +94,9 @@ If needed, set PUBLIC_URL of your WEB service in the '${DOT_CONFIG#"$REPO_ROOT/"
FILTRON_API : ${FILTRON_API} FILTRON_API : ${FILTRON_API}
FILTRON_LISTEN : ${FILTRON_LISTEN} FILTRON_LISTEN : ${FILTRON_LISTEN}
FILTRON_TARGET : ${FILTRON_TARGET} FILTRON_TARGET : ${FILTRON_TARGET}
EOF EOF
[ ! -z ${1+x} ] && echo -e "$1" [ ! -z ${1+x} ] && err_msg "$1"
} }
main() { main() {
@ -105,7 +106,7 @@ main() {
dpkg apt-get install git wget curl \ dpkg apt-get install git wget curl \
|| exit || exit
local _usage="ERROR: unknown or missing $1 command $2" local _usage="unknown or missing $1 command $2"
case $1 in case $1 in
--source-only) ;; --source-only) ;;
@ -170,7 +171,7 @@ main() {
*) usage "$_usage"; exit 42;; *) usage "$_usage"; exit 42;;
esac ;; esac ;;
*) usage "ERROR: unknown or missing command $1"; exit 42;; *) usage "unknown or missing command $1"; exit 42;;
esac esac
} }

View file

@ -84,7 +84,7 @@ ${DOT_CONFIG#"$REPO_ROOT/"} file::
SERVICE_USER : ${SERVICE_USER} SERVICE_USER : ${SERVICE_USER}
EOF EOF
info_searx info_searx
[ ! -z ${1+x} ] && echo -e "$1" [ ! -z ${1+x} ] && err_msg "$1"
} }
info_searx() { info_searx() {

View file

@ -110,7 +110,7 @@ If needed, set PUBLIC_URL of your WEB service in the '${DOT_CONFIG#"$REPO_ROOT/"
SERVICE_USER : ${SERVICE_USER} SERVICE_USER : ${SERVICE_USER}
EOF EOF
[ ! -z ${1+x} ] && echo -e "$1" [ ! -z ${1+x} ] && err_msg "$1"
} }
main() { main() {
@ -120,7 +120,7 @@ main() {
dpkg systemctl apt-get install git wget curl \ dpkg systemctl apt-get install git wget curl \
|| exit || exit
local _usage="ERROR: unknown or missing $1 command $2" local _usage="unknown or missing $1 command $2"
case $1 in case $1 in
--source-only) ;; --source-only) ;;
@ -190,7 +190,7 @@ main() {
*) usage "$_usage"; exit 42;; *) usage "$_usage"; exit 42;;
esac ;; esac ;;
*) usage "ERROR: unknown or missing command $1"; exit 42;; *) usage "unknown or missing command $1"; exit 42;;
esac esac
} }

View file

@ -1,107 +1,105 @@
[{ [
"name":"search request", { "name": "suspiciously frequent IP",
"filters":[ "filters": [],
"Param:q", "interval": 600,
"Path=^(/|/search)$" "limit": 30,
], "aggregations": [
"interval":120,
"limit":19,
"actions":[
{
"name":"block",
"params":{
"message":"common rate limit exceeded"
}
}
],
"subrules":[
{
"name":"roboagent limit",
"interval":60,
"limit":3,
"filters":[
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby)"
],
"actions":[
{"name":"log"},
{
"name":"block",
"params":{
"message":"rate limit exceeded"
}
}
]
},
{
"name":"botlimit",
"interval":60,
"limit":0,
"stop":true,
"filters":[
"Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
],
"actions":[
{"name":"log"},
{
"name":"block",
"params":{
"message":"rate limit exceeded"
}
}
]
},
{
"name":"IP limit",
"interval":60,
"limit":13,
"stop":true,
"aggregations":[
"Header:X-Forwarded-For" "Header:X-Forwarded-For"
], ],
"actions":[ "actions":[
{"name":"log"}, {"name":"log"}
]
},
{ "name": "search request",
"filters": [
"Param:q",
"Path=^(/|/search)$"
],
"interval": 61,
"limit": 999,
"subrules": [
{ {
"name":"block", "name": "roboagent limit",
"params":{ "interval": 61,
"message":"rate limit exceeded" "limit": 1,
"filters": [
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)"
],
"actions": [
{ "name": "log"},
{ "name": "block",
"params": {
"message": "Rate limit exceeded"
} }
} }
] ]
}, },
{ {
"name":"rss/json limit", "name": "botlimit",
"interval":60, "limit": 0,
"limit":13, "stop": true,
"stop":true, "filters": [
"filters":[ "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
],
"actions": [
{ "name": "log"},
{ "name": "block",
"params": {
"message": "Rate limit exceeded"
}
}
]
},
{
"name": "IP limit",
"interval": 61,
"limit": 9,
"stop": true,
"aggregations": [
"Header:X-Forwarded-For"
],
"actions": [
{ "name": "log"},
{ "name": "block",
"params": {
"message": "Rate limit exceeded"
}
}
]
},
{
"name": "rss/json limit",
"interval": 121,
"limit": 2,
"stop": true,
"filters": [
"Param:format=(csv|json|rss)" "Param:format=(csv|json|rss)"
], ],
"actions":[ "actions": [
{"name":"log"}, { "name": "log"},
{ { "name": "block",
"name":"block", "params": {
"params":{ "message": "Rate limit exceeded"
"message":"rate limit exceeded"
} }
} }
] ]
}, },
{ {
"name":"useragent limit", "name": "useragent limit",
"interval":60, "interval": 61,
"limit":13, "limit": 199,
"aggregations":[ "aggregations": [
"Header:User-Agent" "Header:User-Agent"
], ],
"actions":[ "actions": [
{"name":"log"}, { "name": "log"},
{ { "name": "block",
"name":"block", "params": {
"params":{ "message": "Rate limit exceeded"
"message":"rate limit exceeded"
} }
} }
] ]
} }
] ]
}] }
]