forked from Ponysearch/Ponysearch
filtron: log suspiciously frequent queries (WIP)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
parent
39feb141bc
commit
b5449ec47c
1 changed files with 40 additions and 19 deletions
|
@ -1,31 +1,52 @@
|
|||
[{
|
||||
"name":"suspiciously frequent queries",
|
||||
"filters":[
|
||||
"Param:q",
|
||||
"Path=^(/|/search)$"
|
||||
],
|
||||
"interval":120,
|
||||
"limit":9,
|
||||
"actions":[
|
||||
{"name":"log"}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name":"search request",
|
||||
"filters":[
|
||||
"Param:q",
|
||||
"Path=^(/|/search)$"
|
||||
],
|
||||
"interval":60,
|
||||
"limit":15,
|
||||
"interval":120,
|
||||
"limit":19,
|
||||
"actions":[
|
||||
{
|
||||
"name":"block",
|
||||
"params":{
|
||||
"message":"common rate limit exceeded"
|
||||
}
|
||||
}
|
||||
],
|
||||
"subrules":[
|
||||
{
|
||||
"name":"roboagent limit",
|
||||
"interval":60,
|
||||
"limit":15,
|
||||
"limit":3,
|
||||
"filters":[
|
||||
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)"
|
||||
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby)"
|
||||
],
|
||||
"actions":[
|
||||
{"name":"log"},
|
||||
{
|
||||
"name":"block",
|
||||
"params":{
|
||||
"message":"Rate limit exceeded"
|
||||
"message":"rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name":"botlimit",
|
||||
"interval":60,
|
||||
"limit":0,
|
||||
"stop":true,
|
||||
"filters":[
|
||||
|
@ -36,7 +57,7 @@
|
|||
{
|
||||
"name":"block",
|
||||
"params":{
|
||||
"message":"Rate limit exceeded"
|
||||
"message":"rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
@ -44,7 +65,7 @@
|
|||
{
|
||||
"name":"IP limit",
|
||||
"interval":60,
|
||||
"limit":15,
|
||||
"limit":13,
|
||||
"stop":true,
|
||||
"aggregations":[
|
||||
"Header:X-Forwarded-For"
|
||||
|
@ -54,7 +75,7 @@
|
|||
{
|
||||
"name":"block",
|
||||
"params":{
|
||||
"message":"Rate limit exceeded"
|
||||
"message":"rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
@ -62,7 +83,7 @@
|
|||
{
|
||||
"name":"rss/json limit",
|
||||
"interval":60,
|
||||
"limit":15,
|
||||
"limit":13,
|
||||
"stop":true,
|
||||
"filters":[
|
||||
"Param:format=(csv|json|rss)"
|
||||
|
@ -72,7 +93,7 @@
|
|||
{
|
||||
"name":"block",
|
||||
"params":{
|
||||
"message":"Rate limit exceeded"
|
||||
"message":"rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
@ -80,7 +101,7 @@
|
|||
{
|
||||
"name":"useragent limit",
|
||||
"interval":60,
|
||||
"limit":15,
|
||||
"limit":13,
|
||||
"aggregations":[
|
||||
"Header:User-Agent"
|
||||
],
|
||||
|
@ -89,7 +110,7 @@
|
|||
{
|
||||
"name":"block",
|
||||
"params":{
|
||||
"message":"Rate limit exceeded"
|
||||
"message":"rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
Loading…
Reference in a new issue