From e02b5469f0ade144f0c6712d95eb4999a69b66b6 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Sun, 25 Jul 2021 12:52:13 +0200 Subject: [PATCH 1/2] [mod] use tests/unit/settings/test_settings.yml in unit tests In unit tests settings from searx/settings.yml and the user settings from: unit/settings/test_settings.yml are used. In the latter, settings can be activated that are needed in the unit test but should not activated by default in production. Signed-off-by: Markus Heiser --- tests/unit/__init__.py | 6 ++++++ tests/unit/settings/test_settings.yml | 5 +++++ 2 files changed, 11 insertions(+) create mode 100644 tests/unit/settings/test_settings.yml diff --git a/tests/unit/__init__.py b/tests/unit/__init__.py index e69de29bb..8266c675a 100644 --- a/tests/unit/__init__.py +++ b/tests/unit/__init__.py @@ -0,0 +1,6 @@ +import os +from os.path import dirname, sep, abspath + +# In unit tests the user settings from unit/settings/test_settings.yml are used. +os.environ['SEARX_SETTINGS_PATH'] = abspath( + dirname(__file__) + sep + 'settings' + sep + 'test_settings.yml') diff --git a/tests/unit/settings/test_settings.yml b/tests/unit/settings/test_settings.yml new file mode 100644 index 000000000..a975c8739 --- /dev/null +++ b/tests/unit/settings/test_settings.yml @@ -0,0 +1,5 @@ +# This SearXNG setup is used in unit tests + +use_default_settings: true +search: + formats: [html, csv, json, rss] From 7b40c736e6deac831eb00d8a988516ac9adfad79 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Sat, 24 Jul 2021 15:17:08 +0200 Subject: [PATCH 2/2] [mod] hardening SearXNG instances by default (formats) Deny formats has been implemented in 6ed4616d. To harden SearXNG instances by default, other formats than HTML should be denied. Most of JSON, RSS and CSV requests are bots [1]:: Bots are the only users of this feature on a public instance, and they abuse it too much that the engines rate limit pretty quickly the IP address of the instance. [1] https://github.com/searxng/searxng/issues/95 Signed-off-by: Markus Heiser --- searx/settings.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/searx/settings.yml b/searx/settings.yml index faadb36d1..0306f00bd 100644 --- a/searx/settings.yml +++ b/searx/settings.yml @@ -27,7 +27,9 @@ search: # max ban time in seconds after engine errors max_ban_time_on_fail: 120 # remove format to deny access, use lower case. - formats: [html, csv, json, rss] + # formats: [html, csv, json, rss] + formats: + - html server: port: 8888