diff --git a/docker-compose.yaml b/docker-compose.yaml index 5b9e741..6c55ae4 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -39,6 +39,8 @@ services: searx: ipv4_address: 10.10.10.3 command: -listen 10.10.10.3:4040 -api 10.10.10.3:4041 -target 10.10.10.4:8080 + volumes: + - ./rules.json:/etc/filtron/rules.json:rw read_only: true cap_drop: - ALL diff --git a/rules.json b/rules.json new file mode 100644 index 0000000..7f30295 --- /dev/null +++ b/rules.json @@ -0,0 +1,113 @@ +[ + { + "name": "stats.searx.xyz", + "interval": 300, + "limit": 10, + "filters": ["Header:X-Forwarded-For=(2a01:4f8:161:542e::2|5.9.58.49)"], + "stop": true, + "actions": [{ "name": "log"}] + }, + { + "name": "search request", + "filters": ["Param:q", "Path=^(/|/search)$"], + "subrules": [ + { + "name": "robot agent forbidden", + "limit": 0, + "filters": ["Header:User-Agent=([Cc][Uu][Rr][Ll]|[wW]get|Scrapy|splash|JavaFX|FeedFetcher|python-requests|Go-http-client|Java|Jakarta|okhttp|HttpClient|Jersey|Python|libwww-perl|Ruby|SynHttpClient)"], + "actions": [ + { + "name": "block", + "params": {"message": "Rate limit exceeded"}} + ] + }, + { + "name": "bot forbidden", + "limit": 0, + "stop": true, + "filters": ["Header:User-Agent=(Googlebot|GoogleImageProxy|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT|Sogou|Abonti|Pixray|Spinn3r|SemrushBot|Exabot|ZmEu|BLEXBot|bitlybot)"], + "actions": [ + { + "name": "block", + "params": {"message": "Rate limit exceeded"}} + ] + }, + { + "name": "block missing accept-language", + "filters": ["!Header:Accept-Language"], + "limit": 0, + "stop": true, + "actions": [ + {"name": "block", + "params": {"message": "Rate limit exceeded"}} + ] + }, + { + "name": "block Connection:close", + "filters": ["Connection=close"], + "limit": 0, + "stop": true, + "actions": [ + {"name": "block", + "params": {"message": "Rate limit exceeded"}} + ] + }, + { + "name": "block no brotli support", + "filters": ["!Header:Accept-Encoding=[; ]?br[; ]?"], + "limit": 0, + "stop": true, + "actions": [ + {"name": "block", + "params": {"message": "Rate limit exceeded"}} + ] + }, + { + "name": "IP limit", + "interval": 300, + "limit": 128, + "stop": true, + "aggregations": ["Header:X-Forwarded-For"], + "actions": [ + { + "name": "block", + "params": {"message": "Rate limit exceeded, try again later."}} + ] + }, + { + "name": "useragent limit", + "interval": 600, + "limit": 60, + "stop": true, + "aggregations": ["Header:X-Forwarded-For", "Header:User-Agent"], + "actions": [ + { + "name": "block", + "params": {"message": "Rate limit exceeded, try again later."}} + ] + }, + { + "name": "rss/json limit", + "interval": 3600, + "limit": 4, + "stop": true, + "filters": ["Header:User-Agent", "Param:format=(csv|json|rss)"], + "actions": [ + { + "name": "block", + "params": {"message": "Rate limit exceeded, try again later."}} + ] + }, + { + "name": "block accept everything", + "filters": ["!Header:Accept=text/html"], + "limit": 0, + "stop": true, + "actions": [ + {"name": "block", + "params": {"message": "Rate limit exceeded, try again later."}} + ] + } + ] + } +]