NTab仓库
fjmwkj
/
searxng
mirror of https://github.com/searxng/searxng
1
0
Fork 0
Files Issues 0 Wiki
Tree: 2f40f61f83
Branches Tags
searxng
/
docs
/
admin
/
filtron.rst

filtron.rst 4.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178 
  1. 

  2. .. _searx_filtron:
    3. 

  3. 

  4. ==========================
    5. 

  5. How to protect an instance
    6. 

  6. ==========================
    7. 

  7. 

  8. .. sidebar:: further reading
    9. 

  9. 

  10.    - :ref:`filtron.sh`
    11. 

  11. 

  12. .. contents:: Contents
    13. 

  13.    :depth: 2
    14. 

  14.    :local:
    15. 

  15.    :backlinks: entry
    16. 

  16. 

  17. .. _filtron: https://github.com/asciimoo/filtron
    18. 

  18. 

  19. Searx depens on external search services.  To avoid the abuse of these services
    20. 

  20. it is advised to limit the number of requests processed by searx.
    21. 

  21. 

  22. An application firewall, filtron_ solves exactly this problem.  Filtron is just
    23. 

  23. a middleware between your web server (nginx, apache, ...) and searx, we describe
    24. 

  24. such infratructures in chapter: :ref:`architecture`.
    25. 

  25. 

  26. 

  27. filtron & go
    28. 

  28. ============
    29. 

  29. 

  30. .. _Go: https://golang.org/
    31. 

  31. .. _filtron README: https://github.com/asciimoo/filtron/blob/master/README.md
    32. 

  32. 

  33. Filtron needs Go_ installed.  If Go_ is preinstalled, filtron_ is simply
    34. 

  34. installed by ``go get`` package management (see `filtron README`_).  If you use
    35. 

  35. filtron as middleware, a more isolated setup is recommended.  To simplify such
    36. 

  36. an installation and the maintenance of, use our script :ref:`filtron.sh`.
    37. 

  37. 

  38. 

  39. Sample configuration of filtron
    40. 

  40. ===============================
    41. 

  41. 

  42. .. sidebar:: Tooling box
    43. 

  43. 

  44.    - :origin:`/etc/filtron/rules.json <utils/templates/etc/filtron/rules.json>`
    45. 

  45. 

  46. An example configuration can be find below. This configuration limits the access
    47. 

  47. of:
    48. 

  48. 

  49. - scripts or applications (roboagent limit)
    50. 

  50. - webcrawlers (botlimit)
    51. 

  51. - IPs which send too many requests (IP limit)
    52. 

  52. - too many json, csv, etc. requests (rss/json limit)
    53. 

  53. - the same UserAgent of if too many requests (useragent limit)
    54. 

  54. 

  55. .. code:: json
    56. 

  56. 

  57.    [
    58. 

  58.      { "name": "search request",
    59. 

  59.        "filters": [
    60. 

  60. 	 "Param:q",
    61. 

  61. 	 "Path=^(/|/search)$"
    62. 

  62.        ],
    63. 

  63.        "interval": "<time-interval-in-sec (int)>",
    64. 

  64.        "limit": "<max-request-number-in-interval (int)>",
    65. 

  65.        "subrules": [
    66. 

  66. 	 {
    67. 

  67. 	   "name": "roboagent limit",
    68. 

  68. 	   "interval": "<time-interval-in-sec (int)>",
    69. 

  69. 	   "limit": "<max-request-number-in-interval (int)>",
    70. 

  70. 	   "filters": [
    71. 

  71. 	     "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)"
    72. 

  72. 	   ],
    73. 

  73. 	   "actions": [
    74. 

  74. 	     { "name": "log"},
    75. 

  75. 	     { "name": "block",
    76. 

  76. 	       "params": {
    77. 

  77. 		 "message": "Rate limit exceeded"
    78. 

  78. 	       }
    79. 

  79. 	     }
    80. 

  80. 	   ]
    81. 

  81. 	 },
    82. 

  82. 	 {
    83. 

  83. 	   "name": "botlimit",
    84. 

  84. 	   "limit": 0,
    85. 

  85. 	   "stop": true,
    86. 

  86. 	   "filters": [
    87. 

  87. 	     "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
    88. 

  88. 	   ],
    89. 

  89. 	   "actions": [
    90. 

  90. 	     { "name": "log"},
    91. 

  91. 	     { "name": "block",
    92. 

  92. 	       "params": {
    93. 

  93. 		 "message": "Rate limit exceeded"
    94. 

  94. 	       }
    95. 

  95. 	     }
    96. 

  96. 	   ]
    97. 

  97. 	 },
    98. 

  98. 	 {
    99. 

  99. 	   "name": "IP limit",
    100. 

  100. 	   "interval": "<time-interval-in-sec (int)>",
    101. 

  101. 	   "limit": "<max-request-number-in-interval (int)>",
    102. 

  102. 	   "stop": true,
    103. 

  103. 	   "aggregations": [
    104. 

  104. 	     "Header:X-Forwarded-For"
    105. 

  105. 	   ],
    106. 

  106. 	   "actions": [
    107. 

  107. 	     { "name": "log"},
    108. 

  108. 	     { "name": "block",
    109. 

  109. 	       "params": {
    110. 

  110. 		 "message": "Rate limit exceeded"
    111. 

  111. 	       }
    112. 

  112. 	     }
    113. 

  113. 	   ]
    114. 

  114. 	 },
    115. 

  115. 	 {
    116. 

  116. 	   "name": "rss/json limit",
    117. 

  117. 	   "interval": "<time-interval-in-sec (int)>",
    118. 

  118. 	   "limit": "<max-request-number-in-interval (int)>",
    119. 

  119. 	   "stop": true,
    120. 

  120. 	   "filters": [
    121. 

  121. 	     "Param:format=(csv|json|rss)"
    122. 

  122. 	   ],
    123. 

  123. 	   "actions": [
    124. 

  124. 	     { "name": "log"},
    125. 

  125. 	     { "name": "block",
    126. 

  126. 	       "params": {
    127. 

  127. 		 "message": "Rate limit exceeded"
    128. 

  128. 	       }
    129. 

  129. 	     }
    130. 

  130. 	   ]
    131. 

  131. 	 },
    132. 

  132. 	 {
    133. 

  133. 	   "name": "useragent limit",
    134. 

  134. 	   "interval": "<time-interval-in-sec (int)>",
    135. 

  135. 	   "limit": "<max-request-number-in-interval (int)>",
    136. 

  136. 	   "aggregations": [
    137. 

  137. 	     "Header:User-Agent"
    138. 

  138. 	   ],
    139. 

  139. 	   "actions": [
    140. 

  140. 	     { "name": "log"},
    141. 

  141. 	     { "name": "block",
    142. 

  142. 	       "params": {
    143. 

  143. 		 "message": "Rate limit exceeded"
    144. 

  144. 	       }
    145. 

  145. 	     }
    146. 

  146. 	   ]
    147. 

  147. 	 }
    148. 

  148.        ]
    149. 

  149.      }
    150. 

  150.    ]
    151. 

  151. 

  152. 

  153. Route request through filtron
    154. 

  154. =============================
    155. 

  155. 

  156. Filtron can be started using the following command:
    157. 

  157. 

  158. .. code:: sh
    159. 

  159. 

  160.    $ filtron -rules rules.json
    161. 

  161. 

  162. It listens on ``127.0.0.1:4004`` and forwards filtered requests to
    163. 

  163. ``127.0.0.1:8888`` by default.
    164. 

  164. 

  165. Use it along with ``nginx`` with the following example configuration.
    166. 

  166. 

  167. .. code:: nginx
    168. 

  168. 

  169.    location / {
    170. 

  170.         proxy_set_header   Host    $http_host;
    171. 

  171.         proxy_set_header   X-Real-IP $remote_addr;
    172. 

  172.         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    173. 

  173.         proxy_set_header   X-Scheme $scheme;
    174. 

  174.         proxy_pass         http://127.0.0.1:4004/;
    175. 

  175.    }
    176. 

  176. 

  177. Requests are coming from port 4004 going through filtron and then forwarded to
    178. 

  178. port 8888 where a searx is being run.
    179.
© 2025 NTab仓库
Page: 51ms Template: 0ms 微信 微信二维码 哔哩哔哩 Sina Weibo Javascript Licenses Website