.oO SearXNG Developer Documentation Oo.
Loading...
Searching...
No Matches
limiter.py
Go to the documentation of this file.
1# SPDX-License-Identifier: AGPL-3.0-or-later
2"""Bot protection / IP rate limitation. The intention of rate limitation is to
3limit suspicious requests from an IP. The motivation behind this is the fact
4that SearXNG passes through requests from bots and is thus classified as a bot
5itself. As a result, the SearXNG engine then receives a CAPTCHA or is blocked
6by the search engine (the origin) in some other way.
7
8To avoid blocking, the requests from bots to SearXNG must also be blocked, this
9is the task of the limiter. To perform this task, the limiter uses the methods
10from the :ref:`botdetection`:
11
12- Analysis of the HTTP header in the request / :ref:`botdetection probe headers`
13 can be easily bypassed.
14
15- Block and pass lists in which IPs are listed / :ref:`botdetection ip_lists`
16 are hard to maintain, since the IPs of bots are not all known and change over
17 the time.
18
19- Detection & dynamically :ref:`botdetection rate limit` of bots based on the
20 behavior of the requests. For dynamically changeable IP lists a Valkey
21 database is needed.
22
23The prerequisite for IP based methods is the correct determination of the IP of
24the client. The IP of the client is determined via the X-Forwarded-For_ HTTP
25header.
26
27.. attention::
28
29 A correct setup of the HTTP request headers ``X-Forwarded-For`` and
30 ``X-Real-IP`` is essential to be able to assign a request to an IP correctly:
31
32 - `NGINX RequestHeader`_
33 - `Apache RequestHeader`_
34
35.. _X-Forwarded-For:
36 https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
37.. _NGINX RequestHeader:
38 https://docs.searxng.org/admin/installation-nginx.html#nginx-s-searxng-site
39.. _Apache RequestHeader:
40 https://docs.searxng.org/admin/installation-apache.html#apache-s-searxng-site
41
42Enable Limiter
43==============
44
45To enable the limiter activate:
46
47.. code:: yaml
48
49 server:
50 ...
51 limiter: true # rate limit the number of request on the instance, block some bots
52
53and set the valkey-url connection. Check the value, it depends on your valkey DB
54(see :ref:`settings valkey`), by example:
55
56.. code:: yaml
57
58 valkey:
59 url: valkey://localhost:6379/0
60
61
62Configure Limiter
63=================
64
65The methods of :ref:`botdetection` the limiter uses are configured in a local
66file ``/etc/searxng/limiter.toml``. The defaults are shown in limiter.toml_ /
67Don't copy all values to your local configuration, just enable what you need by
68overwriting the defaults. For instance to activate the ``link_token`` method in
69the :ref:`botdetection.ip_limit` you only need to set this option to ``true``:
70
71.. code:: toml
72
73 [botdetection.ip_limit]
74 link_token = true
75
76.. _limiter.toml:
77
78``limiter.toml``
79================
80
81In this file the limiter finds the configuration of the :ref:`botdetection`:
82
83- :ref:`botdetection ip_lists`
84- :ref:`botdetection rate limit`
85- :ref:`botdetection probe headers`
86
87.. kernel-include:: $SOURCEDIR/limiter.toml
88 :code: toml
89
90Implementation
91==============
92
93"""
94
95from ipaddress import ip_address
96import sys
97
98from pathlib import Path
99import flask
100import werkzeug
101
102import searx.compat
103from searx import (
104 logger,
105 valkeydb,
106)
107from searx import botdetection
108from searx.extended_types import SXNG_Request, sxng_request
109from searx.botdetection import (
110 config,
111 http_accept,
112 http_accept_encoding,
113 http_accept_language,
114 http_user_agent,
115 http_sec_fetch,
116 ip_limit,
117 ip_lists,
118 get_network,
119 dump_request,
120)
121
122# the configuration are limiter.toml and "limiter" in settings.yml so, for
123# coherency, the logger is "limiter"
124logger = logger.getChild('limiter')
125
126CFG: config.Config | None = None
127_INSTALLED = False
128
129LIMITER_CFG_SCHEMA = Path(__file__).parent / "limiter.toml"
130"""Base configuration (schema) of the botdetection."""
131
132
133def get_cfg() -> config.Config:
134 """Returns SearXNG's global limiter configuration."""
135 global CFG # pylint: disable=global-statement
136
137 if CFG is None:
138 from . import settings_loader # pylint: disable=import-outside-toplevel
139
140 cfg_file = (settings_loader.get_user_cfg_folder() or Path("/etc/searxng")) / "limiter.toml"
141 CFG = config.Config.from_toml(LIMITER_CFG_SCHEMA, cfg_file, searx.compat.LIMITER_CFG_DEPRECATED)
142 searx.compat.limiter_fix_cfg(CFG, cfg_file)
143
144 return CFG
145
146
147def filter_request(request: SXNG_Request) -> werkzeug.Response | None:
148 # pylint: disable=too-many-return-statements
149
150 cfg = get_cfg()
151 real_ip = ip_address(request.remote_addr)
152 network = get_network(real_ip, cfg)
153
154 if request.path == '/healthz':
155 return None
156
157 # link-local
158
159 if network.is_link_local:
160 return None
161
162 # block- & pass- lists
163 #
164 # 1. The IP of the request is first checked against the pass-list; if the IP
165 # matches an entry in the list, the request is not blocked.
166 # 2. If no matching entry is found in the pass-list, then a check is made against
167 # the block list; if the IP matches an entry in the list, the request is
168 # blocked.
169 # 3. If the IP is not in either list, the request is not blocked.
170
171 match, msg = ip_lists.pass_ip(real_ip, cfg)
172 if match:
173 logger.warning("PASS %s: matched PASSLIST - %s", network.compressed, msg)
174 return None
175
176 match, msg = ip_lists.block_ip(real_ip, cfg)
177 if match:
178 logger.error("BLOCK %s: matched BLOCKLIST - %s", network.compressed, msg)
179 return flask.make_response(('IP is on BLOCKLIST - %s' % msg, 429))
180
181 # methods applied on all requests
182
183 for func in [
184 http_user_agent,
185 ]:
186 val = func.filter_request(network, request, cfg)
187 if val is not None:
188 logger.debug(f"NOT OK ({func.__name__}): {network}: %s", dump_request(sxng_request))
189 return val
190
191 # methods applied on /search requests
192
193 if request.path == '/search':
194
195 for func in [
196 http_accept,
197 http_accept_encoding,
198 http_accept_language,
199 http_user_agent,
200 http_sec_fetch,
201 ip_limit,
202 ]:
203 val = func.filter_request(network, request, cfg)
204 if val is not None:
205 logger.debug(f"NOT OK ({func.__name__}): {network}: %s", dump_request(sxng_request))
206 return val
207
208 logger.debug(f"OK {network}: %s", dump_request(sxng_request))
209 return None
210
211
213 """See :py:obj:`flask.Flask.before_request`"""
214 return filter_request(sxng_request)
215
216
218 """Returns ``True`` if limiter is active and a valkey DB is available."""
219 return _INSTALLED
220
221
222def initialize(app: flask.Flask, settings):
223 """Install the limiter"""
224 global _INSTALLED # pylint: disable=global-statement
225
226 # even if the limiter is not activated, the botdetection must be activated
227 # (e.g. the self_info plugin uses the botdetection to get client IP)
228
229 cfg = get_cfg()
230 valkey_client = valkeydb.client()
231 botdetection.init(cfg, valkey_client)
232
233 if not (settings['server']['limiter'] or settings['server']['public_instance']):
234 return
235
236 if not valkey_client:
237 logger.error(
238 "The limiter requires Valkey, please consult the documentation: "
239 "https://docs.searxng.org/admin/searx.limiter.html"
240 )
241 if settings['server']['public_instance']:
242 sys.exit(1)
243 return
244
245 _INSTALLED = True
246
247 if settings['server']['public_instance']:
248 # overwrite limiter.toml setting
249 cfg.set('botdetection.ip_limit.link_token', True)
250
251 app.before_request(pre_request)
limiter_fix_cfg(cfg, cfg_file)
Definition compat.py:34
config.Config get_cfg()
Definition limiter.py:133
initialize(flask.Flask app, settings)
Definition limiter.py:222
werkzeug.Response|None filter_request(SXNG_Request request)
Definition limiter.py:147