limiter_8py_source.html

# SPDX-License-Identifier: AGPL-3.0-or-later

"""Bot protection / IP rate limitation.  The intention of rate limitation is to

limit suspicious requests from an IP.  The motivation behind this is the fact

that SearXNG passes through requests from bots and is thus classified as a bot

itself.  As a result, the SearXNG engine then receives a CAPTCHA or is blocked

by the search engine (the origin) in some other way.


To avoid blocking, the requests from bots to SearXNG must also be blocked, this

is the task of the limiter.  To perform this task, the limiter uses the methods

from the :ref:`botdetection`:


- Analysis of the HTTP header in the request / :ref:`botdetection probe headers`

  can be easily bypassed.


- Block and pass lists in which IPs are listed / :ref:`botdetection ip_lists`

  are hard to maintain, since the IPs of bots are not all known and change over

  the time.


- Detection & dynamically :ref:`botdetection rate limit` of bots based on the

  behavior of the requests.  For dynamically changeable IP lists a Redis

  database is needed.


The prerequisite for IP based methods is the correct determination of the IP of

the client. The IP of the client is determined via the X-Forwarded-For_ HTTP

header.


.. attention::


   A correct setup of the HTTP request headers ``X-Forwarded-For`` and

   ``X-Real-IP`` is essential to be able to assign a request to an IP correctly:


   - `NGINX RequestHeader`_

   - `Apache RequestHeader`_


.. _X-Forwarded-For:

    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For

.. _NGINX RequestHeader:

    https://docs.searxng.org/admin/installation-nginx.html#nginx-s-searxng-site

.. _Apache RequestHeader:

    https://docs.searxng.org/admin/installation-apache.html#apache-s-searxng-site


Enable Limiter

==============


To enable the limiter activate:


.. code:: yaml


   server:

     ...

     limiter: true  # rate limit the number of request on the instance, block some bots


and set the redis-url connection. Check the value, it depends on your redis DB

(see :ref:`settings redis`), by example:


.. code:: yaml


   redis:

     url: unix:///usr/local/searxng-redis/run/redis.sock?db=0


Configure Limiter

=================


The methods of :ref:`botdetection` the limiter uses are configured in a local

file ``/etc/searxng/limiter.toml``.  The defaults are shown in limiter.toml_ /

Don't copy all values to your local configuration, just enable what you need by

overwriting the defaults.  For instance to activate the ``link_token`` method in

the :ref:`botdetection.ip_limit` you only need to set this option to ``true``:


.. code:: toml


   [botdetection.ip_limit]

   link_token = true


.. _limiter.toml:


``limiter.toml``

================


In this file the limiter finds the configuration of the :ref:`botdetection`:


- :ref:`botdetection ip_lists`

- :ref:`botdetection rate limit`

- :ref:`botdetection probe headers`


.. kernel-include:: $SOURCEDIR/limiter.toml

   :code: toml


Implementation

==============


"""


from __future__ import annotations

import sys


from pathlib import Path

from ipaddress import ip_address

import flask

import werkzeug


from searx import (

    logger,

    redisdb,

)

from searx import botdetection

from searx.botdetection import (

    config,

    http_accept,

    http_accept_encoding,

    http_accept_language,

    http_user_agent,

    ip_limit,

    ip_lists,

    get_network,

    get_real_ip,

    dump_request,

)


# the configuration are limiter.toml and "limiter" in settings.yml so, for

# coherency, the logger is "limiter"

logger = logger.getChild('limiter')


CFG: config.Config = None  # type: ignore

_INSTALLED = False


LIMITER_CFG_SCHEMA = Path(__file__).parent / "limiter.toml"

"""Base configuration (schema) of the botdetection."""


CFG_DEPRECATED = {

    # "dummy.old.foo": "config 'dummy.old.foo' exists only for tests.  Don't use it in your real project config."

}


def get_cfg() -> config.Config:

    global CFG  # pylint: disable=global-statement


    if CFG is None:

        from . import settings_loader  # pylint: disable=import-outside-toplevel


        cfg_file = (settings_loader.get_user_cfg_folder() or Path("/etc/searxng")) / "limiter.toml"

        CFG = config.Config.from_toml(LIMITER_CFG_SCHEMA, cfg_file, CFG_DEPRECATED)

    return CFG


def filter_request(request: flask.Request) -> werkzeug.Response | None:

    # pylint: disable=too-many-return-statements


    cfg = get_cfg()

    real_ip = ip_address(get_real_ip(request))

    network = get_network(real_ip, cfg)


    if request.path == '/healthz':

        return None


    # link-local


    if network.is_link_local:

        return None


    # block- & pass- lists

    #

    # 1. The IP of the request is first checked against the pass-list; if the IP

    #    matches an entry in the list, the request is not blocked.

    # 2. If no matching entry is found in the pass-list, then a check is made against

    #    the block list; if the IP matches an entry in the list, the request is

    #    blocked.

    # 3. If the IP is not in either list, the request is not blocked.


    match, msg = ip_lists.pass_ip(real_ip, cfg)

    if match:

        logger.warning("PASS %s: matched PASSLIST - %s", network.compressed, msg)

        return None


    match, msg = ip_lists.block_ip(real_ip, cfg)

    if match:

        logger.error("BLOCK %s: matched BLOCKLIST - %s", network.compressed, msg)

        return flask.make_response(('IP is on BLOCKLIST - %s' % msg, 429))


    # methods applied on /


    for func in [

        http_user_agent,

    ]:

        val = func.filter_request(network, request, cfg)

        if val is not None:

            return val


    # methods applied on /search


    if request.path == '/search':


        for func in [

            http_accept,

            http_accept_encoding,

            http_accept_language,

            http_user_agent,

            ip_limit,

        ]:

            val = func.filter_request(network, request, cfg)

            if val is not None:

                return val

    logger.debug(f"OK {network}: %s", dump_request(flask.request))

    return None


def pre_request():

    """See :py:obj:`flask.Flask.before_request`"""

    return filter_request(flask.request)


def is_installed():

    """Returns ``True`` if limiter is active and a redis DB is available."""

    return _INSTALLED


def initialize(app: flask.Flask, settings):

    """Install the limiter"""

    global _INSTALLED  # pylint: disable=global-statement


    # even if the limiter is not activated, the botdetection must be activated

    # (e.g. the self_info plugin uses the botdetection to get client IP)


    cfg = get_cfg()

    redis_client = redisdb.client()

    botdetection.init(cfg, redis_client)


    if not (settings['server']['limiter'] or settings['server']['public_instance']):

        return


    if not redis_client:

        logger.error(

            "The limiter requires Redis, please consult the documentation: "

            "https://docs.searxng.org/admin/searx.limiter.html"

        )

        if settings['server']['public_instance']:

            sys.exit(1)

        return


    _INSTALLED = True


    if settings['server']['public_instance']:

        # overwrite limiter.toml setting

        cfg.set('botdetection.ip_limit.link_token', True)


    app.before_request(pre_request)


searx.botdetection.config.Config
Definition config.py:54

searx.botdetection
Definition __init__.py:1

searx.limiter.get_cfg
config.Config get_cfg()
Definition limiter.py:136

searx.limiter.initialize
initialize(flask.Flask app, settings)
Definition limiter.py:218

searx.limiter.pre_request
pre_request()
Definition limiter.py:208

searx.limiter.filter_request
werkzeug.Response|None filter_request(flask.Request request)
Definition limiter.py:147

searx.limiter.is_installed
is_installed()
Definition limiter.py:213