searxng/searx/botdetection/ip_limit.py

""".. _botdetection.ip_limit:

Method ``ip_limit``
-------------------

The ``ip_limit`` method counts request from an IP in *sliding windows*.  If
there are to many requests in a sliding window, the request is evaluated as a
bot request.  This method requires a redis DB and needs a HTTP X-Forwarded-For_
header.  To take privacy only the hash value of an IP is stored in the redis DB
and at least for a maximum of 10 minutes.

The :py:obj:`.link_token` method can be used to investigate whether a request is
*suspicious*.  To activate the :py:obj:`.link_token` method in the
:py:obj:`.ip_limit` method add the following to your
``/etc/searxng/limiter.toml``:

.. code:: toml

   [botdetection.ip_limit]
   link_token = true

If the :py:obj:`.link_token` method is activated and a request is *suspicious*
the request rates are reduced:

- :py:obj:`BURST_MAX` -> :py:obj:`BURST_MAX_SUSPICIOUS`
- :py:obj:`LONG_MAX` -> :py:obj:`LONG_MAX_SUSPICIOUS`

.. _X-Forwarded-For:
   https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For

"""

from typing import Optional, Tuple
import flask
from searx.tools import config


from searx import redisdb
from searx import logger
from searx.redislib import incr_sliding_window

from . import link_token

logger = logger.getChild('botdetection.ip_limit')

BURST_WINDOW = 20
"""Time (sec) before sliding window for *burst* requests expires."""

BURST_MAX = 15
"""Maximum requests from one IP in the :py:obj:`BURST_WINDOW`"""

BURST_MAX_SUSPICIOUS = 2
"""Maximum of suspicious requests from one IP in the :py:obj:`BURST_WINDOW`"""

LONG_WINDOW = 600
"""Time (sec) before the longer sliding window expires."""

LONG_MAX = 150
"""Maximum requests from one IP in the :py:obj:`LONG_WINDOW`"""

LONG_MAX_SUSPICIOUS = 10
"""Maximum suspicious requests from one IP in the :py:obj:`LONG_WINDOW`"""

API_WONDOW = 3600
"""Time (sec) before sliding window for API requests (format != html) expires."""

API_MAX = 4
"""Maximum requests from one IP in the :py:obj:`API_WONDOW`"""


def filter_request(request: flask.Request, cfg: config.Config) -> Optional[Tuple[int, str]]:
    redis_client = redisdb.client()

    x_forwarded_for = request.headers.get('X-Forwarded-For', '')
    if not x_forwarded_for:
        logger.error("missing HTTP header X-Forwarded-For")

    if request.args.get('format', 'html') != 'html':
        c = incr_sliding_window(redis_client, 'IP limit - API_WONDOW:' + x_forwarded_for, API_WONDOW)
        if c > API_MAX:
            return 429, "BLOCK %s: API limit exceeded"

    suspicious = False
    if cfg['botdetection.ip_limit.link_token']:
        suspicious = link_token.is_suspicious(request)

    if suspicious:
        c = incr_sliding_window(redis_client, 'IP limit - BURST_WINDOW:' + x_forwarded_for, BURST_WINDOW)
        if c > BURST_MAX_SUSPICIOUS:
            return 429, f"bot detected, too many request from {x_forwarded_for} in BURST_MAX_SUSPICIOUS"

        c = incr_sliding_window(redis_client, 'IP limit - LONG_WINDOW:' + x_forwarded_for, LONG_WINDOW)
        if c > LONG_MAX_SUSPICIOUS:
            return 429, f"bot detected, too many request from {x_forwarded_for} in LONG_MAX_SUSPICIOUS"

    else:
        c = incr_sliding_window(redis_client, 'IP limit - BURST_WINDOW:' + x_forwarded_for, BURST_WINDOW)
        if c > BURST_MAX:
            return 429, f"bot detected, too many request from {x_forwarded_for} in BURST_MAX"

        c = incr_sliding_window(redis_client, 'IP limit - LONG_WINDOW:' + x_forwarded_for, LONG_WINDOW)
        if c > LONG_MAX:
            return 429, f"bot detected, too many request from {x_forwarded_for} in LONG_MAX"
    return None
[mod] limiter: add config file /etc/searxng/limiter.toml Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> 2023-05-26 15:24:43 +00:00			`""".. _botdetection.ip_limit:`

[mod] limiter -> botdetection: modularization and documentation In order to be able to meet the outstanding requirements, the implementation is modularized and supplemented with documentation. This patch does not contain functional change, except it fixes issue #2455 ---- Aktivate limiter in the settings.yml and simulate a bot request by:: curl -H 'Accept-Language: de-DE,en-US;q=0.7,en;q=0.3' \ -H 'Accept: text/html' -H 'User-Agent: xyz' \ -H 'Accept-Encoding: gzip' \ 'http://127.0.0.1:8888/search?q=foo' In the LOG: DEBUG searx.botdetection.link_token : missing ping for this request: ..... Since ``BURST_MAX_SUSPICIOUS = 2`` you can repeat the query above two time before you get a "Too Many Requests" response. Closes: https://github.com/searxng/searxng/issues/2455 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> 2023-05-23 16:16:37 +00:00			Method ``ip_limit``
			`-------------------`

			The ``ip_limit`` method counts request from an IP in sliding windows. If
			`there are to many requests in a sliding window, the request is evaluated as a`
			`bot request. This method requires a redis DB and needs a HTTP X-Forwarded-For_`
			`header. To take privacy only the hash value of an IP is stored in the redis DB`
			`and at least for a maximum of 10 minutes.`

[fix] limiter.toml: botdetection.ip_limit turn off link_token by default To activate the ``link_token`` method in the ``ip_limit`` method add the following to your ``/etc/searxng/limiter.toml``:: [botdetection.ip_limit] link_token = true Related: https://github.com/searxng/searxng/pull/2357#issuecomment-1554116941 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> 2023-05-27 16:58:06 +00:00			The :py:obj:`.link_token` method can be used to investigate whether a request is
			suspicious. To activate the :py:obj:`.link_token` method in the
			:py:obj:`.ip_limit` method add the following to your
			``/etc/searxng/limiter.toml``:

			`.. code:: toml`

			`[botdetection.ip_limit]`
			`link_token = true`

			If the :py:obj:`.link_token` method is activated and a request is suspicious
			`the request rates are reduced:`
[mod] limiter -> botdetection: modularization and documentation In order to be able to meet the outstanding requirements, the implementation is modularized and supplemented with documentation. This patch does not contain functional change, except it fixes issue #2455 ---- Aktivate limiter in the settings.yml and simulate a bot request by:: curl -H 'Accept-Language: de-DE,en-US;q=0.7,en;q=0.3' \ -H 'Accept: text/html' -H 'User-Agent: xyz' \ -H 'Accept-Encoding: gzip' \ 'http://127.0.0.1:8888/search?q=foo' In the LOG: DEBUG searx.botdetection.link_token : missing ping for this request: ..... Since ``BURST_MAX_SUSPICIOUS = 2`` you can repeat the query above two time before you get a "Too Many Requests" response. Closes: https://github.com/searxng/searxng/issues/2455 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> 2023-05-23 16:16:37 +00:00
			- :py:obj:`BURST_MAX` -> :py:obj:`BURST_MAX_SUSPICIOUS`
			- :py:obj:`LONG_MAX` -> :py:obj:`LONG_MAX_SUSPICIOUS`

			`.. _X-Forwarded-For:`
			`https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For`

			`"""`

			`from typing import Optional, Tuple`
			`import flask`
[mod] limiter: add config file /etc/searxng/limiter.toml Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> 2023-05-26 15:24:43 +00:00			`from searx.tools import config`

[mod] limiter -> botdetection: modularization and documentation In order to be able to meet the outstanding requirements, the implementation is modularized and supplemented with documentation. This patch does not contain functional change, except it fixes issue #2455 ---- Aktivate limiter in the settings.yml and simulate a bot request by:: curl -H 'Accept-Language: de-DE,en-US;q=0.7,en;q=0.3' \ -H 'Accept: text/html' -H 'User-Agent: xyz' \ -H 'Accept-Encoding: gzip' \ 'http://127.0.0.1:8888/search?q=foo' In the LOG: DEBUG searx.botdetection.link_token : missing ping for this request: ..... Since ``BURST_MAX_SUSPICIOUS = 2`` you can repeat the query above two time before you get a "Too Many Requests" response. Closes: https://github.com/searxng/searxng/issues/2455 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> 2023-05-23 16:16:37 +00:00
			`from searx import redisdb`
			`from searx import logger`
			`from searx.redislib import incr_sliding_window`

			`from . import link_token`

			`logger = logger.getChild('botdetection.ip_limit')`

			`BURST_WINDOW = 20`
			`"""Time (sec) before sliding window for burst requests expires."""`

			`BURST_MAX = 15`
			"""Maximum requests from one IP in the :py:obj:`BURST_WINDOW`"""

			`BURST_MAX_SUSPICIOUS = 2`
			"""Maximum of suspicious requests from one IP in the :py:obj:`BURST_WINDOW`"""

			`LONG_WINDOW = 600`
			`"""Time (sec) before the longer sliding window expires."""`

			`LONG_MAX = 150`
			"""Maximum requests from one IP in the :py:obj:`LONG_WINDOW`"""

			`LONG_MAX_SUSPICIOUS = 10`
			"""Maximum suspicious requests from one IP in the :py:obj:`LONG_WINDOW`"""

			`API_WONDOW = 3600`
			`"""Time (sec) before sliding window for API requests (format != html) expires."""`

			`API_MAX = 4`
			"""Maximum requests from one IP in the :py:obj:`API_WONDOW`"""


[mod] limiter: add config file /etc/searxng/limiter.toml Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> 2023-05-26 15:24:43 +00:00			`def filter_request(request: flask.Request, cfg: config.Config) -> Optional[Tuple[int, str]]:`
[mod] limiter -> botdetection: modularization and documentation In order to be able to meet the outstanding requirements, the implementation is modularized and supplemented with documentation. This patch does not contain functional change, except it fixes issue #2455 ---- Aktivate limiter in the settings.yml and simulate a bot request by:: curl -H 'Accept-Language: de-DE,en-US;q=0.7,en;q=0.3' \ -H 'Accept: text/html' -H 'User-Agent: xyz' \ -H 'Accept-Encoding: gzip' \ 'http://127.0.0.1:8888/search?q=foo' In the LOG: DEBUG searx.botdetection.link_token : missing ping for this request: ..... Since ``BURST_MAX_SUSPICIOUS = 2`` you can repeat the query above two time before you get a "Too Many Requests" response. Closes: https://github.com/searxng/searxng/issues/2455 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> 2023-05-23 16:16:37 +00:00			`redis_client = redisdb.client()`

			`x_forwarded_for = request.headers.get('X-Forwarded-For', '')`
			`if not x_forwarded_for:`
			`logger.error("missing HTTP header X-Forwarded-For")`

			`if request.args.get('format', 'html') != 'html':`
			`c = incr_sliding_window(redis_client, 'IP limit - API_WONDOW:' + x_forwarded_for, API_WONDOW)`
			`if c > API_MAX:`
			`return 429, "BLOCK %s: API limit exceeded"`

[mod] limiter: add config file /etc/searxng/limiter.toml Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> 2023-05-26 15:24:43 +00:00			`suspicious = False`
			`if cfg['botdetection.ip_limit.link_token']:`
			`suspicious = link_token.is_suspicious(request)`
[mod] limiter -> botdetection: modularization and documentation In order to be able to meet the outstanding requirements, the implementation is modularized and supplemented with documentation. This patch does not contain functional change, except it fixes issue #2455 ---- Aktivate limiter in the settings.yml and simulate a bot request by:: curl -H 'Accept-Language: de-DE,en-US;q=0.7,en;q=0.3' \ -H 'Accept: text/html' -H 'User-Agent: xyz' \ -H 'Accept-Encoding: gzip' \ 'http://127.0.0.1:8888/search?q=foo' In the LOG: DEBUG searx.botdetection.link_token : missing ping for this request: ..... Since ``BURST_MAX_SUSPICIOUS = 2`` you can repeat the query above two time before you get a "Too Many Requests" response. Closes: https://github.com/searxng/searxng/issues/2455 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> 2023-05-23 16:16:37 +00:00
			`if suspicious:`
			`c = incr_sliding_window(redis_client, 'IP limit - BURST_WINDOW:' + x_forwarded_for, BURST_WINDOW)`
			`if c > BURST_MAX_SUSPICIOUS:`
			`return 429, f"bot detected, too many request from {x_forwarded_for} in BURST_MAX_SUSPICIOUS"`

			`c = incr_sliding_window(redis_client, 'IP limit - LONG_WINDOW:' + x_forwarded_for, LONG_WINDOW)`
			`if c > LONG_MAX_SUSPICIOUS:`
			`return 429, f"bot detected, too many request from {x_forwarded_for} in LONG_MAX_SUSPICIOUS"`

			`else:`
			`c = incr_sliding_window(redis_client, 'IP limit - BURST_WINDOW:' + x_forwarded_for, BURST_WINDOW)`
			`if c > BURST_MAX:`
			`return 429, f"bot detected, too many request from {x_forwarded_for} in BURST_MAX"`

			`c = incr_sliding_window(redis_client, 'IP limit - LONG_WINDOW:' + x_forwarded_for, LONG_WINDOW)`
			`if c > LONG_MAX:`
			`return 429, f"bot detected, too many request from {x_forwarded_for} in LONG_MAX"`
			`return None`