[mod] hardening SearXNG instances by default (formats)

Deny formats has been implemented in 6ed4616d.

To harden SearXNG instances by default, other formats than HTML should be
denied.  Most of JSON, RSS and CSV requests are bots [1]::

    Bots are the only users of this feature on a public instance, and they abuse
    it too much that the engines rate limit pretty quickly the IP address of the
    instance.

[1] https://github.com/searxng/searxng/issues/95

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
Markus Heiser 2021-07-24 15:17:08 +02:00
parent e02b5469f0
commit 7b40c736e6

View file

@ -27,7 +27,9 @@ search:
# max ban time in seconds after engine errors # max ban time in seconds after engine errors
max_ban_time_on_fail: 120 max_ban_time_on_fail: 120
# remove format to deny access, use lower case. # remove format to deny access, use lower case.
formats: [html, csv, json, rss] # formats: [html, csv, json, rss]
formats:
- html
server: server:
port: 8888 port: 8888