123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  2. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  3. <html xmlns="http://www.w3.org/1999/xhtml">
  4. <head>
  5. <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
  6. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  7. <title>How to protect an instance &#8212; searx 0.12.0 documentation</title>
  8. <link rel="stylesheet" href="../_static/style.css" type="text/css" />
  9. <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
  10. <script type="text/javascript" src="../_static/documentation_options.js"></script>
  11. <script type="text/javascript" src="../_static/jquery.js"></script>
  12. <script type="text/javascript" src="../_static/underscore.js"></script>
  13. <script type="text/javascript" src="../_static/doctools.js"></script>
  14. <link rel="index" title="Index" href="../genindex.html" />
  15. <link rel="search" title="Search" href="../search.html" />
  16. <link rel="next" title="How to setup result proxy" href="morty.html" />
  17. <link rel="prev" title="Administration API" href="api.html" />
  18. <link media="only screen and (max-device-width: 480px)" href="../_static/small_flask.css" type= "text/css" rel="stylesheet" />
  19. <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9">
  20. </head><body>
  21. <div class="document">
  22. <div class="documentwrapper">
  23. <div class="bodywrapper">
  24. <div class="body" role="main">
  25. <div class="section" id="how-to-protect-an-instance">
  26. <h1>How to protect an instance<a class="headerlink" href="#how-to-protect-an-instance" title="Permalink to this headline">¶</a></h1>
  27. <p>Searx depens on external search services. To avoid the abuse of these services it is advised to limit the number of requests processed by searx.</p>
  28. <p>An application firewall, <code class="docutils literal notranslate"><span class="pre">filtron</span></code> solves exactly this problem. Information on how to install it can be found at the <a class="reference external" href="https://github.com/asciimoo/filtron">project page of filtron</a>.</p>
  29. <div class="section" id="sample-configuration-of-filtron">
  30. <h2>Sample configuration of filtron<a class="headerlink" href="#sample-configuration-of-filtron" title="Permalink to this headline">¶</a></h2>
  31. <p>An example configuration can be find below. This configuration limits the access of</p>
  32. <blockquote>
  33. <div><ul class="simple">
  34. <li>scripts or applications (roboagent limit)</li>
  35. <li>webcrawlers (botlimit)</li>
  36. <li>IPs which send too many requests (IP limit)</li>
  37. <li>too many json, csv, etc. requests (rss/json limit)</li>
  38. <li>the same UserAgent of if too many requests (useragent limit)</li>
  39. </ul>
  40. </div></blockquote>
  41. <div class="code json highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span>
  42. <span class="p">{</span>
  43. <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;search request&quot;</span><span class="p">,</span>
  44. <span class="s2">&quot;filters&quot;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&quot;Param:q&quot;</span><span class="p">,</span> <span class="s2">&quot;Path=^(/|/search)$&quot;</span><span class="p">],</span>
  45. <span class="s2">&quot;interval&quot;</span><span class="p">:</span> <span class="o">&lt;</span><span class="n">time</span><span class="o">-</span><span class="n">interval</span><span class="o">-</span><span class="ow">in</span><span class="o">-</span><span class="n">sec</span><span class="o">&gt;</span><span class="p">,</span>
  46. <span class="s2">&quot;limit&quot;</span><span class="p">:</span> <span class="o">&lt;</span><span class="nb">max</span><span class="o">-</span><span class="n">request</span><span class="o">-</span><span class="n">number</span><span class="o">-</span><span class="ow">in</span><span class="o">-</span><span class="n">interval</span><span class="o">&gt;</span><span class="p">,</span>
  47. <span class="s2">&quot;subrules&quot;</span><span class="p">:</span> <span class="p">[</span>
  48. <span class="p">{</span>
  49. <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;roboagent limit&quot;</span><span class="p">,</span>
  50. <span class="s2">&quot;interval&quot;</span><span class="p">:</span> <span class="o">&lt;</span><span class="n">time</span><span class="o">-</span><span class="n">interval</span><span class="o">-</span><span class="ow">in</span><span class="o">-</span><span class="n">sec</span><span class="o">&gt;</span><span class="p">,</span>
  51. <span class="s2">&quot;limit&quot;</span><span class="p">:</span> <span class="o">&lt;</span><span class="nb">max</span><span class="o">-</span><span class="n">request</span><span class="o">-</span><span class="n">number</span><span class="o">-</span><span class="ow">in</span><span class="o">-</span><span class="n">interval</span><span class="o">&gt;</span><span class="p">,</span>
  52. <span class="s2">&quot;filters&quot;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&quot;Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)&quot;</span><span class="p">],</span>
  53. <span class="s2">&quot;actions&quot;</span><span class="p">:</span> <span class="p">[</span>
  54. <span class="p">{</span><span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;block&quot;</span><span class="p">,</span>
  55. <span class="s2">&quot;params&quot;</span><span class="p">:</span> <span class="p">{</span><span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Rate limit exceeded&quot;</span><span class="p">}}</span>
  56. <span class="p">]</span>
  57. <span class="p">},</span>
  58. <span class="p">{</span>
  59. <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;botlimit&quot;</span><span class="p">,</span>
  60. <span class="s2">&quot;limit&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
  61. <span class="s2">&quot;stop&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
  62. <span class="s2">&quot;filters&quot;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&quot;Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)&quot;</span><span class="p">],</span>
  63. <span class="s2">&quot;actions&quot;</span><span class="p">:</span> <span class="p">[</span>
  64. <span class="p">{</span><span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;block&quot;</span><span class="p">,</span>
  65. <span class="s2">&quot;params&quot;</span><span class="p">:</span> <span class="p">{</span><span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Rate limit exceeded&quot;</span><span class="p">}}</span>
  66. <span class="p">]</span>
  67. <span class="p">},</span>
  68. <span class="p">{</span>
  69. <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;IP limit&quot;</span><span class="p">,</span>
  70. <span class="s2">&quot;interval&quot;</span><span class="p">:</span> <span class="o">&lt;</span><span class="n">time</span><span class="o">-</span><span class="n">interval</span><span class="o">-</span><span class="ow">in</span><span class="o">-</span><span class="n">sec</span><span class="o">&gt;</span><span class="p">,</span>
  71. <span class="s2">&quot;limit&quot;</span><span class="p">:</span> <span class="o">&lt;</span><span class="nb">max</span><span class="o">-</span><span class="n">request</span><span class="o">-</span><span class="n">number</span><span class="o">-</span><span class="ow">in</span><span class="o">-</span><span class="n">interval</span><span class="o">&gt;</span><span class="p">,</span>
  72. <span class="s2">&quot;stop&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
  73. <span class="s2">&quot;aggregations&quot;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&quot;Header:X-Forwarded-For&quot;</span><span class="p">],</span>
  74. <span class="s2">&quot;actions&quot;</span><span class="p">:</span> <span class="p">[</span>
  75. <span class="p">{</span><span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;block&quot;</span><span class="p">,</span>
  76. <span class="s2">&quot;params&quot;</span><span class="p">:</span> <span class="p">{</span><span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Rate limit exceeded&quot;</span><span class="p">}}</span>
  77. <span class="p">]</span>
  78. <span class="p">},</span>
  79. <span class="p">{</span>
  80. <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;rss/json limit&quot;</span><span class="p">,</span>
  81. <span class="s2">&quot;interval&quot;</span><span class="p">:</span> <span class="o">&lt;</span><span class="n">time</span><span class="o">-</span><span class="n">interval</span><span class="o">-</span><span class="ow">in</span><span class="o">-</span><span class="n">sec</span><span class="o">&gt;</span><span class="p">,</span>
  82. <span class="s2">&quot;limit&quot;</span><span class="p">:</span> <span class="o">&lt;</span><span class="nb">max</span><span class="o">-</span><span class="n">request</span><span class="o">-</span><span class="n">number</span><span class="o">-</span><span class="ow">in</span><span class="o">-</span><span class="n">interval</span><span class="o">&gt;</span><span class="p">,</span>
  83. <span class="s2">&quot;stop&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
  84. <span class="s2">&quot;filters&quot;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&quot;Param:format=(csv|json|rss)&quot;</span><span class="p">],</span>
  85. <span class="s2">&quot;actions&quot;</span><span class="p">:</span> <span class="p">[</span>
  86. <span class="p">{</span><span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;block&quot;</span><span class="p">,</span>
  87. <span class="s2">&quot;params&quot;</span><span class="p">:</span> <span class="p">{</span><span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Rate limit exceeded&quot;</span><span class="p">}}</span>
  88. <span class="p">]</span>
  89. <span class="p">},</span>
  90. <span class="p">{</span>
  91. <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;useragent limit&quot;</span><span class="p">,</span>
  92. <span class="s2">&quot;interval&quot;</span><span class="p">:</span> <span class="o">&lt;</span><span class="n">time</span><span class="o">-</span><span class="n">interval</span><span class="o">-</span><span class="ow">in</span><span class="o">-</span><span class="n">sec</span><span class="o">&gt;</span><span class="p">,</span>
  93. <span class="s2">&quot;limit&quot;</span><span class="p">:</span> <span class="o">&lt;</span><span class="nb">max</span><span class="o">-</span><span class="n">request</span><span class="o">-</span><span class="n">number</span><span class="o">-</span><span class="ow">in</span><span class="o">-</span><span class="n">interval</span><span class="o">&gt;</span><span class="p">,</span>
  94. <span class="s2">&quot;aggregations&quot;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&quot;Header:User-Agent&quot;</span><span class="p">],</span>
  95. <span class="s2">&quot;actions&quot;</span><span class="p">:</span> <span class="p">[</span>
  96. <span class="p">{</span><span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;block&quot;</span><span class="p">,</span>
  97. <span class="s2">&quot;params&quot;</span><span class="p">:</span> <span class="p">{</span><span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Rate limit exceeded&quot;</span><span class="p">}}</span>
  98. <span class="p">]</span>
  99. <span class="p">}</span>
  100. <span class="p">]</span>
  101. <span class="p">}</span>
  102. <span class="p">]</span>
  103. </pre></div>
  104. </div>
  105. </div>
  106. <div class="section" id="route-request-through-filtron">
  107. <h2>Route request through filtron<a class="headerlink" href="#route-request-through-filtron" title="Permalink to this headline">¶</a></h2>
  108. <p>Filtron can be started using the following command:</p>
  109. <div class="code bash highlight-default notranslate"><div class="highlight"><pre><span></span>$ filtron -rules rules.json
  110. </pre></div>
  111. </div>
  112. <p>It listens on 127.0.0.1:4004 and forwards filtered requests to 127.0.0.1:8888 by default.</p>
  113. <p>Use it along with <code class="docutils literal notranslate"><span class="pre">nginx</span></code> with the following example configuration.</p>
  114. <div class="code bash highlight-default notranslate"><div class="highlight"><pre><span></span>location / {
  115. proxy_set_header Host $http_host;
  116. proxy_set_header X-Real-IP $remote_addr;
  117. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  118. proxy_set_header X-Scheme $scheme;
  119. proxy_pass http://127.0.0.1:4004/;
  120. }
  121. </pre></div>
  122. </div>
  123. <p>Requests are coming from port 4004 going through filtron and then forwarded to port 8888 where a searx is being run.</p>
  124. </div>
  125. </div>
  126. </div>
  127. </div>
  128. </div>
  129. <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
  130. <div class="sphinxsidebarwrapper">
  131. <h3><a href="../index.html">Table Of Contents</a></h3>
  132. <ul>
  133. <li><a class="reference internal" href="#">How to protect an instance</a><ul>
  134. <li><a class="reference internal" href="#sample-configuration-of-filtron">Sample configuration of filtron</a></li>
  135. <li><a class="reference internal" href="#route-request-through-filtron">Route request through filtron</a></li>
  136. </ul>
  137. </li>
  138. </ul>
  139. <div class="sidebar_container body">
  140. <h1>Searx</h1>
  141. <ul>
  142. <li><a href="../index.html">Home</a></li>
  143. <li><a href="https://github.com/asciimoo/searx">Source</a></li>
  144. <li><a href="../blog/blog.html">Blog</a></li>
  145. <li><a href="https://github.com/asciimoo/searx/wiki">Wiki</a></li>
  146. <li><a href="https://github.com/asciimoo/searx/wiki/Searx-instances">Public instances</a></li>
  147. </ul>
  148. <hr />
  149. <ul>
  150. <li><a href="https://twitter.com/Searx_engine">Twitter</a></li>
  151. </ul>
  152. </div>
  153. <div role="note" aria-label="source link">
  154. <h3>This Page</h3>
  155. <ul class="this-page-menu">
  156. <li><a href="../_sources/admin/filtron.rst.txt"
  157. rel="nofollow">Show Source</a></li>
  158. </ul>
  159. </div>
  160. <div id="searchbox" style="display: none" role="search">
  161. <h3>Quick search</h3>
  162. <div class="searchformwrapper">
  163. <form class="search" action="../search.html" method="get">
  164. <input type="text" name="q" />
  165. <input type="submit" value="Go" />
  166. <input type="hidden" name="check_keywords" value="yes" />
  167. <input type="hidden" name="area" value="default" />
  168. </form>
  169. </div>
  170. </div>
  171. <script type="text/javascript">$('#searchbox').show(0);</script>
  172. </div>
  173. </div>
  174. <div class="clearer"></div>
  175. </div>
  176. <div class="footer">
  177. &copy; Copyright 2015-2017, Adam Tauber.
  178. </div>
  179. </body>
  180. </html>