From 3af629ec090d1ab135fbd7c9b45088c8ca4e541e Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Fri, 22 Sep 2023 10:58:40 +0200 Subject: [PATCH] [mod] activate limiter & link_token method (aka CSS ping) by default Signed-off-by: Markus Heiser --- utils/searxng.sh | 17 +++++++++++++++-- utils/templates/etc/searxng/limiter.toml | 13 +++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 utils/templates/etc/searxng/limiter.toml diff --git a/utils/searxng.sh b/utils/searxng.sh index e04f87e10..670e121ec 100755 --- a/utils/searxng.sh +++ b/utils/searxng.sh @@ -23,6 +23,7 @@ SEARXNG_STATIC="${SEARXNG_SRC}/searx/static" SEARXNG_PYENV="${SERVICE_HOME}/searx-pyenv" SEARXNG_SETTINGS_PATH="/etc/searxng/settings.yml" +LIMITER_SETTINGS_PATH="/etc/searxng/limiter.toml" SEARXNG_UWSGI_APP="searxng.ini" SEARXNG_INTERNAL_HTTP="${SEARXNG_BIND_ADDRESS}:${SEARXNG_PORT}" @@ -131,7 +132,7 @@ install|remove: all : complete (de-) installation of the SearXNG service user : service user '${SERVICE_USER}' (${SERVICE_HOME}) pyenv : virtualenv (python) in ${SEARXNG_PYENV} - settings : settings from ${SEARXNG_SETTINGS_PATH} + settings : settings from $(dirname "${SEARXNG_SETTINGS_PATH}") uwsgi : SearXNG's uWSGI app ${SEARXNG_UWSGI_APP} redis : build & install or remove a local redis server ${REDIS_HOME}/run/redis.sock nginx : HTTP site ${NGINX_APPS_AVAILABLE}/${NGINX_SEARXNG_SITE} @@ -522,7 +523,7 @@ EOF } searxng.install.settings() { - rst_title "install ${SEARXNG_SETTINGS_PATH}" section + rst_title "install $(dirname "${SEARXNG_SETTINGS_PATH}")" section if ! [[ -f "${SEARXNG_SRC}/.git/config" ]]; then die "Before install settings, first install SearXNG." @@ -531,6 +532,11 @@ searxng.install.settings() { mkdir -p "$(dirname "${SEARXNG_SETTINGS_PATH}")" + DEFAULT_SELECT=1 \ + install_template --no-eval \ + "${LIMITER_SETTINGS_PATH}" \ + "${SERVICE_USER}" "${SERVICE_GROUP}" + DEFAULT_SELECT=1 \ install_template --no-eval \ "${SEARXNG_SETTINGS_PATH}" \ @@ -545,6 +551,7 @@ searxng.remove.settings() { rst_title "remove ${SEARXNG_SETTINGS_PATH}" section if ask_yn "Do you want to delete the SearXNG settings?" Yn; then rm -f "${SEARXNG_SETTINGS_PATH}" + rm -f "${LIMITER_SETTINGS_PATH}" fi } @@ -575,6 +582,12 @@ pip install -U wheel pip install -U pyyaml pip install -U -e . EOF + rst_para "update instance's limiter.toml from ${LIMITER_SETTINGS_PATH}" + DEFAULT_SELECT=2 \ + install_template --no-eval \ + "${LIMITER_SETTINGS_PATH}" \ + "${SERVICE_USER}" "${SERVICE_GROUP}" + rst_para "update instance's settings.yml from ${SEARXNG_SETTINGS_PATH}" DEFAULT_SELECT=2 \ install_template --no-eval \ diff --git a/utils/templates/etc/searxng/limiter.toml b/utils/templates/etc/searxng/limiter.toml new file mode 100644 index 000000000..f6247000e --- /dev/null +++ b/utils/templates/etc/searxng/limiter.toml @@ -0,0 +1,13 @@ +# Limiter configuration / bot protection & IP rate limitation + +[real_ip] + +# number of values to trust for X-Forwarded-For +# https://docs.searxng.org/admin/searx.botdetection.html#searx.botdetection.get_real_ip +x_for = 1 + +[botdetection.ip_limit] + +# activate link_token method in the ip_limit method +# https://docs.searxng.org/admin/searx.botdetection.html#method-ip-limit +link_token = true \ No newline at end of file