mirror of
https://github.com/searxng/searxng.git
synced 2024-11-05 04:40:11 +01:00
1ec325adcc
In order to be able to meet the outstanding requirements, the implementation is modularized and supplemented with documentation. This patch does not contain functional change, except it fixes issue #2455 ---- Aktivate limiter in the settings.yml and simulate a bot request by:: curl -H 'Accept-Language: de-DE,en-US;q=0.7,en;q=0.3' \ -H 'Accept: text/html' -H 'User-Agent: xyz' \ -H 'Accept-Encoding: gzip' \ 'http://127.0.0.1:8888/search?q=foo' In the LOG: DEBUG searx.botdetection.link_token : missing ping for this request: ..... Since ``BURST_MAX_SUSPICIOUS = 2`` you can repeat the query above two time before you get a "Too Many Requests" response. Closes: https://github.com/searxng/searxng/issues/2455 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
27 lines
845 B
Python
27 lines
845 B
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
# lint: pylint
|
|
"""
|
|
Method ``http_accept_encoding``
|
|
-------------------------------
|
|
|
|
The ``http_accept_encoding`` method evaluates a request as the request of a
|
|
bot if the Accept-Encoding_ header ..
|
|
|
|
- did not contain ``gzip`` AND ``deflate`` (if both values are missed)
|
|
- did not contain ``text/html``
|
|
|
|
.. _Accept-Encoding:
|
|
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding
|
|
|
|
"""
|
|
|
|
from typing import Optional, Tuple
|
|
import flask
|
|
|
|
|
|
def filter_request(request: flask.Request) -> Optional[Tuple[int, str]]:
|
|
accept_list = [l.strip() for l in request.headers.get('Accept-Encoding', '').split(',')]
|
|
if not ('gzip' in accept_list or 'deflate' in accept_list):
|
|
return 429, "bot detected, HTTP header Accept-Encoding did not contain gzip nor deflate"
|
|
return None
|