2020-01-09 15:25:05 +00:00
|
|
|
[{
|
2020-01-13 17:37:05 +00:00
|
|
|
"name":"suspiciously frequent queries",
|
|
|
|
"filters":[
|
|
|
|
"Param:q",
|
|
|
|
"Path=^(/|/search)$"
|
|
|
|
],
|
|
|
|
"interval":120,
|
|
|
|
"limit":9,
|
|
|
|
"actions":[
|
|
|
|
{"name":"log"}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
2020-01-09 15:25:05 +00:00
|
|
|
"name":"search request",
|
|
|
|
"filters":[
|
|
|
|
"Param:q",
|
|
|
|
"Path=^(/|/search)$"
|
|
|
|
],
|
2020-01-13 17:37:05 +00:00
|
|
|
"interval":120,
|
|
|
|
"limit":19,
|
|
|
|
"actions":[
|
|
|
|
{
|
|
|
|
"name":"block",
|
|
|
|
"params":{
|
|
|
|
"message":"common rate limit exceeded"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
],
|
2020-01-09 15:25:05 +00:00
|
|
|
"subrules":[
|
2020-01-08 18:21:07 +00:00
|
|
|
{
|
2020-01-09 15:25:05 +00:00
|
|
|
"name":"roboagent limit",
|
|
|
|
"interval":60,
|
2020-01-13 17:37:05 +00:00
|
|
|
"limit":3,
|
2020-01-09 15:25:05 +00:00
|
|
|
"filters":[
|
2020-01-13 17:37:05 +00:00
|
|
|
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby)"
|
2020-01-09 15:25:05 +00:00
|
|
|
],
|
|
|
|
"actions":[
|
2020-01-13 17:37:05 +00:00
|
|
|
{"name":"log"},
|
|
|
|
{
|
2020-01-09 15:25:05 +00:00
|
|
|
"name":"block",
|
|
|
|
"params":{
|
2020-01-13 17:37:05 +00:00
|
|
|
"message":"rate limit exceeded"
|
2020-01-09 15:25:05 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
2020-01-08 18:21:07 +00:00
|
|
|
},
|
|
|
|
{
|
2020-01-09 15:25:05 +00:00
|
|
|
"name":"botlimit",
|
2020-01-13 17:37:05 +00:00
|
|
|
"interval":60,
|
2020-01-09 15:25:05 +00:00
|
|
|
"limit":0,
|
|
|
|
"stop":true,
|
|
|
|
"filters":[
|
|
|
|
"Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
|
|
|
|
],
|
|
|
|
"actions":[
|
2020-01-13 17:37:05 +00:00
|
|
|
{"name":"log"},
|
2020-01-09 15:25:05 +00:00
|
|
|
{
|
|
|
|
"name":"block",
|
|
|
|
"params":{
|
2020-01-13 17:37:05 +00:00
|
|
|
"message":"rate limit exceeded"
|
2020-01-09 15:25:05 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
2020-01-08 18:21:07 +00:00
|
|
|
},
|
|
|
|
{
|
2020-01-09 15:25:05 +00:00
|
|
|
"name":"IP limit",
|
|
|
|
"interval":60,
|
2020-01-13 17:37:05 +00:00
|
|
|
"limit":13,
|
2020-01-09 15:25:05 +00:00
|
|
|
"stop":true,
|
|
|
|
"aggregations":[
|
|
|
|
"Header:X-Forwarded-For"
|
|
|
|
],
|
|
|
|
"actions":[
|
2020-01-13 17:37:05 +00:00
|
|
|
{"name":"log"},
|
2020-01-09 15:25:05 +00:00
|
|
|
{
|
|
|
|
"name":"block",
|
|
|
|
"params":{
|
2020-01-13 17:37:05 +00:00
|
|
|
"message":"rate limit exceeded"
|
2020-01-09 15:25:05 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name":"rss/json limit",
|
|
|
|
"interval":60,
|
2020-01-13 17:37:05 +00:00
|
|
|
"limit":13,
|
2020-01-09 15:25:05 +00:00
|
|
|
"stop":true,
|
|
|
|
"filters":[
|
|
|
|
"Param:format=(csv|json|rss)"
|
|
|
|
],
|
|
|
|
"actions":[
|
2020-01-13 17:37:05 +00:00
|
|
|
{"name":"log"},
|
2020-01-09 15:25:05 +00:00
|
|
|
{
|
|
|
|
"name":"block",
|
|
|
|
"params":{
|
2020-01-13 17:37:05 +00:00
|
|
|
"message":"rate limit exceeded"
|
2020-01-09 15:25:05 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
2020-01-13 17:37:05 +00:00
|
|
|
},
|
2020-01-09 15:25:05 +00:00
|
|
|
{
|
|
|
|
"name":"useragent limit",
|
|
|
|
"interval":60,
|
2020-01-13 17:37:05 +00:00
|
|
|
"limit":13,
|
2020-01-09 15:25:05 +00:00
|
|
|
"aggregations":[
|
|
|
|
"Header:User-Agent"
|
|
|
|
],
|
|
|
|
"actions":[
|
2020-01-13 17:37:05 +00:00
|
|
|
{"name":"log"},
|
2020-01-09 15:25:05 +00:00
|
|
|
{
|
|
|
|
"name":"block",
|
|
|
|
"params":{
|
2020-01-13 17:37:05 +00:00
|
|
|
"message":"rate limit exceeded"
|
2020-01-09 15:25:05 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
2020-01-08 18:21:07 +00:00
|
|
|
}
|
2020-01-09 15:25:05 +00:00
|
|
|
]
|
|
|
|
}]
|