filtron.sh: updated rules from production

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
Markus Heiser 2020-02-11 15:57:42 +01:00
parent 7751b29559
commit 0d6153db12
1 changed files with 123 additions and 103 deletions

View File

@ -1,105 +1,125 @@
[ [
{ "name": "suspiciously frequent IP", {
"filters": [], "name": "roboagent limit",
"interval": 600, "filters": [
"limit": 30, "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)"
"aggregations": [ ],
"Header:X-Forwarded-For" "limit": 0,
], "stop": true,
"actions":[ "actions": [
{"name":"log"} { "name": "log"},
] { "name": "block",
}, "params": {
{ "name": "search request", "message": "Rate limit exceeded"
"filters": [ }
"Param:q", }
"Path=^(/|/search)$" ]
], },
"interval": 61, {
"limit": 999, "name": "botlimit",
"subrules": [ "filters": [
{ "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
"name": "roboagent limit", ],
"interval": 61, "limit": 0,
"limit": 1, "stop": true,
"filters": [ "actions": [
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)" { "name": "log"},
], { "name": "block",
"actions": [ "params": {
{ "name": "log"}, "message": "Rate limit exceeded"
{ "name": "block", }
"params": { }
"message": "Rate limit exceeded" ]
} },
} { "name": "suspiciously frequent IP",
] "filters": [],
}, "interval": 600,
{ "limit": 30,
"name": "botlimit", "aggregations": [
"limit": 0, "Header:X-Forwarded-For"
"stop": true, ],
"filters": [ "actions":[
"Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" {"name":"log"}
], ]
"actions": [ },
{ "name": "log"}, { "name": "search request",
{ "name": "block", "filters": [
"params": { "Param:q",
"message": "Rate limit exceeded" "Path=^(/|/search)$"
} ],
} "interval": 61,
] "limit": 999,
}, "subrules": [
{ {
"name": "IP limit", "name": "missing Accept-Language",
"interval": 61, "filters": ["!Header:Accept-Language"],
"limit": 9, "limit": 0,
"stop": true, "stop": true,
"aggregations": [ "actions": [
"Header:X-Forwarded-For" {"name": "block",
], "params": {"message": "Rate limit exceeded"}}
"actions": [ ]
{ "name": "log"}, },
{ "name": "block", {
"params": { "name": "suspiciously Connection=close header",
"message": "Rate limit exceeded" "filters": ["Header:Connection=close"],
} "limit": 0,
} "stop": true,
] "actions": [
}, {"name": "block",
{ "params": {"message": "Rate limit exceeded"}}
"name": "rss/json limit", ]
"interval": 121, },
"limit": 2, {
"stop": true, "name": "IP limit",
"filters": [ "interval": 61,
"Param:format=(csv|json|rss)" "limit": 9,
], "stop": true,
"actions": [ "aggregations": [
{ "name": "log"}, "Header:X-Forwarded-For"
{ "name": "block", ],
"params": { "actions": [
"message": "Rate limit exceeded" { "name": "log"},
} { "name": "block",
} "params": {
] "message": "Rate limit exceeded"
}, }
{ }
"name": "useragent limit", ]
"interval": 61, },
"limit": 199, {
"aggregations": [ "name": "rss/json limit",
"Header:User-Agent" "filters": [
], "Param:format=(csv|json|rss)"
"actions": [ ],
{ "name": "log"}, "interval": 121,
{ "name": "block", "limit": 2,
"params": { "stop": true,
"message": "Rate limit exceeded" "actions": [
} { "name": "log"},
} { "name": "block",
] "params": {
} "message": "Rate limit exceeded"
] }
} }
]
},
{
"name": "useragent limit",
"interval": 61,
"limit": 199,
"aggregations": [
"Header:User-Agent"
],
"actions": [
{ "name": "log"},
{ "name": "block",
"params": {
"message": "Rate limit exceeded"
}
}
]
}
]
}
] ]