[mod] limiter -> botdetection: modularization and documentation

In order to be able to meet the outstanding requirements, the implementation is modularized and supplemented with documentation. This patch does not contain functional change, except it fixes issue #2455 ---- Aktivate limiter in the settings.yml and simulate a bot request by:: curl -H 'Accept-Language: de-DE,en-US;q=0.7,en;q=0.3' \ -H 'Accept: text/html' -H 'User-Agent: xyz' \ -H 'Accept-Encoding: gzip' \ 'http://127.0.0.1:8888/search?q=foo' In the LOG: DEBUG searx.botdetection.link_token : missing ping for this request: ..... Since ``BURST_MAX_SUSPICIOUS = 2`` you can repeat the query above two time before you get a "Too Many Requests" response. Closes: https://github.com/searxng/searxng/issues/2455 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-23 18:16:37 +02:00 · 2023-05-23 18:16:37 +02:00 · 1ec325adcc
commit 1ec325adcc
parent 5226044c13
15 changed files with 541 additions and 161 deletions
--- a/searx/botdetection/http_accept.py
+++ b/searx/botdetection/http_accept.py
@ -0,0 +1,24 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
+# lint: pylint
+"""
+Method ``http_accept``
+----------------------
+
+The ``http_accept`` method evaluates a request as the request of a bot if the
+Accept_ header ..
+
+- did not contain ``text/html``
+
+.. _Accept:
+   https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept
+
+"""
+
+from typing import Optional, Tuple
+import flask
+
+
+def filter_request(request: flask.Request) -> Optional[Tuple[int, str]]:
+    if 'text/html' not in request.accept_mimetypes:
+        return 429, "bot detected, HTTP header Accept did not contain text/html"
+    return None