2020-02-04 16:59:58 +00:00
|
|
|
[
|
2020-02-11 14:57:42 +00:00
|
|
|
{
|
2020-06-18 16:31:46 +00:00
|
|
|
"name": "roboagent limit",
|
|
|
|
"filters": [
|
|
|
|
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)"
|
|
|
|
],
|
|
|
|
"limit": 0,
|
|
|
|
"stop": true,
|
|
|
|
"actions": [
|
|
|
|
{ "name": "log"},
|
|
|
|
{ "name": "block",
|
2020-02-11 14:57:42 +00:00
|
|
|
"params": {
|
2020-06-18 16:31:46 +00:00
|
|
|
"message": "Rate limit exceeded"
|
2020-02-11 14:57:42 +00:00
|
|
|
}
|
2020-06-18 16:31:46 +00:00
|
|
|
}
|
|
|
|
]
|
2020-02-11 14:57:42 +00:00
|
|
|
},
|
|
|
|
{
|
2020-06-18 16:31:46 +00:00
|
|
|
"name": "botlimit",
|
|
|
|
"filters": [
|
|
|
|
"Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
|
|
|
|
],
|
|
|
|
"limit": 0,
|
|
|
|
"stop": true,
|
|
|
|
"actions": [
|
|
|
|
{ "name": "log"},
|
|
|
|
{ "name": "block",
|
2020-02-11 14:57:42 +00:00
|
|
|
"params": {
|
2020-06-18 16:31:46 +00:00
|
|
|
"message": "Rate limit exceeded"
|
2020-02-11 14:57:42 +00:00
|
|
|
}
|
2020-06-18 16:31:46 +00:00
|
|
|
}
|
|
|
|
]
|
2020-02-11 14:57:42 +00:00
|
|
|
},
|
2020-06-18 16:31:46 +00:00
|
|
|
{
|
|
|
|
"name": "suspiciously frequent IP",
|
|
|
|
"filters": [],
|
|
|
|
"interval": 600,
|
|
|
|
"limit": 30,
|
|
|
|
"aggregations": [
|
|
|
|
"Header:X-Forwarded-For"
|
2020-02-11 14:57:42 +00:00
|
|
|
],
|
2020-06-18 16:31:46 +00:00
|
|
|
"actions":[
|
|
|
|
{"name":"log"}
|
2020-02-11 14:57:42 +00:00
|
|
|
]
|
|
|
|
},
|
2020-06-18 16:31:46 +00:00
|
|
|
{
|
|
|
|
"name": "search request",
|
|
|
|
"filters": [
|
|
|
|
"Param:q",
|
|
|
|
"Path=^(/|/search)$"
|
|
|
|
],
|
|
|
|
"interval": 61,
|
|
|
|
"limit": 999,
|
|
|
|
"subrules": [
|
|
|
|
{
|
|
|
|
"name": "missing Accept-Language",
|
|
|
|
"filters": ["!Header:Accept-Language"],
|
|
|
|
"limit": 0,
|
|
|
|
"stop": true,
|
|
|
|
"actions": [
|
|
|
|
{"name":"log"},
|
|
|
|
{"name": "block",
|
|
|
|
"params": {"message": "Rate limit exceeded"}}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "suspiciously Connection=close header",
|
|
|
|
"filters": ["Header:Connection=close"],
|
|
|
|
"limit": 0,
|
|
|
|
"stop": true,
|
|
|
|
"actions": [
|
|
|
|
{"name":"log"},
|
|
|
|
{"name": "block",
|
|
|
|
"params": {"message": "Rate limit exceeded"}}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "IP limit",
|
|
|
|
"interval": 61,
|
|
|
|
"limit": 9,
|
|
|
|
"stop": true,
|
|
|
|
"aggregations": [
|
|
|
|
"Header:X-Forwarded-For"
|
|
|
|
],
|
|
|
|
"actions": [
|
|
|
|
{ "name": "log"},
|
|
|
|
{ "name": "block",
|
|
|
|
"params": {
|
|
|
|
"message": "Rate limit exceeded"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "rss/json limit",
|
|
|
|
"filters": [
|
|
|
|
"Param:format=(csv|json|rss)"
|
|
|
|
],
|
|
|
|
"interval": 121,
|
|
|
|
"limit": 2,
|
|
|
|
"stop": true,
|
|
|
|
"actions": [
|
|
|
|
{ "name": "log"},
|
|
|
|
{ "name": "block",
|
|
|
|
"params": {
|
|
|
|
"message": "Rate limit exceeded"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "useragent limit",
|
|
|
|
"interval": 61,
|
|
|
|
"limit": 199,
|
|
|
|
"aggregations": [
|
|
|
|
"Header:User-Agent"
|
|
|
|
],
|
|
|
|
"actions": [
|
|
|
|
{ "name": "log"},
|
|
|
|
{ "name": "block",
|
|
|
|
"params": {
|
|
|
|
"message": "Rate limit exceeded"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
]
|
2020-02-11 14:57:42 +00:00
|
|
|
}
|
2020-02-04 16:59:58 +00:00
|
|
|
]
|