Commit Graph

7295 Commits

Author SHA1 Message Date
Markus Heiser b8c7c2c9aa [mod] botdetection - improve ip_limit and link_token methods
- counting requests in LONG_WINDOW and BURST_WINDOW is not needed when the
  request is validated by the link_token method [1]

- renew a ping-key on validation [2], this is needed for infinite scrolling,
  where no new token (CSS) is loaded. / this does not fix the BURST_MAX issue in
  the vanilla limiter

- normalize the counter names of the ip_limit method to 'ip_limit.*'

- just integrate the ip_limit method straight forward in the limiter plugin /
  non intermediate code --> ip_limit now returns None or a werkzeug.Response
  object that can be passed by the plugin to the flask application / non
  intermediate code that returns a tuple

[1] https://github.com/searxng/searxng/pull/2357#issuecomment-1566113277
[2] https://github.com/searxng/searxng/pull/2357#discussion_r1208542206
[3] https://github.com/searxng/searxng/pull/2357#issuecomment-1566125979

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-06-01 14:38:53 +02:00
Markus Heiser 52f1452c09 [mod] limiter: ip_limt - monitore suspicious IPs
To intercept bots that get their IPs from a range of IPs, there is a
``SUSPICIOUS_IP_WINDOW``.  In this window the suspicious IPs are stored for a
longer time.  IPs stored in this sliding window have a maximum of
``SUSPICIOUS_IP_MAX`` accesses before they are blocked.  As soon as the IP makes
a request that is not suspicious, the sliding window for this IP is droped.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-06-01 14:38:53 +02:00
Markus Heiser 9d7456fd6c [fix] limiter.toml: botdetection.ip_limit turn off link_token by default
To activate the ``link_token`` method in the ``ip_limit`` method add the
following to your ``/etc/searxng/limiter.toml``::

   [botdetection.ip_limit]
   link_token = true

Related: https://github.com/searxng/searxng/pull/2357#issuecomment-1554116941
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-06-01 14:38:53 +02:00
Markus Heiser 66fdec0eb9 [mod] limiter: add config file /etc/searxng/limiter.toml
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-06-01 14:38:53 +02:00
Markus Heiser 1ec325adcc [mod] limiter -> botdetection: modularization and documentation
In order to be able to meet the outstanding requirements, the implementation is
modularized and supplemented with documentation.

This patch does not contain functional change, except it fixes issue #2455

----

Aktivate limiter in the settings.yml and simulate a bot request by::

    curl -H 'Accept-Language: de-DE,en-US;q=0.7,en;q=0.3' \
         -H 'Accept: text/html'
         -H 'User-Agent: xyz' \
         -H 'Accept-Encoding: gzip' \
         'http://127.0.0.1:8888/search?q=foo'

In the LOG:

    DEBUG   searx.botdetection.link_token : missing ping for this request: .....

Since ``BURST_MAX_SUSPICIOUS = 2`` you can repeat the query above two time
before you get a "Too Many Requests" response.

Closes: https://github.com/searxng/searxng/issues/2455
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-29 14:54:56 +02:00
Markus Heiser 5226044c13 [mod] limiter: add random token to the limiter URL
By adding a random component in the limiter URL a bot can no longer send a ping
by request a static URL.

Related: https://github.com/searxng/searxng/pull/2357#issuecomment-1518525094
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-29 14:54:56 +02:00
Markus Heiser dba569462d [mod] limiter: reduce request rates for requests without a ping
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-29 14:54:56 +02:00
dalf c1b5ff7e1c Update searx.data - update_engine_descriptions.py 2023-05-29 07:28:50 +02:00
dalf 2ba50d392e Update searx.data - update_currencies.py 2023-05-29 07:28:18 +02:00
dalf cb843ef13c Update searx.data - update_engine_traits.py 2023-05-29 07:27:40 +02:00
dalf 512e001277 Update searx.data - update_firefox_version.py 2023-05-29 07:27:07 +02:00
dalf f03ac9b152 Update searx.data - update_wikidata_units.py 2023-05-29 07:26:47 +02:00
dalf e12e350f7f Update searx.data - update_ahmia_blacklist.py 2023-05-29 07:26:20 +02:00
Markus Heiser 3ca97cf5e3 [fix] simple theme: move engine alerts in case of no results into sidebar
If there were no results but errors in the engines then the error dialogs of the
engines was displayed in the result list.

With the new design errors of the engines should only be displayed in the
sidebar and at the same time duplications of the (template) code will be
avoided.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-28 12:19:32 +02:00
mrpaulblack 60b94dfdca [build] /static 2023-05-28 12:19:32 +02:00
mrpaulblack f087959b02 [mod] simple theme: build design for details (collapsables)
* set border top and bottom on sidebar collasables
* inrease peading on summary so its easier to click on mobile
* remove margins and add flex wrapper to normalize elements in sidebar
2023-05-28 12:19:32 +02:00
Markus Heiser b7e315563d [mod] simple theme: collaps/expand elements in the sidebar
Make elements in the sidebar collapse able.  Except infoboxes all elements in
the sidebar are collapsed by default.

By folding out the sidebar elements, the UI looks less cluttered.  Especially on
small devices like smartphones, where the sidebar is above the results list, the
UX should be improved [1].

[1] https://github.com/searxng/searxng/issues/2140

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-28 12:19:32 +02:00
Markus Heiser 79c02456c1
Merge pull request #2462 from return42/fix-typos
[doc] fix tyops in docs/dev/reST.rst
2023-05-26 12:06:19 +02:00
Markus Heiser 64cbe80d05
Merge pull request #2459 from searxng/translations_update
Update translations
2023-05-26 12:03:58 +02:00
Markus Heiser ce3230f365
Merge pull request #2460 from searxng/dependabot/pip/master/typing-extensions-4.6.2
Bump typing-extensions from 4.5.0 to 4.6.2
2023-05-26 12:03:05 +02:00
Markus Heiser 620415f4cf
Merge pull request #2461 from searxng/dependabot/pip/master/yamllint-1.32.0
Bump yamllint from 1.31.0 to 1.32.0
2023-05-26 12:02:14 +02:00
Markus Heiser 68a0e1bfc3 [doc] fix tyops in docs/dev/reST.rst
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-26 11:51:35 +02:00
dependabot[bot] 5137452677
Bump yamllint from 1.31.0 to 1.32.0
Bumps [yamllint](https://github.com/adrienverge/yamllint) from 1.31.0 to 1.32.0.
- [Changelog](https://github.com/adrienverge/yamllint/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/adrienverge/yamllint/compare/v1.31.0...v1.32.0)

---
updated-dependencies:
- dependency-name: yamllint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-26 07:56:43 +00:00
dependabot[bot] 8ce08f201b
Bump typing-extensions from 4.5.0 to 4.6.2
Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.5.0 to 4.6.2.
- [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md)
- [Commits](https://github.com/python/typing_extensions/compare/4.5.0...4.6.2)

---
updated-dependencies:
- dependency-name: typing-extensions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-26 07:56:37 +00:00
searxng-bot e8054026fb [translations] update from Weblate
69171f12 - 2023-05-25 - fabiosantoscode <fabiosantosart@gmail.com>
2caaed0a - 2023-05-23 - trmx <borcan.cristian1@gmail.com>
84d1702b - 2023-05-21 - return42 <markus.heiser@darmarit.de>
65cc6eb8 - 2023-05-21 - return42 <markus.heiser@darmarit.de>
e0ab3383 - 2023-05-22 - return42 <markus.heiser@darmarit.de>
23e87f15 - 2023-05-21 - return42 <markus.heiser@darmarit.de>
14f0fc6b - 2023-05-21 - return42 <markus.heiser@darmarit.de>
5b7c7b7d - 2023-05-21 - return42 <markus.heiser@darmarit.de>
c725b38d - 2023-05-21 - return42 <markus.heiser@darmarit.de>
2023-05-26 07:08:21 +00:00
Markus Heiser b2d0b74357
Merge pull request #2453 from return42/fix-typo
[fix] typo: dues --> does
2023-05-22 13:23:48 +02:00
Markus Heiser ebe22a4319 [fix] typo: dues --> does
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-22 13:18:22 +02:00
Markus Heiser cea277ce52
Merge pull request #2452 from return42/fix-2434
[fix] ClientPref - don't raise exception if Accept-Language is invalid
2023-05-22 12:46:26 +02:00
Markus Heiser bc647fabaf [fix] ClientPref - don't raise exception if Accept-Language is invalid
If the Accept-Language header [1] is set but empty or holds a value that is
unknown to babel, an excpetion is raised::

    $ curl --header 'Accept-Language: xyz' 'http://127.0.0.1:8888/search?q=foo'
    ...
    Traceback (most recent call last):
      File "searx/preferences.py", line 335, in from_http_request
        return cls(locale=pairs[0][0])
    IndexError: list index out of range

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language

Reported by: @Eolien55 in https://github.com/searxng/searxng/issues/2434#issuecomment-1556199789
Closes: https://github.com/searxng/searxng/issues/2434
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-22 12:38:59 +02:00
Markus Heiser 73c023bbea
Merge pull request #2451 from return42/doc-captcha-from-server-ip
[doc] answer CAPTCHA from server's IP
2023-05-22 10:59:27 +02:00
Markus Heiser 0ee27ba3aa [doc] answer CAPTCHA from server's IP
Related: https://github.com/searxng/searxng/issues/2011#issuecomment-1553317619
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-22 10:46:10 +02:00
Markus Heiser ddbab4b3c9
Merge pull request #2450 from return42/lxc-doc
[doc] update & fix documentation of the "SearXNG LXC suite"
2023-05-21 18:26:14 +02:00
Markus Heiser c9833ded9f [doc] update & fix documentation of the "SearXNG LXC suite"
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-21 18:12:39 +02:00
Markus Heiser d867bf17e6
Merge pull request #2447 from searxng/dependabot/pip/master/linuxdoc-20230506
Bump linuxdoc from 20230321 to 20230506
2023-05-19 20:08:11 +02:00
Markus Heiser bab730c8a8
Merge pull request #2446 from searxng/translations_update
Update translations
2023-05-19 19:59:58 +02:00
Markus Heiser 7b2f1079f6
Merge pull request #2448 from Pankwings/logger_warning
use logger.warning
2023-05-19 19:58:47 +02:00
pankaj 4900c091a6 use logger.warning
logger.warn() is depricated.
logger.warning is already being used in some files.
2023-05-19 19:35:29 +05:30
dependabot[bot] ef31fa8097
Bump linuxdoc from 20230321 to 20230506
Bumps [linuxdoc](https://github.com/return42/linuxdoc) from 20230321 to 20230506.
- [Changelog](https://github.com/return42/linuxdoc/blob/master/CHANGELOG)
- [Commits](https://github.com/return42/linuxdoc/commits)

---
updated-dependencies:
- dependency-name: linuxdoc
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-19 07:56:49 +00:00
searxng-bot 23b53a03c2 [translations] update from Weblate
2eeec66c - 2023-05-13 - return42 <markus.heiser@darmarit.de>
87058e51 - 2023-05-13 - return42 <markus.heiser@darmarit.de>
2023-05-19 07:07:56 +00:00
Markus Heiser 50cd7e2b03
Merge pull request #2435 from return42/disable-donation
[mod] donation_url: disable by default
2023-05-15 09:41:15 +02:00
Markus Heiser 007a615ffa [mod] donation_url: disable by default
SearXNG's donation campaign has been ended.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-15 09:19:17 +02:00
Markus Heiser 84c23a8f62
Merge pull request #2408 from return42/changelog
[releases] rolling release: commit history replaces the CHANGELOG
2023-05-13 18:15:48 +02:00
Markus Heiser ba1c8355dc
Merge pull request #2414 from nberlee/master
Bump Alpine 3.18 (Python 3.11)
2023-05-13 17:55:23 +02:00
Markus Heiser 2c74f8dee5
Merge pull request #2421 from searxng/dependabot/pip/master/redis-4.5.5
Bump redis from 4.5.4 to 4.5.5
2023-05-13 06:57:20 +02:00
Markus Heiser 15f44339a0
Merge pull request #2423 from searxng/dependabot/pip/master/selenium-4.9.1
Bump selenium from 4.9.0 to 4.9.1
2023-05-13 06:56:14 +02:00
Markus Heiser 1fc268a52d
Merge pull request #2424 from searxng/dependabot/pip/master/certifi-2023.5.7
Bump certifi from 2022.12.7 to 2023.5.7
2023-05-13 06:55:23 +02:00
dependabot[bot] e1dedfd8c3
Bump selenium from 4.9.0 to 4.9.1
Bumps [selenium](https://github.com/SeleniumHQ/Selenium) from 4.9.0 to 4.9.1.
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](https://github.com/SeleniumHQ/Selenium/compare/selenium-4.9.0...selenium-4.9.1)

---
updated-dependencies:
- dependency-name: selenium
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-13 04:06:23 +00:00
Markus Heiser 6625b6193e
Merge pull request #2420 from searxng/translations_update
Update translations
2023-05-13 06:06:07 +02:00
Markus Heiser 9c97a04180
Merge pull request #2422 from searxng/dependabot/pip/master/pylint-2.17.4
Bump pylint from 2.17.3 to 2.17.4
2023-05-13 06:05:41 +02:00
Markus Heiser 19ce3d88ce
Merge pull request #2430 from return42/fix-2419-ddg
[fix] engine ddg: minor change in the API of ddg
2023-05-13 05:55:33 +02:00