mirror of https://github.com/searxng/searxng.git
Compare commits
3 Commits
35cc4726be
...
127b98482c
Author | SHA1 | Date |
---|---|---|
Markus Heiser | 127b98482c | |
Nicolas Dato | abd9b271bc | |
Markus Heiser | 1c9b28968d |
|
@ -53,6 +53,9 @@ Probe HTTP headers
|
||||||
.. automodule:: searx.botdetection.http_user_agent
|
.. automodule:: searx.botdetection.http_user_agent
|
||||||
:members:
|
:members:
|
||||||
|
|
||||||
|
.. automodule:: searx.botdetection.sec_fetch
|
||||||
|
:members:
|
||||||
|
|
||||||
.. _botdetection config:
|
.. _botdetection config:
|
||||||
|
|
||||||
Config
|
Config
|
||||||
|
|
|
@ -31,6 +31,9 @@ def dump_request(request: flask.Request):
|
||||||
+ " || Content-Length: %s" % request.headers.get('Content-Length')
|
+ " || Content-Length: %s" % request.headers.get('Content-Length')
|
||||||
+ " || Connection: %s" % request.headers.get('Connection')
|
+ " || Connection: %s" % request.headers.get('Connection')
|
||||||
+ " || User-Agent: %s" % request.headers.get('User-Agent')
|
+ " || User-Agent: %s" % request.headers.get('User-Agent')
|
||||||
|
+ " || Sec-Fetch-Site: %s" % request.headers.get('Sec-Fetch-Site')
|
||||||
|
+ " || Sec-Fetch-Mode: %s" % request.headers.get('Sec-Fetch-Mode')
|
||||||
|
+ " || Sec-Fetch-Dest: %s" % request.headers.get('Sec-Fetch-Dest')
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,59 @@
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
"""
|
||||||
|
Method ``http_sec_fetch``
|
||||||
|
-------------------------
|
||||||
|
|
||||||
|
The ``http_sec_fetch`` method protect resources from web attacks with `Fetch
|
||||||
|
Metadata`_. A request is filtered out in case of:
|
||||||
|
|
||||||
|
- http header Sec-Fetch-Mode_ is invalid
|
||||||
|
- http header Sec-Fetch-Dest_ is invalid
|
||||||
|
|
||||||
|
.. _Fetch Metadata:
|
||||||
|
https://developer.mozilla.org/en-US/docs/Glossary/Fetch_metadata_request_header
|
||||||
|
|
||||||
|
.. Sec-Fetch-Dest:
|
||||||
|
https://developer.mozilla.org/en-US/docs/Web/API/Request/destination
|
||||||
|
|
||||||
|
.. Sec-Fetch-Mode:
|
||||||
|
https://developer.mozilla.org/en-US/docs/Web/API/Request/mode
|
||||||
|
|
||||||
|
|
||||||
|
"""
|
||||||
|
# pylint: disable=unused-argument
|
||||||
|
|
||||||
|
from __future__ import annotations
|
||||||
|
from ipaddress import (
|
||||||
|
IPv4Network,
|
||||||
|
IPv6Network,
|
||||||
|
)
|
||||||
|
|
||||||
|
import flask
|
||||||
|
import werkzeug
|
||||||
|
|
||||||
|
from . import config
|
||||||
|
from ._helpers import logger
|
||||||
|
|
||||||
|
|
||||||
|
def filter_request(
|
||||||
|
network: IPv4Network | IPv6Network,
|
||||||
|
request: flask.Request,
|
||||||
|
cfg: config.Config,
|
||||||
|
) -> werkzeug.Response | None:
|
||||||
|
|
||||||
|
val = request.headers.get("Sec-Fetch-Mode", "")
|
||||||
|
if val != "navigate":
|
||||||
|
logger.debug("invalid Sec-Fetch-Mode '%s'", val)
|
||||||
|
return flask.redirect(flask.url_for('index'), code=302)
|
||||||
|
|
||||||
|
val = request.headers.get("Sec-Fetch-Site", "")
|
||||||
|
if val not in ('same-origin', 'same-site', 'none'):
|
||||||
|
logger.debug("invalid Sec-Fetch-Site '%s'", val)
|
||||||
|
flask.redirect(flask.url_for('index'), code=302)
|
||||||
|
|
||||||
|
val = request.headers.get("Sec-Fetch-Dest", "")
|
||||||
|
if val != "document":
|
||||||
|
logger.debug("invalid Sec-Fetch-Dest '%s'", val)
|
||||||
|
flask.redirect(flask.url_for('index'), code=302)
|
||||||
|
|
||||||
|
return None
|
|
@ -6,7 +6,7 @@ DuckDuckGo Lite
|
||||||
|
|
||||||
from typing import TYPE_CHECKING
|
from typing import TYPE_CHECKING
|
||||||
import re
|
import re
|
||||||
from urllib.parse import urlencode
|
from urllib.parse import urlencode, quote_plus
|
||||||
import json
|
import json
|
||||||
import babel
|
import babel
|
||||||
import lxml.html
|
import lxml.html
|
||||||
|
@ -245,10 +245,12 @@ def request(query, params):
|
||||||
|
|
||||||
# Advanced search syntax ends in CAPTCHA
|
# Advanced search syntax ends in CAPTCHA
|
||||||
# https://duckduckgo.com/duckduckgo-help-pages/results/syntax/
|
# https://duckduckgo.com/duckduckgo-help-pages/results/syntax/
|
||||||
query = [
|
query = " ".join(
|
||||||
|
[
|
||||||
x.removeprefix("site:").removeprefix("intitle:").removeprefix("inurl:").removeprefix("filetype:")
|
x.removeprefix("site:").removeprefix("intitle:").removeprefix("inurl:").removeprefix("filetype:")
|
||||||
for x in query.split()
|
for x in query.split()
|
||||||
]
|
]
|
||||||
|
)
|
||||||
eng_region = traits.get_region(params['searxng_locale'], traits.all_locale)
|
eng_region = traits.get_region(params['searxng_locale'], traits.all_locale)
|
||||||
if eng_region == "wt-wt":
|
if eng_region == "wt-wt":
|
||||||
# https://html.duckduckgo.com/html sets an empty value for "all".
|
# https://html.duckduckgo.com/html sets an empty value for "all".
|
||||||
|
@ -261,7 +263,7 @@ def request(query, params):
|
||||||
|
|
||||||
params['url'] = url
|
params['url'] = url
|
||||||
params['method'] = 'POST'
|
params['method'] = 'POST'
|
||||||
params['data']['q'] = query
|
params['data']['q'] = quote_plus(query)
|
||||||
|
|
||||||
# The API is not documented, so we do some reverse engineering and emulate
|
# The API is not documented, so we do some reverse engineering and emulate
|
||||||
# what https://html.duckduckgo.com/html does when you press "next Page" link
|
# what https://html.duckduckgo.com/html does when you press "next Page" link
|
||||||
|
|
|
@ -111,6 +111,7 @@ from searx.botdetection import (
|
||||||
http_accept_encoding,
|
http_accept_encoding,
|
||||||
http_accept_language,
|
http_accept_language,
|
||||||
http_user_agent,
|
http_user_agent,
|
||||||
|
http_sec_fetch,
|
||||||
ip_limit,
|
ip_limit,
|
||||||
ip_lists,
|
ip_lists,
|
||||||
get_network,
|
get_network,
|
||||||
|
@ -178,16 +179,17 @@ def filter_request(request: flask.Request) -> werkzeug.Response | None:
|
||||||
logger.error("BLOCK %s: matched BLOCKLIST - %s", network.compressed, msg)
|
logger.error("BLOCK %s: matched BLOCKLIST - %s", network.compressed, msg)
|
||||||
return flask.make_response(('IP is on BLOCKLIST - %s' % msg, 429))
|
return flask.make_response(('IP is on BLOCKLIST - %s' % msg, 429))
|
||||||
|
|
||||||
# methods applied on /
|
# methods applied on all requests
|
||||||
|
|
||||||
for func in [
|
for func in [
|
||||||
http_user_agent,
|
http_user_agent,
|
||||||
]:
|
]:
|
||||||
val = func.filter_request(network, request, cfg)
|
val = func.filter_request(network, request, cfg)
|
||||||
if val is not None:
|
if val is not None:
|
||||||
|
logger.debug(f"NOT OK ({func.__name__}): {network}: %s", dump_request(flask.request))
|
||||||
return val
|
return val
|
||||||
|
|
||||||
# methods applied on /search
|
# methods applied on /search requests
|
||||||
|
|
||||||
if request.path == '/search':
|
if request.path == '/search':
|
||||||
|
|
||||||
|
@ -196,12 +198,15 @@ def filter_request(request: flask.Request) -> werkzeug.Response | None:
|
||||||
http_accept_encoding,
|
http_accept_encoding,
|
||||||
http_accept_language,
|
http_accept_language,
|
||||||
http_user_agent,
|
http_user_agent,
|
||||||
|
http_sec_fetch,
|
||||||
ip_limit,
|
ip_limit,
|
||||||
]:
|
]:
|
||||||
val = func.filter_request(network, request, cfg)
|
val = func.filter_request(network, request, cfg)
|
||||||
if val is not None:
|
if val is not None:
|
||||||
|
logger.debug(f"NOT OK ({func.__name__}): {network}: %s", dump_request(flask.request))
|
||||||
return val
|
return val
|
||||||
logger.debug(f"OK {network}: %s", dump_request(flask.request))
|
logger.debug(f"OK: {network}: %s", dump_request(flask.request))
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue