github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 08:53:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
2eb162e25b
discourse/config
History
Osama Sayegh 7bd3986b21
FEATURE: Replace Crawl-delay directive with proper rate limiting (#15131) 
We have a couple of site setting, `slow_down_crawler_user_agents` and `slow_down_crawler_rate`, that are meant to allow site owners to signal to specific crawlers that they're crawling the site too aggressively and that they should slow down.

When a crawler is added to the `slow_down_crawler_user_agents` setting, Discourse currently adds a `Crawl-delay` directive for that crawler in `/robots.txt`. Unfortunately, many crawlers don't support the `Crawl-delay` directive in `/robots.txt` which leaves the site owners no options if a crawler is crawling the site too aggressively.

This PR replaces the `Crawl-delay` directive with proper rate limiting for crawlers added to the `slow_down_crawler_user_agents` list. On every request made by a non-logged in user, Discourse will check the User Agent string and if it contains one of the values of the `slow_down_crawler_user_agents` list, Discourse will only allow 1 request every N seconds for that User Agent (N is the value of the `slow_down_crawler_rate` setting) and the rest of requests made within the same interval will get a 429 response. 

The `slow_down_crawler_user_agents` setting becomes quite dangerous with this PR since it could rate limit lots if not all of anonymous traffic if the setting is not used appropriately. So to protect against this scenario, we've added a couple of new validations to the setting when it's changed:

1) each value added to setting must 3 characters or longer
2) each value cannot be a substring of tokens found in popular browser User Agent. The current list of prohibited values is: apple, windows, linux, ubuntu, gecko, firefox, chrome, safari, applewebkit, webkit, mozilla, macintosh, khtml, intel, osx, os x, iphone, ipad and mac.
2021-11-30 12:55:25 +03:00
..
cloud/cloud66 DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
environments FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
initializers DEV: Deprecate message bus site settings (#14465) 2021-11-11 11:12:25 -06:00
locales FEATURE: Replace Crawl-delay directive with proper rate limiting (#15131) 2021-11-30 12:55:25 +03:00
application.rb FIX: Check env for multisite config path even if config file exists (#14536) 2021-10-06 13:24:50 -05:00
boot.rb DEV: Remove deprecated bootsnap options (#11929) 2021-02-02 14:39:51 +01:00
cdn.yml.sample
database.yml remove some hardcoded 'localhost's from dev environment (#14801) 2021-11-03 11:26:44 +08:00
deploy.rb.sample
dev_defaults.yml FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
discourse_defaults.conf FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
discourse.config.sample
discourse.pill.sample
environment.rb DEV: replace mailcatcher references with mailhog (#14500) 2021-10-05 15:48:06 +05:30
logrotate.conf
multisite.yml.production-sample DEV: Remove db_id from sample multisite config. 2020-05-29 10:48:29 +08:00
nginx.global.conf
nginx.sample.conf FEATURE: Optimize images before upload (#13432) 2021-06-23 12:31:12 -03:00
projections.json DEV: Use .hbr for raw template file extension (#8883) 2020-02-11 13:38:12 -06:00
puma.rb remove daemonize setting (#12232) 2021-03-01 16:42:50 +11:00
routes.rb FEATURE: Display pending posts on user’s page 2021-11-29 10:26:33 +01:00
sidekiq.yml
site_settings.yml DEV: Switch to using uppy uploads in composer by default (#15058) 2021-11-30 08:33:06 +10:00
spring.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
thin.yml.sample
unicorn_launcher
unicorn_upstart.conf
unicorn.conf.rb Revert "DEV: suppress assets logs from qunit tests (#13871)" 2021-07-29 13:28:24 +08:00