From 206007a36414b6d38fbf37d73b83a023bf0c0f98 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Thu, 9 Oct 2025 14:49:17 +0000 Subject: [PATCH] fix(default-config): make the default config far less paranoid This uses a variety of heuristics to make sure that clients that claim to be browsers are more likely to behave like browsers. Most of these are based on the results of a lot of reverse engineering and data collection from honeypot servers. Signed-off-by: Xe Iaso --- data/botPolicies.yaml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/data/botPolicies.yaml b/data/botPolicies.yaml index f62af353..5d66564a 100644 --- a/data/botPolicies.yaml +++ b/data/botPolicies.yaml @@ -93,6 +93,44 @@ bots: # weight: # adjust: -10 + # Assert behaviour that only genuine browsers display. This ensures that Chrome + # or Firefox versions + - name: realistic-browser-catchall + expression: + all: + - '"User-Agent" in headers' + - '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )' + - '"Accept" in headers' + - '"Sec-Fetch-Dest" in headers' + - '"Sec-Fetch-Mode" in headers' + - '"Sec-Fetch-Site" in headers' + - '"Upgrade-Insecure-Requests" in headers' + - '"Accept-Encoding" in headers' + - '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )' + - '"Accept-Language" in headers' + action: WEIGH + weight: + adjust: -10 + + # Chrome should behave like Chrome + - name: chrome-is-proper + expression: + all: + - userAgent.contains("Chrome") + - '"Sec-Ch-Ua" in headers' + - 'headers["Sec-Ch-Ua"].contains("Chromium")' + - '"Sec-Ch-Ua-Mobile" in headers' + - '"Sec-Ch-Ua-Platform" in headers' + action: WEIGH + weight: + adjust: -5 + + - name: should-have-accept + expression: '!("Accept" in headers)' + action: WEIGH + weight: + adjust: 5 + # Generic catchall rule - name: generic-browser user_agent_regex: >-