chore: ban x.ai (#1673)

* chore: ban x.ai Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
2026-06-09 22:08:15 +00:00 · 2026-06-06 10:31:24 -04:00
parent 44d5fa3ce0
commit 5660426700
5 changed files with 17 additions and 0 deletions
@@ -45,3 +45,5 @@ AWOO
 firewalls
 bindhosts
 handrolled
+xai
+gitlab
@@ -41,6 +41,9 @@ bots:
  # Challenge Firefox AI previews
  - import: (data)/clients/x-firefox-ai.yaml

+  # x.ai has a scraper that is killing gitlab instances
+  - import: (data)/crawlers/xai.yaml
+
  # Allow common "keeping the internet working" routes (well-known, favicon, robots.txt)
  - import: (data)/common/keep-internet-working.yaml

@@ -0,0 +1,8 @@
+- name: xai-crawler-and-asn
+  action: DENY
+  user_agent_regex: code-review-sourcing.*\+xai-research
+  remote_addresses:
+    - 69.12.56.0/12
+- name: xai-crawler-user-agent
+  action: DENY
+  user_agent_regex: code-review-sourcing.*\+xai-research
@@ -25,6 +25,9 @@
 # Challenge Firefox AI previews
 - import: (data)/clients/x-firefox-ai.yaml

+# x.ai has a scraper that is killing gitlab instances
+- import: (data)/crawlers/xai.yaml
+
 # Allow common "keeping the internet working" routes (well-known, favicon, robots.txt)
 - import: (data)/common/keep-internet-working.yaml

@@ -30,6 +30,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fix a bug in the dataset poisoning maze that could allow denial of service [#1580](https://github.com/TecharoHQ/anubis/issues/1580).
 - Add config option to add ASN to logs/metrics.
 - Log weight when issuing challenge.
+- Block x.ai's crawler for code review training.
 - Gate pprof endpoints behind `metrics.debug` in the policy file.
 - Limit naive honeypot r9k delay to one second.
 - Fix an obscure case where adding query values to a subrequest match could cause an invalid rule match when using path based matching for protected resources.