docs: add honeypot docs

Signed-off-by: Xe Iaso <me@xeiaso.net>
2026-04-12 19:48:44 +00:00 · 2025-12-16 04:03:37 -05:00
parent 83c8c3606a
commit 82fca3e714
6 changed files with 100 additions and 45 deletions
--- a/data/botPolicies.yaml
+++ b/data/botPolicies.yaml
@@ -95,49 +95,49 @@ bots:
  #   weight:
  #     adjust: -10

-  # # Assert behaviour that only genuine browsers display. This ensures that Chrome
-  # # or Firefox versions
-  # - name: realistic-browser-catchall
-  #   expression:
-  #     all:
-  #       - '"User-Agent" in headers'
-  #       - '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
-  #       - '"Accept" in headers'
-  #       - '"Sec-Fetch-Dest" in headers'
-  #       - '"Sec-Fetch-Mode" in headers'
-  #       - '"Sec-Fetch-Site" in headers'
-  #       - '"Accept-Encoding" in headers'
-  #       - '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
-  #       - '"Accept-Language" in headers'
-  #   action: WEIGH
-  #   weight:
-  #     adjust: -10
+  # Assert behaviour that only genuine browsers display. This ensures that Chrome
+  # or Firefox versions
+  - name: realistic-browser-catchall
+    expression:
+      all:
+        - '"User-Agent" in headers'
+        - '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
+        - '"Accept" in headers'
+        - '"Sec-Fetch-Dest" in headers'
+        - '"Sec-Fetch-Mode" in headers'
+        - '"Sec-Fetch-Site" in headers'
+        - '"Accept-Encoding" in headers'
+        - '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
+        - '"Accept-Language" in headers'
+    action: WEIGH
+    weight:
+      adjust: -10

-  # # The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
-  # - name: upgrade-insecure-requests
-  #   expression: '"Upgrade-Insecure-Requests" in headers'
-  #   action: WEIGH
-  #   weight:
-  #     adjust: -2
+  # The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
+  - name: upgrade-insecure-requests
+    expression: '"Upgrade-Insecure-Requests" in headers'
+    action: WEIGH
+    weight:
+      adjust: -2

-  # # Chrome should behave like Chrome
-  # - name: chrome-is-proper
-  #   expression:
-  #     all:
-  #       - userAgent.contains("Chrome")
-  #       - '"Sec-Ch-Ua" in headers'
-  #       - 'headers["Sec-Ch-Ua"].contains("Chromium")'
-  #       - '"Sec-Ch-Ua-Mobile" in headers'
-  #       - '"Sec-Ch-Ua-Platform" in headers'
-  #   action: WEIGH
-  #   weight:
-  #     adjust: -5
+  # Chrome should behave like Chrome
+  - name: chrome-is-proper
+    expression:
+      all:
+        - userAgent.contains("Chrome")
+        - '"Sec-Ch-Ua" in headers'
+        - 'headers["Sec-Ch-Ua"].contains("Chromium")'
+        - '"Sec-Ch-Ua-Mobile" in headers'
+        - '"Sec-Ch-Ua-Platform" in headers'
+    action: WEIGH
+    weight:
+      adjust: -5

-  # - name: should-have-accept
-  #   expression: '!("Accept" in headers)'
-  #   action: WEIGH
-  #   weight:
-  #     adjust: 5
+  - name: should-have-accept
+    expression: '!("Accept" in headers)'
+    action: WEIGH
+    weight:
+      adjust: 5

  # Generic catchall rule
  - name: generic-browser