diff --git a/data/botPolicies.yaml b/data/botPolicies.yaml index 12319b39..ca688ef2 100644 --- a/data/botPolicies.yaml +++ b/data/botPolicies.yaml @@ -43,10 +43,7 @@ bots: # report_as: 4 # lie to the operator # algorithm: slow # intentionally waste CPU cycles and time -# Generic catchall rule -- name: generic-browser - user_agent_regex: >- - Mozilla|Opera - action: CHALLENGE +# Challenge things that claim to be a browser but are not +- import: (data)/common/challenge-browser-like.yaml dnsbl: false diff --git a/data/bots/cloudflare-workers.yaml b/data/bots/cloudflare-workers.yaml index 3fe051be..80718352 100644 --- a/data/bots/cloudflare-workers.yaml +++ b/data/bots/cloudflare-workers.yaml @@ -1,4 +1,3 @@ - name: cloudflare-workers - headers_regex: - CF-Worker: .* - action: DENY \ No newline at end of file + expression: '"Cf-Worker" in headers' + action: CHALLENGE \ No newline at end of file diff --git a/data/common/challenge-browser-like.yaml b/data/common/challenge-browser-like.yaml new file mode 100644 index 00000000..afd4cc87 --- /dev/null +++ b/data/common/challenge-browser-like.yaml @@ -0,0 +1,16 @@ + # Challenge anything with HTTP/1.1 that claims to be a browser + - name: challenge-lies-browser-but-http-1.1 + action: CHALLENGE + expression: + all: + - '"X-Http-Version" in headers' + - headers["X-Http-Version"] == "HTTP/1.1" + - >- + ( userAgent.contains("Mozilla") + || userAgent.contains("Opera") + || userAgent.contains("Safari") + || userAgent.contains("Edge") + || userAgent.contains("Gecko") + || userAgent.contains("Windows") + || userAgent.contains("Linux") + ) \ No newline at end of file diff --git a/data/common/legacy-challenge-everything.yaml b/data/common/legacy-challenge-everything.yaml new file mode 100644 index 00000000..722d9cc6 --- /dev/null +++ b/data/common/legacy-challenge-everything.yaml @@ -0,0 +1,5 @@ +# Generic catchall rule +- name: generic-browser + user_agent_regex: >- + Mozilla|Opera + action: CHALLENGE \ No newline at end of file