arian/anubis-mirror
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2026-04-26 01:52:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(data): add challenge-browser-like.yaml

Browse Source 
This is a huge change to Anubis and will make it a lot more invisible at
the cost of requiring additional server configuration to make it happen.

If you add this bit of nginx config to your location block:

```nginx
proxy_set_header X-Http-Version $server_protocol;
```

And then adjust the bottom bot rule to this:

```yaml
- import: (data)/common/challenge-browser-like.yaml
```

Anubis will be way less aggressive than it was before. This will let
through any traffic that comes from a browser that actually is a browser
via some more advanced heuristics.

I think that this rule alone is the key feature of v1.18.0.

Signed-off-by: Xe Iaso <me@xeiaso.net>
This commit is contained in:
Xe Iaso
2025-04-28 00:20:27 -04:00
parent ea4e5751ab
commit 9f988578a4
4 changed files with 25 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/botPolicies.yaml
+2 -5
View File
@@ -43,10 +43,7 @@ bots:
# report_as: 4 # lie to the operator # report_as: 4 # lie to the operator
# algorithm: slow # intentionally waste CPU cycles and time # algorithm: slow # intentionally waste CPU cycles and time
# Generic catchall rule # Challenge things that claim to be a browser but are not
- name: generic-browser - import: (data)/common/challenge-browser-like.yaml
user_agent_regex: >-
Mozilla|Opera
action: CHALLENGE
dnsbl: false dnsbl: false
data/bots/cloudflare-workers.yaml
+2 -3
View File
@@ -1,4 +1,3 @@
- name: cloudflare-workers - name: cloudflare-workers
headers_regex: expression: '"Cf-Worker" in headers'
CF-Worker: .* action: CHALLENGE
action: DENY
data/common/challenge-browser-like.yaml
+16
View File
@@ -0,0 +1,16 @@
# Challenge anything with HTTP/1.1 that claims to be a browser
- name: challenge-lies-browser-but-http-1.1
action: CHALLENGE
expression:
all:
- '"X-Http-Version" in headers'
- headers["X-Http-Version"] == "HTTP/1.1"
- >-
( userAgent.contains("Mozilla")
|| userAgent.contains("Opera")
|| userAgent.contains("Safari")
|| userAgent.contains("Edge")
|| userAgent.contains("Gecko")
|| userAgent.contains("Windows")
|| userAgent.contains("Linux")
)
data/common/legacy-challenge-everything.yaml
+5
View File
@@ -0,0 +1,5 @@
# Generic catchall rule
- name: generic-browser
user_agent_regex: >-
Mozilla|Opera
action: CHALLENGE