arian/anubis-mirror
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2026-04-10 18:48:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: arian:Xe/agent-hints
Branches Tags
arian:main arian:dependabot/github_actions/github-actions-899c058108 arian:dependabot/go_modules/gomod-93cd730d29 arian:dependabot/npm_and_yarn/npm-34965409cd arian:Xe/feat-main-challenge-uses-preact arian:Xe/faq-min-browser-version arian:Xe/ddwrt-logo arian:Xe/toggle-source arian:Xe/pprof-2 arian:Xe/ci-multiple-go-versions arian:Xe/experimental-windows-binary arian:Xe/go-sh-for-build-scripts arian:Xe/doc-disabling-jit arian:add-claude-github-actions-1773949601522 arian:json/fix-pow-deref arian:Xe/no-govulncheck arian:Xe/docs-systemd-logging-to-file arian:json/gofix arian:json/add-cel-iterator arian:Xe/haproxy-smoke-test arian:Xe/sponsor-logo-sync arian:Xe/agent-hints arian:Xe/contributing-commitlint-etc arian:json/add-back-comments arian:Xe/fix-preact-static-path arian:Xe/document-meta-default-config arian:Xe/bump-go arian:revert-1370-dependabot/go_modules/gomod-76b51a1623 arian:Xe/iplist2rule arian:Xe/fix-nginx-gha arian:fix/nginxsmoke arian:Xe/expose-pprof-in-metrics arian:Xe/serialize-memory arian:Xe/nginx-config-test arian:Xe/no-more-kindness arian:Xe/adjust-accept-rule arian:Xe/honeypot arian:Xe/demote-explicit-deny-logs arian:fix/pin-versions arian:Xe/deprecate-report_as arian:Xe/dependabot-cooldown arian:Xe/logrotate arian:Xe/go-mod-tidy-check arian:Xe/redis-sentinel arian:docs/fix-1080 arian:fix/ogtags-sni arian:fix/ci-go-mod arian:chore/gomodupdates arian:fix/CVE2025_24369-flakyness arian:fix/upgrade-playwright arian:fix/nilpointerpanic arian:Xe/metrics-for-weigh-matches arian:Xe/fix-docs-deploy arian:Xe/dont-cookie-host-implicitly arian:Xe/ensure-embed-folder-matches-embed-fs arian:Xe/more-docker-client-programs arian:Xe/add-asset-build-verification-workflow arian:Xe/gh-1252/docker-registry-client-fix arian:Xe/chrome-version-number-deweighing arian:Xe/blog/abuse-reports arian:Xe/unblock-tencent-cloud arian:Xe/fix-serve-robots-txt arian:Xe/analytics-so-i-can-get-grants arian:Xe/fix-open-redirect-subrequest arian:Xe/remove-copilot-instructions arian:Xe/checker.List-and-like arian:Xe/block-tencent-cloud arian:Xe/fix-bbolt-errors arian:Xe/get-started-environments arian:Xe/show-error-state arian:Xe/fix-webcrypto-detection arian:Xe/even-less-paranoid arian:Xe/unflake-lib-package arian:Xe/default-config-macro arian:Xe/preact-deprecate arian:Xe/less-paranoid arian:Xe/wasm3 arian:Xe/double-slash-xess arian:Xe/double-slash-try-3 arian:Xe/fix-cookie-prefix-stutter arian:Xe/metarefresh-randomly-refresh-header arian:Xe/contentLength-in-expressions arian:Xe/ssh-ci-no-uname-av arian:Xe/ssh-ci-arm64 arian:Xe/actorify arian:Xe/log-filters arian:Xe/decaymap-sync-map arian:Xe/use-typescript arian:Xe/containerbuild-support-commas arian:Xe/npmjs-secvuln-fix arian:json/signingnudge arian:Xe/embed-services-folder arian:Xe/demote-temporal-assurance arian:Xe/store-s3 arian:json/requireED25519 arian:fix/multibot arian:json/docs arian:Xe/redirect-domain-wildcard arian:Xe/fix-force-language arian:Xe/anti-assistant arian:Xe/fix-main arian:Xe/enhanced-temporal-reassurance arian:Xe/docker-buildx-bake2 arian:Xe-patch-1 arian:Xe/proof-of-react arian:Xe/decimal-nonce-post arian:Xe/fix-decimal-nonce arian:json/fixspelling arian:copilot/fix-bac27955-bb79-4b41-8954-7463ba8a52db arian:Xe/block-alibaba arian:Xe/block-huawei arian:Xe/1002-challenge-spent-field arian:Xe/funding-update-august-2025 arian:Xe/remove-hack arian:revert-952-dependabot/github_actions/github-actions-246dc3e5c9 arian:Xe/embed-challenge-id-in-generated-pages arian:Xe/silence-http-pipelining-error arian:Xe/remove-json-docs arian:Xe/fix-purejs-and-make-faster arian:Xe/purge-slow arian:Xe/allow-opengraph-response-urls arian:Xe/anubis-custom-logger arian:Xe/default-rules/customasynchttpclient arian:Xe/store-challenge-method-with-challenge arian:Xe/checks-v2 arian:Xe/cel-segments arian:Xe/chore-expose-thoth arian:Xe/test-xff-no-double-comma arian:Xe/nerf-try-again-button arian:Xe/test-palemoon arian:Xe/xss-fix-2 arian:Xe/xss-fix arian:release/v1.21.1 arian:Xe/v1.21.1-blogpost arian:Xe/russian-translation-with-fixes arian:Xe/fix-unknown-challenge-throw-new-challenge arian:Xe/web-event-loop-thrashing arian:Xe/promise-leak arian:revert-873-dependabot/go_modules/gomod-adef35df73 arian:Xe/osiris arian:dependabot/go_modules/gomod-adef35df73 arian:Xe/missing-header-function arian:Xe/smoke-test/caddy-and-unix-socket arian:Xe/ssh-ci/deflake arian:Xe/smoke-test/translations arian:release/v1.21.0 arian:Xe/health-ready-endpoints arian:Xe/ja4h arian:Xe/test-cookie-fix arian:Xe/docs-image-per-commit arian:Xe/smoke-test/git-push arian:Xe/git-server-test arian:Xe/disable-system-load-by-default arian:release/v1.21.0-pre2 arian:Xe/double-slash-try-2 arian:Xe/status-page arian:Xe/double-slash arian:Xe/changelog-mention-migration-breakage arian:Xe/nginx-micro arian:Xe/TI-20250709-0001 arian:Xe/thoth-client-dont-block-on-healthchecks arian:Xe/load-average arian:Xe/docs-remove-proof-of-work-branding arian:Xe/bbolt-cleanup-every-hour arian:Xe/optimize-bbolt arian:Xe/ogtags-use-store arian:Xe/devcontainer-playwright arian:Xe/store-interface arian:Xe/allow-commoncrawl arian:Xe/docs-botstopper arian:Xe/fix-anubis-systemd-runtimedir-instances arian:Xe/checker-registry arian:vic/set-cookies-to-secure arian:json/dup arian:Xe/docker-buildx-bake arian:Xe/valkey-2 arian:Xe/thr1 arian:Xe/v1.19.0-pre1 arian:Xe/thoth arian:Xe/valkey arian:wasm arian:Xe/expressions arian:Xe/go-tool-yeet arian:Xe/pkgserver arian:Xe/yeet-as-tool arian:release/v1.15.x arian:Xe/minimize-logging arian:revert-134-revert-120-Xe/cookie-settings arian:Xe/allow-internet-archive arian:Xe/hyper-galaxy-brain
arian:v1.25.0 arian:v1.24.0 arian:v1.24.0-pre1 arian:v1.23.1 arian:v1.23.0 arian:v1.23.0-pre2 arian:v1.23.0-pre1 arian:v1.22.0 arian:v1.22.0-pre2 arian:v1.22.0-pre1 arian:v1.21.3 arian:v1.21.2 arian:v1.21.1 arian:v1.21.0 arian:v1.21.0-pre3 arian:v1.21.0-pre2 arian:v1.21.0-pre1 arian:v1.20.0 arian:v1.20.0-pre2 arian:v1.20.0-pre1 arian:v1.19.1 arian:v1.19.0 arian:v1.19.0-pre1 arian:v1.18.0 arian:v1.18.0-pre1 arian:v1.17.1 arian:v1.17.0 arian:v1.17.0.signed arian:v1.17.0-beta4 arian:1.17.0-beta2 arian:v1.17.0-beta3 arian:v1.17.0-beta1 arian:v1.16.0 arian:v1.15.2 arian:v1.15.1 arian:v1.15.0 arian:v1.14.2 arian:v1.14.1 arian:v1.14.0 arian:v1.13.0 arian:v1.12.1
..
compare: arian:fix/pin-versions
Branches Tags
arian:dependabot/github_actions/github-actions-899c058108 arian:dependabot/go_modules/gomod-93cd730d29 arian:dependabot/npm_and_yarn/npm-34965409cd arian:Xe/feat-main-challenge-uses-preact arian:main arian:Xe/faq-min-browser-version arian:Xe/ddwrt-logo arian:Xe/toggle-source arian:Xe/pprof-2 arian:Xe/ci-multiple-go-versions arian:Xe/experimental-windows-binary arian:Xe/go-sh-for-build-scripts arian:Xe/doc-disabling-jit arian:add-claude-github-actions-1773949601522 arian:json/fix-pow-deref arian:Xe/no-govulncheck arian:Xe/docs-systemd-logging-to-file arian:json/gofix arian:json/add-cel-iterator arian:Xe/haproxy-smoke-test arian:Xe/sponsor-logo-sync arian:Xe/agent-hints arian:Xe/contributing-commitlint-etc arian:json/add-back-comments arian:Xe/fix-preact-static-path arian:Xe/document-meta-default-config arian:Xe/bump-go arian:revert-1370-dependabot/go_modules/gomod-76b51a1623 arian:Xe/iplist2rule arian:Xe/fix-nginx-gha arian:fix/nginxsmoke arian:Xe/expose-pprof-in-metrics arian:Xe/serialize-memory arian:Xe/nginx-config-test arian:Xe/no-more-kindness arian:Xe/adjust-accept-rule arian:Xe/honeypot arian:Xe/demote-explicit-deny-logs arian:fix/pin-versions arian:Xe/deprecate-report_as arian:Xe/dependabot-cooldown arian:Xe/logrotate arian:Xe/go-mod-tidy-check arian:Xe/redis-sentinel arian:docs/fix-1080 arian:fix/ogtags-sni arian:fix/ci-go-mod arian:chore/gomodupdates arian:fix/CVE2025_24369-flakyness arian:fix/upgrade-playwright arian:fix/nilpointerpanic arian:Xe/metrics-for-weigh-matches arian:Xe/fix-docs-deploy arian:Xe/dont-cookie-host-implicitly arian:Xe/ensure-embed-folder-matches-embed-fs arian:Xe/more-docker-client-programs arian:Xe/add-asset-build-verification-workflow arian:Xe/gh-1252/docker-registry-client-fix arian:Xe/chrome-version-number-deweighing arian:Xe/blog/abuse-reports arian:Xe/unblock-tencent-cloud arian:Xe/fix-serve-robots-txt arian:Xe/analytics-so-i-can-get-grants arian:Xe/fix-open-redirect-subrequest arian:Xe/remove-copilot-instructions arian:Xe/checker.List-and-like arian:Xe/block-tencent-cloud arian:Xe/fix-bbolt-errors arian:Xe/get-started-environments arian:Xe/show-error-state arian:Xe/fix-webcrypto-detection arian:Xe/even-less-paranoid arian:Xe/unflake-lib-package arian:Xe/default-config-macro arian:Xe/preact-deprecate arian:Xe/less-paranoid arian:Xe/wasm3 arian:Xe/double-slash-xess arian:Xe/double-slash-try-3 arian:Xe/fix-cookie-prefix-stutter arian:Xe/metarefresh-randomly-refresh-header arian:Xe/contentLength-in-expressions arian:Xe/ssh-ci-no-uname-av arian:Xe/ssh-ci-arm64 arian:Xe/actorify arian:Xe/log-filters arian:Xe/decaymap-sync-map arian:Xe/use-typescript arian:Xe/containerbuild-support-commas arian:Xe/npmjs-secvuln-fix arian:json/signingnudge arian:Xe/embed-services-folder arian:Xe/demote-temporal-assurance arian:Xe/store-s3 arian:json/requireED25519 arian:fix/multibot arian:json/docs arian:Xe/redirect-domain-wildcard arian:Xe/fix-force-language arian:Xe/anti-assistant arian:Xe/fix-main arian:Xe/enhanced-temporal-reassurance arian:Xe/docker-buildx-bake2 arian:Xe-patch-1 arian:Xe/proof-of-react arian:Xe/decimal-nonce-post arian:Xe/fix-decimal-nonce arian:json/fixspelling arian:copilot/fix-bac27955-bb79-4b41-8954-7463ba8a52db arian:Xe/block-alibaba arian:Xe/block-huawei arian:Xe/1002-challenge-spent-field arian:Xe/funding-update-august-2025 arian:Xe/remove-hack arian:revert-952-dependabot/github_actions/github-actions-246dc3e5c9 arian:Xe/embed-challenge-id-in-generated-pages arian:Xe/silence-http-pipelining-error arian:Xe/remove-json-docs arian:Xe/fix-purejs-and-make-faster arian:Xe/purge-slow arian:Xe/allow-opengraph-response-urls arian:Xe/anubis-custom-logger arian:Xe/default-rules/customasynchttpclient arian:Xe/store-challenge-method-with-challenge arian:Xe/checks-v2 arian:Xe/cel-segments arian:Xe/chore-expose-thoth arian:Xe/test-xff-no-double-comma arian:Xe/nerf-try-again-button arian:Xe/test-palemoon arian:Xe/xss-fix-2 arian:Xe/xss-fix arian:release/v1.21.1 arian:Xe/v1.21.1-blogpost arian:Xe/russian-translation-with-fixes arian:Xe/fix-unknown-challenge-throw-new-challenge arian:Xe/web-event-loop-thrashing arian:Xe/promise-leak arian:revert-873-dependabot/go_modules/gomod-adef35df73 arian:Xe/osiris arian:dependabot/go_modules/gomod-adef35df73 arian:Xe/missing-header-function arian:Xe/smoke-test/caddy-and-unix-socket arian:Xe/ssh-ci/deflake arian:Xe/smoke-test/translations arian:release/v1.21.0 arian:Xe/health-ready-endpoints arian:Xe/ja4h arian:Xe/test-cookie-fix arian:Xe/docs-image-per-commit arian:Xe/smoke-test/git-push arian:Xe/git-server-test arian:Xe/disable-system-load-by-default arian:release/v1.21.0-pre2 arian:Xe/double-slash-try-2 arian:Xe/status-page arian:Xe/double-slash arian:Xe/changelog-mention-migration-breakage arian:Xe/nginx-micro arian:Xe/TI-20250709-0001 arian:Xe/thoth-client-dont-block-on-healthchecks arian:Xe/load-average arian:Xe/docs-remove-proof-of-work-branding arian:Xe/bbolt-cleanup-every-hour arian:Xe/optimize-bbolt arian:Xe/ogtags-use-store arian:Xe/devcontainer-playwright arian:Xe/store-interface arian:Xe/allow-commoncrawl arian:Xe/docs-botstopper arian:Xe/fix-anubis-systemd-runtimedir-instances arian:Xe/checker-registry arian:vic/set-cookies-to-secure arian:json/dup arian:Xe/docker-buildx-bake arian:Xe/valkey-2 arian:Xe/thr1 arian:Xe/v1.19.0-pre1 arian:Xe/thoth arian:Xe/valkey arian:wasm arian:Xe/expressions arian:Xe/go-tool-yeet arian:Xe/pkgserver arian:Xe/yeet-as-tool arian:release/v1.15.x arian:Xe/minimize-logging arian:revert-134-revert-120-Xe/cookie-settings arian:Xe/allow-internet-archive arian:Xe/hyper-galaxy-brain
arian:v1.25.0 arian:v1.24.0 arian:v1.24.0-pre1 arian:v1.23.1 arian:v1.23.0 arian:v1.23.0-pre2 arian:v1.23.0-pre1 arian:v1.22.0 arian:v1.22.0-pre2 arian:v1.22.0-pre1 arian:v1.21.3 arian:v1.21.2 arian:v1.21.1 arian:v1.21.0 arian:v1.21.0-pre3 arian:v1.21.0-pre2 arian:v1.21.0-pre1 arian:v1.20.0 arian:v1.20.0-pre2 arian:v1.20.0-pre1 arian:v1.19.1 arian:v1.19.0 arian:v1.19.0-pre1 arian:v1.18.0 arian:v1.18.0-pre1 arian:v1.17.1 arian:v1.17.0 arian:v1.17.0.signed arian:v1.17.0-beta4 arian:1.17.0-beta2 arian:v1.17.0-beta3 arian:v1.17.0-beta1 arian:v1.16.0 arian:v1.15.2 arian:v1.15.1 arian:v1.15.0 arian:v1.14.2 arian:v1.14.1 arian:v1.14.0 arian:v1.13.0 arian:v1.12.1

1 Commits
Xe/agent-h ... fix/pin-ve

Author SHA1 Message Date
Jason Cameron
51e63bad25 fix: pin Node.js and Go versions in CI configuration files 2025-11-30 21:58:20 -05:00
246 changed files with 2841 additions and 5874 deletions
Expand all files Collapse all files

6
.devcontainer/devcontainer.json
View File

@@ -2,7 +2,9 @@
// README at: https://github.com/devcontainers/templates/tree/main/src/debian // README at: https://github.com/devcontainers/templates/tree/main/src/debian
{ {
"name": "Dev", "name": "Dev",
"dockerComposeFile": ["./docker-compose.yaml"], "dockerComposeFile": [
"./docker-compose.yaml"
],
"service": "workspace", "service": "workspace",
"workspaceFolder": "/workspace/anubis", "workspaceFolder": "/workspace/anubis",
"postStartCommand": "bash ./.devcontainer/poststart.sh", "postStartCommand": "bash ./.devcontainer/poststart.sh",
@@ -29,4 +31,4 @@
} }
} }
} }
} }

1
.github/ISSUE_TEMPLATE/bug_report.yaml vendored
View File

@@ -58,3 +58,4 @@ body:
attributes: attributes:
label: Additional context label: Additional context
description: Add any other context about the problem here. description: Add any other context about the problem here.

2
.github/ISSUE_TEMPLATE/feature_request.yaml vendored
View File

@@ -1,6 +1,6 @@
name: Feature request name: Feature request
description: Suggest an idea for this project description: Suggest an idea for this project
title: "[Feature request] " title: '[Feature request] '
body: body:
- type: textarea - type: textarea

24
.github/actions/spelling/README.md vendored
View File

@@ -1,17 +1,17 @@
# check-spelling/check-spelling configuration # check-spelling/check-spelling configuration
| File | Purpose | Format | Info | File | Purpose | Format | Info
| -------------------------------------------------- | -------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | -|-|-|-
| [dictionary.txt](dictionary.txt) | Replacement dictionary (creating this file will override the default dictionary) | one word per line | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary) | [dictionary.txt](dictionary.txt) | Replacement dictionary (creating this file will override the default dictionary) | one word per line | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary)
| [allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow) | [allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow)
| [reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject) | [reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject)
| [excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes) | [excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes)
| [only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only) | [only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only)
| [patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) | [patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
| [candidate.patterns](candidate.patterns) | Patterns that might be worth adding to [patterns.txt](patterns.txt) | perl regular expression with optional comment block introductions (all matches will be suggested) | [candidates](https://github.com/check-spelling/check-spelling/wiki/Feature:-Suggest-patterns) | [candidate.patterns](candidate.patterns) | Patterns that might be worth adding to [patterns.txt](patterns.txt) | perl regular expression with optional comment block introductions (all matches will be suggested) | [candidates](https://github.com/check-spelling/check-spelling/wiki/Feature:-Suggest-patterns)
| [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) | [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
| [expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect) | [expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect)
| [advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice) | [advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice)
Note: you can replace any of these files with a directory by the same name (minus the suffix) Note: you can replace any of these files with a directory by the same name (minus the suffix)
and then include multiple files inside that directory (with that suffix) to merge multiple files together. and then include multiple files inside that directory (with that suffix) to merge multiple files together.

19
.github/actions/spelling/advice.md vendored
View File

@@ -2,27 +2,30 @@
<details><summary>If the flagged items are :exploding_head: false positives</summary> <details><summary>If the flagged items are :exploding_head: false positives</summary>
If items relate to a ... If items relate to a ...
* binary file (or some other file you wouldn't want to check at all).
- binary file (or some other file you wouldn't want to check at all).
Please add a file path to the `excludes.txt` file matching the containing file. Please add a file path to the `excludes.txt` file matching the containing file.
File paths are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files. File paths are Perl 5 Regular Expressions - you can [test](
https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files.
`^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](../tree/HEAD/README.md) (on whichever branch you're using). `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](
../tree/HEAD/README.md) (on whichever branch you're using).
- well-formed pattern. * well-formed pattern.
If you can write a [pattern](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns) that would match it, If you can write a [pattern](
https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns
) that would match it,
try adding it to the `patterns.txt` file. try adding it to the `patterns.txt` file.
Patterns are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines. Patterns are Perl 5 Regular Expressions - you can [test](
https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines.
Note that patterns can't match multiline strings. Note that patterns can't match multiline strings.
</details> </details>
<!-- adoption information--> <!-- adoption information-->
:steam_locomotive: If you're seeing this message and your PR is from a branch that doesn't have check-spelling, :steam_locomotive: If you're seeing this message and your PR is from a branch that doesn't have check-spelling,
please merge to your PR's base branch to get the version configured for your repository. please merge to your PR's base branch to get the version configured for your repository.

12
.github/actions/spelling/allow.txt vendored
View File

@@ -12,15 +12,3 @@ maintnotifications
azurediamond azurediamond
cooldown cooldown
verifyfcrdns verifyfcrdns
Spintax
spintax
clampip
pseudoprofound
reimagining
iocaine
admins
fout
iplist
NArg
blocklists
rififi

12
.github/actions/spelling/excludes.txt vendored
View File

@@ -87,14 +87,10 @@
^docs/docs/user/known-instances.md$ ^docs/docs/user/known-instances.md$
^docs/manifest/.*$ ^docs/manifest/.*$
^docs/static/\.nojekyll$ ^docs/static/\.nojekyll$
^internal/glob/glob_test.go$
^internal/honeypot/naive/affirmations\.txt$
^internal/honeypot/naive/spintext\.txt$
^internal/honeypot/naive/titles\.txt$
^lib/config/testdata/bad/unparseable\.json$
^lib/localization/.*_test.go$
^lib/localization/locales/.*\.json$
^lib/policy/config/testdata/bad/unparseable\.json$ ^lib/policy/config/testdata/bad/unparseable\.json$
^test/.*$ ^internal/glob/glob_test.go$
ignore$ ignore$
robots.txt robots.txt
^lib/localization/locales/.*\.json$
^lib/localization/.*_test.go$
^test/.*$

813
.github/actions/spelling/expect.txt vendored
View File

@@ -1,413 +1,400 @@
acs
Actorified acs
actorifiedstore Actorified
actorify actorifiedstore
agentic actorify
Aibrew Aibrew
alibaba alibaba
alrest alrest
amazonbot amazonbot
anthro anthro
anubis anubis
anubistest anubistest
apnic apnic
APNICRANDNETAU APNICRANDNETAU
Applebot Applebot
archlinux archlinux
arpa arpa
asnc asnc
asnchecker asnchecker
asns asns
aspirational aspirational
atuin atuin
azuretools azuretools
badregexes badregexes
bbolt bbolt
bdba bdba
berr berr
bezier bezier
bingbot bingbot
Bitcoin Bitcoin
bitrate bitrate
Bluesky Bluesky
blueskybot blueskybot
boi boi
Bokm Bokm
botnet botnet
botstopper botstopper
BPort BPort
Brightbot Brightbot
broked broked
buildah buildah
byteslice byteslice
Bytespider Bytespider
cachebuster cachebuster
cachediptoasn cachediptoasn
Caddyfile Caddyfile
caninetools caninetools
Cardyb Cardyb
celchecker celchecker
celphase celphase
cerr cerr
certresolver certresolver
cespare cespare
CGNAT CGNAT
cgr cgr
chainguard chainguard
chall chall
challengemozilla challengemozilla
challengetest challengetest
checkpath checkpath
checkresult checkresult
chibi chibi
cidranger cidranger
ckie ckie
CLAUDE cloudflare
cloudflare Codespaces
Codespaces confd
confd connnection
containerbuild containerbuild
containerregistry containerregistry
coreutils coreutils
Cotoyogi Cotoyogi
Cromite Cromite
crt crt
Cscript Cscript
daemonizing daemonizing
databento dayjob
dayjob DDOS
dco Debian
DDOS debrpm
Debian decaymap
debrpm devcontainers
decaymap Diffbot
devcontainers discordapp
Diffbot discordbot
discordapp distros
discordbot dnf
distros dnsbl
dnf dnserr
dnsbl DNSTTL
dnserr domainhere
DNSTTL dracula
domainhere dronebl
dracula droneblresponse
dronebl dropin
droneblresponse dsilence
dropin duckduckbot
dsilence eerror
duckduckbot ellenjoe
eerror emacs
ellenjoe enbyware
emacs etld
enbyware everyones
etld evilbot
everyones evilsite
evilbot expressionorlist
evilsite externalagent
expressionorlist externalfetcher
externalagent extldflags
externalfetcher facebookgo
extldflags Factset
facebookgo fahedouch
Factset fastcgi
fahedouch FCr
fastcgi fcrdns
FCr fediverse
fcrdns ffprobe
fediverse financials
ffprobe finfos
financials Firecrawl
finfos flagenv
Firecrawl Fordola
flagenv forgejo
Fordola forwardauth
forgejo fsys
forwardauth fullchain
fsys gaissmai
fullchain Galvus
gaissmai geoip
Galvus geoipchecker
geoip gha
geoipchecker GHSA
gha Ghz
GHSA gipc
Ghz gitea
gipc godotenv
gitea goland
GLM gomod
godotenv goodbot
goimports googlebot
goland gopsutil
gomod govulncheck
goodbot goyaml
googlebot GPG
gopsutil GPT
govulncheck gptbot
goyaml Graphene
GPG grpcprom
GPT grw
gptbot gzw
Graphene Hashcash
grpcprom hashrate
grw headermap
gzw healthcheck
Hashcash healthz
hashrate hec
headermap helpdesk
healthcheck Hetzner
healthz hmc
hec homelab
helpdesk hostable
Hetzner htmlc
hmc htmx
homelab httpdebug
hostable huawei
htmlc hypertext
htmx iaskspider
httpdebug iaso
huawei iat
hypertext ifm
iaskspider Imagesift
iaso imgproxy
iat impressum
ifm inbox
Imagesift ingressed
imgproxy inp
impressum internets
inbox IPTo
ingressed iptoasn
inp isp
internets iss
IPTo isset
iptoasn ivh
isp Jenomis
iss JGit
isset jhjj
ivh joho
Jenomis journalctl
JGit jshelter
jhjj JWTs
joho kagi
journalctl kagibot
jshelter Keyfunc
JWTs keypair
kagi KHTML
kagibot kinda
Keyfunc KUBECONFIG
keypair lcj
KHTML ldflags
kinda letsencrypt
KUBECONFIG Lexentale
lcj lfc
ldflags lgbt
letsencrypt licend
Lexentale licstart
lfc lightpanda
lgbt limsa
licend Linting
licstart listor
lightpanda LLU
limsa loadbalancer
Linting lol
listor lominsa
LLU maintainership
loadbalancer malware
lol mcr
lominsa memes
maintainership metarefresh
malware metrix
mcr mimi
memes Minfilia
metarefresh mistralai
metrix mnt
mimi Mojeek
Minfilia mojeekbot
mistralai mozilla
mnt myclient
Mojeek mymaster
mojeekbot mypass
mozilla myuser
myclient nbf
mymaster nepeat
mypass netsurf
myuser nginx
nbf nicksnyder
nepeat nobots
netsurf NONINFRINGEMENT
nginx nosleep
nicksnyder nullglob
nikandfor oci
nobots OCOB
NONINFRINGEMENT ogtag
nosleep oklch
nullglob omgili
oci omgilibot
OCOB openai
ogtag opendns
oklch opengraph
omgili openrc
omgilibot oswald
openai pag
opendns palemoon
opengraph Pangu
openrc parseable
oswald passthrough
pag Patreon
pagegen pgrep
palemoon phrik
Pangu pidfile
parseable pids
passthrough pipefail
Patreon pki
perplexitybot podkova
pgrep podman
phrik Postgre
pidfile poststart
pids prebaked
pipefail privkey
pki promauto
podkova promhttp
podman proofofwork
Postgre publicsuffix
poststart purejs
prebaked pwcmd
privkey pwuser
promauto qualys
promhttp qwant
proofofwork qwantbot
publicsuffix rac
purejs rawler
pwcmd rcvar
pwuser redhat
qualys redir
qwant redirectscheme
qwantbot refactors
rac remoteip
rawler reputational
rcvar risc
redhat ruleset
redir runlevels
redirectscheme RUnlock
refactors runtimedir
remoteip runtimedirectory
reputational Ryzen
Rhul sas
risc sasl
ruleset screenshots
runlevels searchbot
RUnlock searx
runtimedir sebest
runtimedirectory secretplans
Ryzen Semrush
sas Seo
sasl setsebool
screenshots shellcheck
searchbot shirou
searx shopt
sebest Sidetrade
secretplans simprint
Semrush sitemap
Seo sls
setsebool sni
shellcheck snipster
shirou Spambot
shoneypot sparkline
shopt spyderbot
Sidetrade srv
simprint stackoverflow
sitemap startprecmd
sls stoppostcmd
sni storetest
snipster subgrid
Spambot subr
spammer subrequest
sparkline SVCNAME
spyderbot tagline
srv tarballs
stackoverflow tarrif
startprecmd taviso
stoppostcmd tbn
storetest tbr
subgrid techaro
subr techarohq
subrequest telegrambot
SVCNAME templ
tagline templruntime
tarballs testarea
tarrif Thancred
taviso thoth
tbn thothmock
tbr Tik
techaro Timpibot
techarohq TLog
telegrambot traefik
templ trunc
templruntime uberspace
testarea Unbreak
Thancred unbreakdocker
thoth unifiedjs
thothmock unmarshal
Tik unparseable
Timpibot uvx
TLog UXP
traefik valkey
trunc Varis
uberspace Velen
Unbreak vendored
unbreakdocker verify
unifiedjs vhosts
unmarshal vkbot
unparseable VKE
updown vnd
uvx VPS
UXP Vultr
valkey weblate
Varis webmaster
Velen webpage
vendored websecure
vhosts websites
vkbot Webzio
VKE whois
vnd wildbase
VPS withthothmock
Vultr wolfbeast
WAIFU wordpress
weblate workaround
webmaster workdir
webpage wpbot
websecure XCircle
websites xeiaso
Webzio xeserv
whois xesite
wildbase xess
withthothmock xff
wolfbeast XForwarded
wordpress XNG
workaround XOB
workdir XOriginal
wpbot XReal
XCircle yae
xeiaso YAMLTo
xeserv Yda
xesite yeet
xess yeetfile
xff yourdomain
XForwarded yyz
XNG Zenos
XOB zizmor
XOriginal zombocom
XReal zos
Y'shtola
yae
YAMLTo
Yda
yeet
yeetfile
yourdomain
yyz
Zenos
zizmor
zombocom
zos
zst

10
.github/workflows/asset-verification.yml vendored
View File

@@ -13,7 +13,7 @@ jobs:
asset_verification: asset_verification:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
@@ -22,12 +22,12 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: install node deps - name: install node deps
run: | run: |

9
.github/workflows/dco-check.yaml vendored
View File

@@ -1,9 +0,0 @@
name: DCO Check
on: [pull_request]
jobs:
dco_check:
runs-on: ubuntu-latest
steps:
- uses: tisonkun/actions-dco@f1024cd563550b5632e754df11b7d30b73be54a5 # v1.1

12
.github/workflows/docker-pr.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -26,18 +26,18 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
with: with:
images: ghcr.io/${{ github.repository }} images: ghcr.io/${{ github.repository }}

14
.github/workflows/docker.yml vendored
View File

@@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -36,12 +36,12 @@ jobs:
run: | run: |
echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
@@ -54,7 +54,7 @@ jobs:
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
with: with:
images: ${{ env.IMAGE }} images: ${{ env.IMAGE }}
@@ -68,7 +68,7 @@ jobs:
SLOG_LEVEL: debug SLOG_LEVEL: debug
- name: Generate artifact attestation - name: Generate artifact attestation
uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0 uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
with: with:
subject-name: ${{ env.IMAGE }} subject-name: ${{ env.IMAGE }}
subject-digest: ${{ steps.build.outputs.digest }} subject-digest: ${{ steps.build.outputs.digest }}

10
.github/workflows/docs-deploy.yml vendored
View File

@@ -17,12 +17,12 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Log into registry - name: Log into registry
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
@@ -33,7 +33,7 @@ jobs:
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
with: with:
images: ghcr.io/techarohq/anubis/docs images: ghcr.io/techarohq/anubis/docs
tags: | tags: |
@@ -53,14 +53,14 @@ jobs:
push: true push: true
- name: Apply k8s manifests to limsa lominsa - name: Apply k8s manifests to limsa lominsa
uses: actions-hub/kubectl@f6d776bd78f4523e36d6c74d34f9941c242b2213 # v1.35.0 uses: actions-hub/kubectl@1d2c1e96fe0ae23b0c95ee8240ae151b1e638c23 # v1.34.2
env: env:
KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }}
with: with:
args: apply -k docs/manifest args: apply -k docs/manifest
- name: Apply k8s manifests to limsa lominsa - name: Apply k8s manifests to limsa lominsa
uses: actions-hub/kubectl@f6d776bd78f4523e36d6c74d34f9941c242b2213 # v1.35.0 uses: actions-hub/kubectl@1d2c1e96fe0ae23b0c95ee8240ae151b1e638c23 # v1.34.2
env: env:
KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }}
with: with:

6
.github/workflows/docs-test.yml vendored
View File

@@ -13,16 +13,16 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
with: with:
images: ghcr.io/techarohq/anubis/docs images: ghcr.io/techarohq/anubis/docs
tags: | tags: |

6
.github/workflows/go-mod-tidy-check.yml vendored
View File

@@ -13,13 +13,13 @@ jobs:
go_mod_tidy_check: go_mod_tidy_check:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: Check go.mod and go.sum in main directory - name: Check go.mod and go.sum in main directory
run: | run: |

12
.github/workflows/go.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
#runs-on: alrest-techarohq #runs-on: alrest-techarohq
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
@@ -24,15 +24,15 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: Cache playwright binaries - name: Cache playwright binaries
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
id: playwright-cache id: playwright-cache
with: with:
path: | path: |

19
.github/workflows/lint-pr-title.yaml vendored
View File

@@ -1,19 +0,0 @@
name: "Lint PR"
on:
pull_request_target:
types:
- opened
- edited
- synchronize
jobs:
lint_pr_title:
name: Validate PR title
runs-on: ubuntu-latest
permissions:
pull-requests: read
steps:
- uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

10
.github/workflows/package-builds-stable.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
#runs-on: alrest-techarohq #runs-on: alrest-techarohq
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
fetch-tags: true fetch-tags: true
@@ -25,12 +25,12 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: install node deps - name: install node deps
run: | run: |

12
.github/workflows/package-builds-unstable.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
#runs-on: alrest-techarohq #runs-on: alrest-techarohq
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
fetch-tags: true fetch-tags: true
@@ -26,12 +26,12 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: install node deps - name: install node deps
run: | run: |
@@ -41,7 +41,7 @@ jobs:
run: | run: |
go tool yeet go tool yeet
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with: with:
name: packages name: packages
path: var/* path: var/*

13
.github/workflows/smoke-tests.yml vendored
View File

@@ -23,23 +23,22 @@ jobs:
- healthcheck - healthcheck
- i18n - i18n
- log-file - log-file
- nginx
- palemoon/amd64 - palemoon/amd64
#- palemoon/i386 #- palemoon/i386
- robots_txt - robots_txt
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
@@ -57,7 +56,7 @@ jobs:
run: echo "ARTIFACT_NAME=${{ matrix.test }}" | sed 's|/|-|g' >> $GITHUB_ENV run: echo "ARTIFACT_NAME=${{ matrix.test }}" | sed 's|/|-|g' >> $GITHUB_ENV
- name: Upload artifact - name: Upload artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
if: always() if: always()
with: with:
name: ${{ env.ARTIFACT_NAME }} name: ${{ env.ARTIFACT_NAME }}

12
.github/workflows/spelling.yml vendored
View File

@@ -59,16 +59,16 @@ name: Check Spelling
on: on:
push: push:
branches: branches:
- "**" - '**'
tags-ignore: tags-ignore:
- "**" - '**'
pull_request: pull_request:
branches: branches:
- "**" - '**'
types: types:
- "opened" - 'opened'
- "reopened" - 'reopened'
- "synchronize" - 'synchronize'
jobs: jobs:
spelling: spelling:

4
.github/workflows/ssh-ci-runner-cron.yml vendored
View File

@@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -30,7 +30,7 @@ jobs:
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Build and push - name: Build and push
run: | run: |
cd ./test/ssh-ci cd ./test/ssh-ci

6
.github/workflows/ssh-ci.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
- aarch64-16k - aarch64-16k
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -35,9 +35,9 @@ jobs:
name: id_rsa name: id_rsa
known_hosts: ${{ secrets.CI_SSH_KNOWN_HOSTS }} known_hosts: ${{ secrets.CI_SSH_KNOWN_HOSTS }}
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: Run CI - name: Run CI
run: go run ./utils/cmd/backoff-retry bash test/ssh-ci/rigging.sh ${{ matrix.host }} run: go run ./utils/cmd/backoff-retry bash test/ssh-ci/rigging.sh ${{ matrix.host }}

22
.github/workflows/zizmor.yml vendored
View File

@@ -1,12 +1,12 @@
name: zizmor name: zizmor
on: on:
push: push:
paths: paths:
- ".github/workflows/*.ya?ml" - '.github/workflows/*.ya?ml'
pull_request: pull_request:
paths: paths:
- ".github/workflows/*.ya?ml" - '.github/workflows/*.ya?ml'
jobs: jobs:
zizmor: zizmor:
@@ -16,20 +16,20 @@ jobs:
security-events: write security-events: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
- name: Install the latest version of uv - name: Install the latest version of uv
uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2
- name: Run zizmor 🌈 - name: Run zizmor 🌈
run: uvx zizmor --format sarif . > results.sarif run: uvx zizmor --format sarif . > results.sarif
env: env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF file - name: Upload SARIF file
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
with: with:
sarif_file: results.sarif sarif_file: results.sarif
category: zizmor category: zizmor

8
.husky/commit-msg
View File

@@ -1,8 +0,0 @@
npx --no-install commitlint --edit "$1"
# Check if commit message contains Signed-off-by line
if ! grep -q "^Signed-off-by:" "$1"; then
echo "Commit message must contain a 'Signed-off-by:' line."
echo "Please use 'git commit --signoff' or add a Signed-off-by line to your commit message."
exit 1
fi

2
.husky/pre-commit
View File

@@ -1,2 +0,0 @@
npm run lint
npm run test

18
.ko.yaml
View File

@@ -1,13 +1,13 @@
defaultBaseImage: cgr.dev/chainguard/static defaultBaseImage: cgr.dev/chainguard/static
defaultPlatforms: defaultPlatforms:
- linux/arm64 - linux/arm64
- linux/amd64 - linux/amd64
- linux/arm/v7 - linux/arm/v7
builds: builds:
- id: anubis - id: anubis
main: ./cmd/anubis main: ./cmd/anubis
ldflags: ldflags:
- -s -w - -s -w
- -extldflags "-static" - -extldflags "-static"
- -X github.com/TecharoHQ/anubis.Version={{.Env.VERSION}} - -X github.com/TecharoHQ/anubis.Version={{.Env.VERSION}}

4
.prettierignore
View File

@@ -1,4 +0,0 @@
lib/config/testdata/bad/*
*.inc
AGENTS.md
CLAUDE.md

2
.vscode/extensions.json vendored
View File

@@ -8,4 +8,4 @@
"redhat.vscode-yaml", "redhat.vscode-yaml",
"streetsidesoftware.code-spell-checker" "streetsidesoftware.code-spell-checker"
] ]
} }

2
.vscode/launch.json vendored
View File

@@ -24,4 +24,4 @@
"type": "node-terminal" "type": "node-terminal"
} }
] ]
} }

75
AGENTS.md
View File

@@ -1,75 +0,0 @@
# Agent instructions
Primary agent documentation is in `CONTRIBUTING.md`. You MUST read this file before proceeding.
## Useful Commands
```shell
npm ci # install node dependencies
npm run assets # build JS/CSS (required before any Go build/test)
npm run build # assets + go build -> ./var/anubis
npm run dev # assets + run locally with --use-remote-address
```
## Testing
```shell
npm run test
```
## Linting
```shell
go vet ./...
go tool staticcheck ./...
go tool govulncheck ./...
```
## Commit Messages
Commit messages follow the [**Conventional Commits**](https://www.conventionalcommits.org/en/v1.0.0/) format:
```text
<type>[optional scope]: <description>
[optional body]
[optional footer(s)]
```
**Types**: `feat`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `build`, `ci`, `chore`, `revert`
- Add `!` after type/scope for breaking changes or include `BREAKING CHANGE:` in the footer.
- Keep descriptions concise, imperative, lowercase, and without a trailing period.
- Reference issues/PRs in the footer when applicable.
- **ALL git commits MUST be made with `--signoff`.** This is mandatory.
### Attribution Requirements
AI agents must disclose what tool and model they are using in the "Assisted-by" commit footer:
```text
Assisted-by: [Model Name] via [Tool Name]
```
Example:
```text
Assisted-by: GLM 4.6 via Claude Code
```
## PR Checklist
- Add description of changes to `[Unreleased]` in `docs/docs/CHANGELOG.md`.
- Add test cases for bug fixes and behavior changes.
- Run integration tests: `npm run test:integration`.
- All commits must have verified (signed) signatures.
## Key Conventions
- **Security-first**: This is security software. Code reviews are strict. Always add tests for bug fixes. Consider adversarial inputs.
- **Configuration**: YAML-based policy files. Config structs validate via `Valid() error` methods returning sentinel errors.
- **Store interface**: `lib/store.Interface` abstracts key-value storage.
- **Environment variables**: Parsed from flags via `flagenv`. Use `.env` files locally (loaded by `godotenv/autoload`). Never commit `.env` files.
- **Assets must be built first**: JS/CSS assets are embedded into the Go binary. Always run `npm run assets` before `go test` or `go build`.
- **CEL expressions**: Policy rules support CEL (Common Expression Language) expressions for advanced matching. See `lib/policy/expressions/`.

2
CLAUDE.md
View File

@@ -1,2 +0,0 @@
@AGENTS.md
@CONTRIBUTING.md

144
CONTRIBUTING.md
View File

@@ -1,144 +0,0 @@
# Contributing to Anubis
Anubis is a Web AI Firewall Utility (WAIFU) written in Go. It uses sha256 proof-of-work challenges to protect upstream HTTP resources from scraper bots. This is security software -- correctness matters.
## Build & Run
Prerequisites: Go 1.24+, Node.js (any supported version), esbuild, gzip, zstd, brotli. Install all with `brew bundle` if you are using Homebrew.
```shell
npm ci # install node dependencies
npm run assets # build JS/CSS (required before any Go build/test)
npm run build # assets + go build -> ./var/anubis
npm run dev # assets + run locally with --use-remote-address
```
## Testing
```shell
# Run all unit tests (assets must be built first)
npm run test # or: make test
# Run a single test by name
go test -run TestClampIP ./internal/
# Run a single test file's package
go test ./lib/config/
# Run tests with verbose output
go test -v -run TestBotValid ./lib/config/
```
### Smoke tests
The `tests` folder contains "smoke tests" that are intended to set up Anubis in production-adjacent settings and testing it against real infrastructure tools. A smoke test is a folder with `test.sh` that sets up infrastructure, validates the behaviour, and then tears it down. Smoke tests are run in GitHub actions with `.github/workflows/smoke-tests.yaml`.
## Linting
```shell
go vet ./...
go tool staticcheck ./...
go tool govulncheck ./...
```
## Code Generation
The project uses `go generate` for templ templates and stringer. Always run `npm run generate` (or `make assets`) before building or testing. Generated files include:
- `web/*.templ` -> templ-generated Go code
- `web/static/` -> bundled/minified JS and CSS (with .gz, .zst, .br variants)
## Project Layout
Important folders:
- `cmd/anubis`: Main entrypoint for the project. This is the program that runs on servers.
- `lib/*`: The core library for Anubis and all of its features. This is internal code that is made public for ease of downstream consumption. No API stability is guaranteed. Use at your own risk.
- `internal/*`: Actual internal code that is private to the implementation of Anubis. If you need to use a package in this, please copy it out and manually vendor it in your own project.
- `test/*` Smoke tests (see dedicated section for details).
- `web`: Frontend HTML templates.
- `xess`: Frontend CSS framework and build logic.
## Code Style
### Go
This project follows the idioms of the Go standard library. Generally follow the patterns that upstream Go uses, including:
- Prefer packages from the standard library unless there is no other option.
- Use package import aliases only when package names collide.
- Use `goimports` to format code. Run with `npm run format`.
- Use sentinel errors as package-level variables prefixed with `Err` (such as `ErrBotMustHaveName`). Wrap with `fmt.Errorf("package: small message giving context: %w", err)`.
- Use `log/slog` for structured logging. Pass loggers as arguments to functions. Use `lg.With` to preload with context. Prefer using `slog.Debug` unless you absolutely need to report messages to users, some users have magical thinking about log verbosity.
- Name PublicFunctionsAndTypes in PascalCase. Name privateFunctionsAndTypes in camelCase.
- Acronyms stay uppercase (`URL`, `HTTP`, `IP`, `DNS`, etc.)
- Enumerations should use strong types with validation logic for parsing remote input.
- Be conservative in what you send but liberal in what you accept.
- Anything reading configuration values should use both `json` and `yaml` struct tags. Use pointer values for optional configuration values.
- Use [table-driven tests](https://go.dev/wiki/TableDrivenTests) when writing test code.
- Use [`t.Helper()`](https://pkg.go.dev/testing#T.Helper) in helper code (setup/teardown scaffolding).
- Use [`t.Cleanup()`](https://pkg.go.dev/testing#T.Cleanup) to tear down per-test or per-suite scaffolding.
- Use [`errors.Is`](https://pkg.go.dev/errors#Is) for validating function results against sentinel errors.
- Prefer same-package tests over black-box tests (`_test` packages).
### JavaScript / TypeScript
- Source lives in `web/js/`. Built with esbuild, bundled and minified.
- Uses Preact (not React).
- No linter config. Keep functions small. Use `const` by default.
### Templ Templates
Anubis uses [Templ](https://templ.guide) for generating HTML on the server.
- `.templ` files in `web/` generate Go code. Run `go generate ./...` (or `npm run assets`) after modifying them.
- Templates receive typed Go parameters. Keep logic in Go, not templates.
## Commit Messages
Commit messages follow the [**Conventional Commits**](https://www.conventionalcommits.org/en/v1.0.0/) format:
```text
<type>[optional scope]: <description>
[optional body]
[optional footer(s)]
```
**Types**: `feat`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `build`, `ci`, `chore`, `revert`
- Add `!` after type/scope for breaking changes or include `BREAKING CHANGE:` in the footer.
- Keep descriptions concise, imperative, lowercase, and without a trailing period.
- Reference issues/PRs in the footer when applicable.
- **ALL git commits MUST be made with `--signoff`.** This is mandatory.
### Attribution Requirements
AI agents must disclose what tool and model they are using in the "Assisted-by" commit footer:
```text
Assisted-by: [Model Name] via [Tool Name]
```
Example:
```text
Assisted-by: GLM 4.6 via Claude Code
```
## PR Checklist
- Add description of changes to `[Unreleased]` in `docs/docs/CHANGELOG.md`.
- Add test cases for bug fixes and behavior changes.
- Run integration tests: `npm run test:integration`.
- All commits must have verified (signed) signatures.
## Key Conventions
- **Security-first**: This is security software. Code reviews are strict. Always add tests for bug fixes. Consider adversarial inputs.
- **Configuration**: YAML-based policy files. Config structs validate via `Valid() error` methods returning sentinel errors.
- **Store interface**: `lib/store.Interface` abstracts key-value storage.
- **Environment variables**: Parsed from flags via `flagenv`. Use `.env` files locally (loaded by `godotenv/autoload`). Never commit `.env` files.
- **Assets must be built first**: JS/CSS assets are embedded into the Go binary. Always run `npm run assets` before `go test` or `go build`.
- **CEL expressions**: Policy rules support CEL (Common Expression Language) expressions for advanced matching. See `lib/policy/expressions/`.

3
README.md
View File

@@ -20,9 +20,6 @@ Anubis is brought to you by sponsors and donors like:
<a href="https://www.raptorcs.com/content/base/products.html"> <a href="https://www.raptorcs.com/content/base/products.html">
<img src="./docs/static/img/sponsors/raptor-computing-logo.webp" alt="Raptor Computing Systems" height=64 /> <img src="./docs/static/img/sponsors/raptor-computing-logo.webp" alt="Raptor Computing Systems" height=64 />
</a> </a>
<a href="https://databento.com/?utm_source=anubis&utm_medium=sponsor&utm_campaign=anubis">
<img src="./docs/static/img/sponsors/databento-logo.webp" alt="Databento" height="64" />
</a>
### Gold Tier ### Gold Tier

2
VERSION
View File

@@ -1 +1 @@
1.24.0 1.23.1

5
cmd/containerbuild/main.go
View File

@@ -159,8 +159,5 @@ func run(command string) (string, error) {
} }
func setOutput(key, val string) { func setOutput(key, val string) {
github_output := os.Getenv("GITHUB_OUTPUT") fmt.Printf("::set-output name=%s::%s\n", key, val)
f, _ := os.OpenFile(github_output, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0644)
fmt.Fprintf(f, "%s=%s\n", key, val)
f.Close()
} }

4
cmd/robots2policy/testdata/blacklist.yaml vendored
View File

@@ -25,6 +25,6 @@
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("Googlebot") - userAgent.contains("Googlebot")
- path.startsWith("/search") - path.startsWith("/search")
name: robots-txt-policy-disallow-7 name: robots-txt-policy-disallow-7

24
cmd/robots2policy/testdata/complex.yaml vendored
View File

@@ -20,8 +20,8 @@
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("Googlebot") - userAgent.contains("Googlebot")
- path.startsWith("/search/") - path.startsWith("/search/")
name: robots-txt-policy-disallow-6 name: robots-txt-policy-disallow-6
- action: WEIGH - action: WEIGH
expression: userAgent.contains("Bingbot") expression: userAgent.contains("Bingbot")
@@ -31,14 +31,14 @@
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("Bingbot") - userAgent.contains("Bingbot")
- path.startsWith("/search/") - path.startsWith("/search/")
name: robots-txt-policy-disallow-8 name: robots-txt-policy-disallow-8
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("Bingbot") - userAgent.contains("Bingbot")
- path.startsWith("/admin/") - path.startsWith("/admin/")
name: robots-txt-policy-disallow-9 name: robots-txt-policy-disallow-9
- action: DENY - action: DENY
expression: userAgent.contains("BadBot") expression: userAgent.contains("BadBot")
@@ -54,18 +54,18 @@
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("TestBot") - userAgent.contains("TestBot")
- path.matches("^/.*/admin") - path.matches("^/.*/admin")
name: robots-txt-policy-disallow-13 name: robots-txt-policy-disallow-13
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("TestBot") - userAgent.contains("TestBot")
- path.matches("^/temp.*\\.html") - path.matches("^/temp.*\\.html")
name: robots-txt-policy-disallow-14 name: robots-txt-policy-disallow-14
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("TestBot") - userAgent.contains("TestBot")
- path.matches("^/file.\\.log") - path.matches("^/file.\\.log")
name: robots-txt-policy-disallow-15 name: robots-txt-policy-disallow-15

26
cmd/robots2policy/testdata/consecutive.yaml vendored
View File

@@ -9,39 +9,39 @@
- action: DENY - action: DENY
expression: expression:
any: any:
- userAgent.contains("BadBot") - userAgent.contains("BadBot")
- userAgent.contains("SpamBot") - userAgent.contains("SpamBot")
- userAgent.contains("EvilBot") - userAgent.contains("EvilBot")
name: robots-txt-policy-blacklist-3 name: robots-txt-policy-blacklist-3
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("GoodBot") - userAgent.contains("GoodBot")
- path.startsWith("/private") - path.startsWith("/private")
name: robots-txt-policy-disallow-4 name: robots-txt-policy-disallow-4
- action: WEIGH - action: WEIGH
expression: expression:
any: any:
- userAgent.contains("SlowBot1") - userAgent.contains("SlowBot1")
- userAgent.contains("SlowBot2") - userAgent.contains("SlowBot2")
name: robots-txt-policy-crawl-delay-5 name: robots-txt-policy-crawl-delay-5
weight: weight:
adjust: 3 adjust: 3
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("SearchBot1") - userAgent.contains("SearchBot1")
- path.startsWith("/search") - path.startsWith("/search")
name: robots-txt-policy-disallow-7 name: robots-txt-policy-disallow-7
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("SearchBot2") - userAgent.contains("SearchBot2")
- path.startsWith("/search") - path.startsWith("/search")
name: robots-txt-policy-disallow-8 name: robots-txt-policy-disallow-8
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("SearchBot3") - userAgent.contains("SearchBot3")
- path.startsWith("/search") - path.startsWith("/search")
name: robots-txt-policy-disallow-9 name: robots-txt-policy-disallow-9

2
cmd/robots2policy/testdata/empty.yaml vendored
View File

@@ -1 +1 @@
[] []

2
cmd/robots2policy/testdata/simple.json vendored
View File

@@ -9,4 +9,4 @@
"name": "robots-txt-policy-disallow-2", "name": "robots-txt-policy-disallow-2",
"action": "CHALLENGE" "action": "CHALLENGE"
} }
] ]

4
data/apps/allow-api-routes.yaml
View File

@@ -2,5 +2,5 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- '!(method == "HEAD" || method == "GET")' - '!(method == "HEAD" || method == "GET")'
- path.startsWith("/api/") - path.startsWith("/api/")

2
data/apps/gitea-rss-feeds.yaml
View File

@@ -4,4 +4,4 @@
path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.atom$ path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.atom$
- name: gitea-feed-rss - name: gitea-feed-rss
action: ALLOW action: ALLOW
path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.rss$ path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.rss$

5
data/apps/qualys-ssl-labs.yml
View File

@@ -3,6 +3,5 @@
- name: qualys-ssl-labs - name: qualys-ssl-labs
action: ALLOW action: ALLOW
remote_addresses: remote_addresses:
- 69.67.183.0/24 - 64.41.200.0/24
- 2600:C02:1020:4202::/64 - 2600:C02:1020:4202::/64
- 2602:fdaa:c6:2::/64

4
data/apps/searx-checker.yml
View File

@@ -5,5 +5,5 @@
- name: searx-checker - name: searx-checker
action: ALLOW action: ALLOW
remote_addresses: remote_addresses:
- 167.235.158.251/32 - 167.235.158.251/32
- 2a01:4f8:1c1c:8fc2::1/128 - 2a01:4f8:1c1c:8fc2::1/128

44
data/botPolicies.yaml
View File

@@ -95,6 +95,50 @@ bots:
# weight: # weight:
# adjust: -10 # adjust: -10
# Assert behaviour that only genuine browsers display. This ensures that Chrome
# or Firefox versions
- name: realistic-browser-catchall
expression:
all:
- '"User-Agent" in headers'
- '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
- '"Accept" in headers'
- '"Sec-Fetch-Dest" in headers'
- '"Sec-Fetch-Mode" in headers'
- '"Sec-Fetch-Site" in headers'
- '"Accept-Encoding" in headers'
- '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
- '"Accept-Language" in headers'
action: WEIGH
weight:
adjust: -10
# The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
- name: upgrade-insecure-requests
expression: '"Upgrade-Insecure-Requests" in headers'
action: WEIGH
weight:
adjust: -2
# Chrome should behave like Chrome
- name: chrome-is-proper
expression:
all:
- userAgent.contains("Chrome")
- '"Sec-Ch-Ua" in headers'
- 'headers["Sec-Ch-Ua"].contains("Chromium")'
- '"Sec-Ch-Ua-Mobile" in headers'
- '"Sec-Ch-Ua-Platform" in headers'
action: WEIGH
weight:
adjust: -5
- name: should-have-accept
expression: '!("Accept" in headers)'
action: WEIGH
weight:
adjust: 5
# Generic catchall rule # Generic catchall rule
- name: generic-browser - name: generic-browser
user_agent_regex: >- user_agent_regex: >-

2
data/bots/headless-browsers.yaml
View File

@@ -6,4 +6,4 @@
action: DENY action: DENY
- name: headless-chromium - name: headless-chromium
user_agent_regex: HeadlessChromium user_agent_regex: HeadlessChromium
action: DENY action: DENY

8
data/bots/irc-bots/archlinux-phrik.yaml
View File

@@ -3,7 +3,7 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- remoteAddress == "159.69.213.214" || remoteAddress == "2a01:4f8:c2c:7bf4::1" - remoteAddress == "159.69.213.214" || remoteAddress == "2a01:4f8:c2c:7bf4::1"
- userAgent == "Mozilla/5.0 (compatible; utils.web Limnoria module)" - userAgent == "Mozilla/5.0 (compatible; utils.web Limnoria module)"
- '"X-Http-Version" in headers' - '"X-Http-Version" in headers'
- headers["X-Http-Version"] == "HTTP/1.1" - headers["X-Http-Version"] == "HTTP/1.1"

8
data/bots/irc-bots/gentoo-chat.yaml
View File

@@ -3,7 +3,7 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- remoteAddress == "45.76.166.57" - remoteAddress == "45.76.166.57"
- userAgent == "Mozilla/5.0 (Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0" - userAgent == "Mozilla/5.0 (Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0"
- '"X-Http-Version" in headers' - '"X-Http-Version" in headers'
- headers["X-Http-Version"] == "HTTP/1.1" - headers["X-Http-Version"] == "HTTP/1.1"

2
data/bots/us-ai-scraper.yaml
View File

@@ -1,3 +1,3 @@
- name: us-artificial-intelligence-scraper - name: us-artificial-intelligence-scraper
user_agent_regex: \+https\://github\.com/US-Artificial-Intelligence/scraper user_agent_regex: \+https\://github\.com/US-Artificial-Intelligence/scraper
action: DENY action: DENY

2
data/clients/ai.yaml
View File

@@ -4,5 +4,5 @@
# - Claude-User: No published IP allowlist # - Claude-User: No published IP allowlist
- name: "ai-clients" - name: "ai-clients"
user_agent_regex: >- user_agent_regex: >-
ChatGPT-User|Claude-User|MistralAI-User|Perplexity-User ChatGPT-User|Claude-User|MistralAI-User
action: DENY action: DENY

6
data/clients/go-get.yaml
View File

@@ -2,6 +2,6 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- userAgent.startsWith("Go-http-client/") - userAgent.startsWith("Go-http-client/")
- '"go-get" in query' - '"go-get" in query'
- query["go-get"] == "1" - query["go-get"] == "1"

5
data/clients/mistral-mistralai-user.yaml
View File

@@ -4,4 +4,7 @@
user_agent_regex: MistralAI-User/.+; \+https\://docs\.mistral\.ai/robots user_agent_regex: MistralAI-User/.+; \+https\://docs\.mistral\.ai/robots
action: ALLOW action: ALLOW
# https://mistral.ai/mistralai-user-ips.json # https://mistral.ai/mistralai-user-ips.json
remote_addresses: ["20.240.160.161/32", "20.240.160.1/32"] remote_addresses: [
"20.240.160.161/32",
"20.240.160.1/32",
]

173
data/clients/openai-chatgpt-user.yaml
View File

@@ -5,90 +5,89 @@
action: ALLOW action: ALLOW
# https://openai.com/chatgpt-user.json # https://openai.com/chatgpt-user.json
# curl 'https://openai.com/chatgpt-user.json' | jq '.prefixes.[].ipv4Prefix' | sed 's/$/,/' # curl 'https://openai.com/chatgpt-user.json' | jq '.prefixes.[].ipv4Prefix' | sed 's/$/,/'
remote_addresses: remote_addresses: [
[ "13.65.138.112/28",
"13.65.138.112/28", "23.98.179.16/28",
"23.98.179.16/28", "13.65.138.96/28",
"13.65.138.96/28", "172.183.222.128/28",
"172.183.222.128/28", "20.102.212.144/28",
"20.102.212.144/28", "40.116.73.208/28",
"40.116.73.208/28", "172.183.143.224/28",
"172.183.143.224/28", "52.190.190.16/28",
"52.190.190.16/28", "13.83.237.176/28",
"13.83.237.176/28", "51.8.155.64/28",
"51.8.155.64/28", "74.249.86.176/28",
"74.249.86.176/28", "51.8.155.48/28",
"51.8.155.48/28", "20.55.229.144/28",
"20.55.229.144/28", "135.237.131.208/28",
"135.237.131.208/28", "135.237.133.48/28",
"135.237.133.48/28", "51.8.155.112/28",
"51.8.155.112/28", "135.237.133.112/28",
"135.237.133.112/28", "52.159.249.96/28",
"52.159.249.96/28", "52.190.137.16/28",
"52.190.137.16/28", "52.255.111.112/28",
"52.255.111.112/28", "40.84.181.32/28",
"40.84.181.32/28", "172.178.141.112/28",
"172.178.141.112/28", "52.190.142.64/28",
"52.190.142.64/28", "172.178.140.144/28",
"172.178.140.144/28", "52.190.137.144/28",
"52.190.137.144/28", "172.178.141.128/28",
"172.178.141.128/28", "57.154.187.32/28",
"57.154.187.32/28", "4.196.118.112/28",
"4.196.118.112/28", "20.193.50.32/28",
"20.193.50.32/28", "20.215.188.192/28",
"20.215.188.192/28", "20.215.214.16/28",
"20.215.214.16/28", "4.197.22.112/28",
"4.197.22.112/28", "4.197.115.112/28",
"4.197.115.112/28", "172.213.21.16/28",
"172.213.21.16/28", "172.213.11.144/28",
"172.213.11.144/28", "172.213.12.112/28",
"172.213.12.112/28", "172.213.21.144/28",
"172.213.21.144/28", "20.90.7.144/28",
"20.90.7.144/28", "57.154.175.0/28",
"57.154.175.0/28", "57.154.174.112/28",
"57.154.174.112/28", "52.236.94.144/28",
"52.236.94.144/28", "137.135.191.176/28",
"137.135.191.176/28", "23.98.186.192/28",
"23.98.186.192/28", "23.98.186.96/28",
"23.98.186.96/28", "23.98.186.176/28",
"23.98.186.176/28", "23.98.186.64/28",
"23.98.186.64/28", "68.221.67.192/28",
"68.221.67.192/28", "68.221.67.160/28",
"68.221.67.160/28", "13.83.167.128/28",
"13.83.167.128/28", "20.228.106.176/28",
"20.228.106.176/28", "52.159.227.32/28",
"52.159.227.32/28", "68.220.57.64/28",
"68.220.57.64/28", "172.213.21.112/28",
"172.213.21.112/28", "68.221.67.224/28",
"68.221.67.224/28", "68.221.75.16/28",
"68.221.75.16/28", "20.97.189.96/28",
"20.97.189.96/28", "52.252.113.240/28",
"52.252.113.240/28", "52.230.163.32/28",
"52.230.163.32/28", "172.212.159.64/28",
"172.212.159.64/28", "52.255.111.80/28",
"52.255.111.80/28", "52.255.111.0/28",
"52.255.111.0/28", "4.151.241.240/28",
"4.151.241.240/28", "52.255.111.32/28",
"52.255.111.32/28", "52.255.111.48/28",
"52.255.111.48/28", "52.255.111.16/28",
"52.255.111.16/28", "52.230.164.176/28",
"52.230.164.176/28", "52.176.139.176/28",
"52.176.139.176/28", "52.173.234.16/28",
"52.173.234.16/28", "4.151.71.176/28",
"4.151.71.176/28", "4.151.119.48/28",
"4.151.119.48/28", "52.255.109.112/28",
"52.255.109.112/28", "52.255.109.80/28",
"52.255.109.80/28", "20.161.75.208/28",
"20.161.75.208/28", "68.154.28.96/28",
"68.154.28.96/28", "52.255.109.128/28",
"52.255.109.128/28", "52.225.75.208/28",
"52.225.75.208/28", "52.190.139.48/28",
"52.190.139.48/28", "68.221.67.240/28",
"68.221.67.240/28", "52.156.77.144/28",
"52.156.77.144/28", "52.148.129.32/28",
"52.148.129.32/28", "40.84.221.208/28",
"40.84.221.208/28", "104.210.139.224/28",
"104.210.139.224/28", "40.84.221.224/28",
"40.84.221.224/28", "104.210.139.192/28",
"104.210.139.192/28", ]
]

8
data/clients/perplexity-user.yaml
View File

@@ -1,8 +0,0 @@
# Acts on behalf of user requests
# https://docs.perplexity.ai/guides/bots
- name: perplexity-user
user_agent_regex: Perplexity-User/.+; \+https\://perplexity\.ai/perplexity-user
action: ALLOW
# https://www.perplexity.com/perplexity-user.json
remote_addresses:
["44.208.221.197/32", "34.193.163.52/32", "18.97.21.0/30", "18.97.43.80/29"]

12
data/clients/telegram-preview.yaml
View File

@@ -1,6 +1,6 @@
- name: telegrambot - name: telegrambot
action: ALLOW action: ALLOW
expression: expression:
all: all:
- userAgent.matches("TelegramBot") - userAgent.matches("TelegramBot")
- verifyFCrDNS(remoteAddress, "ptr\\.telegram\\.org$") - verifyFCrDNS(remoteAddress, "ptr\\.telegram\\.org$")

12
data/clients/vk-preview.yaml
View File

@@ -1,6 +1,6 @@
- name: vkbot - name: vkbot
action: ALLOW action: ALLOW
expression: expression:
all: all:
- userAgent.matches("vkShare[^+]+\\+http\\://vk\\.com/dev/Share") - userAgent.matches("vkShare[^+]+\\+http\\://vk\\.com/dev/Share")
- verifyFCrDNS(remoteAddress, "^snipster\\d+\\.go\\.mail\\.ru$") - verifyFCrDNS(remoteAddress, "^snipster\\d+\\.go\\.mail\\.ru$")

55
data/common/acts-like-browser.yaml
View File

@@ -1,55 +0,0 @@
# Assert behaviour that only genuine browsers display. This ensures that modern Chrome
# or Firefox versions will get through without a challenge.
#
# These rules have been known to be bypassed by some of the worst automated scrapers.
# Use at your own risk.
- name: realistic-browser-catchall
expression:
all:
- '"User-Agent" in headers'
- '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
- '"Accept" in headers'
- '"Sec-Fetch-Dest" in headers'
- '"Sec-Fetch-Mode" in headers'
- '"Sec-Fetch-Site" in headers'
- '"Accept-Encoding" in headers'
- '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
- '"Accept-Language" in headers'
action: WEIGH
weight:
adjust: -10
# The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
- name: upgrade-insecure-requests
expression: '"Upgrade-Insecure-Requests" in headers'
action: WEIGH
weight:
adjust: -2
# Chrome should behave like Chrome
- name: chrome-is-proper
expression:
all:
- userAgent.contains("Chrome")
- '"Sec-Ch-Ua" in headers'
- 'headers["Sec-Ch-Ua"].contains("Chromium")'
- '"Sec-Ch-Ua-Mobile" in headers'
- '"Sec-Ch-Ua-Platform" in headers'
action: WEIGH
weight:
adjust: -5
- name: should-have-accept
expression: '!("Accept" in headers)'
action: WEIGH
weight:
adjust: 5
# Generic catchall rule
- name: generic-browser
user_agent_regex: >-
Mozilla|Opera
action: WEIGH
weight:
adjust: 10

4
data/common/allow-api-like.yaml
View File

@@ -2,5 +2,5 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- '!(method == "HEAD" || method == "GET")' - '!(method == "HEAD" || method == "GET")'
- path.startsWith("/api/") - path.startsWith("/api/")

2
data/common/json-api.yaml
View File

@@ -4,4 +4,4 @@
all: all:
- '"Accept" in headers' - '"Accept" in headers'
- 'headers["Accept"] == "application/json"' - 'headers["Accept"] == "application/json"'
- 'path.startsWith("/api/")' - 'path.startsWith("/api/")'

2
data/common/rfc-violations.yaml
View File

@@ -1,3 +1,3 @@
- name: no-user-agent-string - name: no-user-agent-string
action: DENY action: DENY
expression: userAgent == "" expression: userAgent == ""

2
data/crawlers/ai-search.yaml
View File

@@ -4,5 +4,5 @@
# - Claude-SearchBot: No published IP allowlist # - Claude-SearchBot: No published IP allowlist
- name: "ai-crawlers-search" - name: "ai-crawlers-search"
user_agent_regex: >- user_agent_regex: >-
OAI-SearchBot|Claude-SearchBot|PerplexityBot OAI-SearchBot|Claude-SearchBot
action: DENY action: DENY

29
data/crawlers/applebot.yaml
View File

@@ -4,18 +4,17 @@
user_agent_regex: Applebot user_agent_regex: Applebot
action: ALLOW action: ALLOW
# https://search.developer.apple.com/applebot.json # https://search.developer.apple.com/applebot.json
remote_addresses: remote_addresses: [
[ "17.241.208.160/27",
"17.241.208.160/27", "17.241.193.160/27",
"17.241.193.160/27", "17.241.200.160/27",
"17.241.200.160/27", "17.22.237.0/24",
"17.22.237.0/24", "17.22.245.0/24",
"17.22.245.0/24", "17.22.253.0/24",
"17.22.253.0/24", "17.241.75.0/24",
"17.241.75.0/24", "17.241.219.0/24",
"17.241.219.0/24", "17.241.227.0/24",
"17.241.227.0/24", "17.246.15.0/24",
"17.246.15.0/24", "17.246.19.0/24",
"17.246.19.0/24", "17.246.23.0/24",
"17.246.23.0/24", ]
]

61
data/crawlers/bingbot.yaml
View File

@@ -2,34 +2,33 @@
user_agent_regex: \+http\://www\.bing\.com/bingbot\.htm user_agent_regex: \+http\://www\.bing\.com/bingbot\.htm
action: ALLOW action: ALLOW
# https://www.bing.com/toolbox/bingbot.json # https://www.bing.com/toolbox/bingbot.json
remote_addresses: remote_addresses: [
[ "157.55.39.0/24",
"157.55.39.0/24", "207.46.13.0/24",
"207.46.13.0/24", "40.77.167.0/24",
"40.77.167.0/24", "13.66.139.0/24",
"13.66.139.0/24", "13.66.144.0/24",
"13.66.144.0/24", "52.167.144.0/24",
"52.167.144.0/24", "13.67.10.16/28",
"13.67.10.16/28", "13.69.66.240/28",
"13.69.66.240/28", "13.71.172.224/28",
"13.71.172.224/28", "139.217.52.0/28",
"139.217.52.0/28", "191.233.204.224/28",
"191.233.204.224/28", "20.36.108.32/28",
"20.36.108.32/28", "20.43.120.16/28",
"20.43.120.16/28", "40.79.131.208/28",
"40.79.131.208/28", "40.79.186.176/28",
"40.79.186.176/28", "52.231.148.0/28",
"52.231.148.0/28", "20.79.107.240/28",
"20.79.107.240/28", "51.105.67.0/28",
"51.105.67.0/28", "20.125.163.80/28",
"20.125.163.80/28", "40.77.188.0/22",
"40.77.188.0/22", "65.55.210.0/24",
"65.55.210.0/24", "199.30.24.0/23",
"199.30.24.0/23", "40.77.202.0/24",
"40.77.202.0/24", "40.77.139.0/25",
"40.77.139.0/25", "20.74.197.0/28",
"20.74.197.0/28", "20.15.133.160/27",
"20.15.133.160/27", "40.77.177.0/24",
"40.77.177.0/24", "40.77.178.0/23"
"40.77.178.0/23", ]
]

543
data/crawlers/duckduckbot.yaml
View File

@@ -2,275 +2,274 @@
user_agent_regex: DuckDuckBot/1\.1; \(\+http\://duckduckgo\.com/duckduckbot\.html\) user_agent_regex: DuckDuckBot/1\.1; \(\+http\://duckduckgo\.com/duckduckbot\.html\)
action: ALLOW action: ALLOW
# https://duckduckgo.com/duckduckgo-help-pages/results/duckduckbot # https://duckduckgo.com/duckduckgo-help-pages/results/duckduckbot
remote_addresses: remote_addresses: [
[ "57.152.72.128/32",
"57.152.72.128/32", "51.8.253.152/32",
"51.8.253.152/32", "40.80.242.63/32",
"40.80.242.63/32", "20.12.141.99/32",
"20.12.141.99/32", "20.49.136.28/32",
"20.49.136.28/32", "51.116.131.221/32",
"51.116.131.221/32", "51.107.40.209/32",
"51.107.40.209/32", "20.40.133.240/32",
"20.40.133.240/32", "20.50.168.91/32",
"20.50.168.91/32", "51.120.48.122/32",
"51.120.48.122/32", "20.193.45.113/32",
"20.193.45.113/32", "40.76.173.151/32",
"40.76.173.151/32", "40.76.163.7/32",
"40.76.163.7/32", "20.185.79.47/32",
"20.185.79.47/32", "52.142.26.175/32",
"52.142.26.175/32", "20.185.79.15/32",
"20.185.79.15/32", "52.142.24.149/32",
"52.142.24.149/32", "40.76.162.208/32",
"40.76.162.208/32", "40.76.163.23/32",
"40.76.163.23/32", "40.76.162.191/32",
"40.76.162.191/32", "40.76.162.247/32",
"40.76.162.247/32", "40.88.21.235/32",
"40.88.21.235/32", "20.191.45.212/32",
"20.191.45.212/32", "52.146.59.12/32",
"52.146.59.12/32", "52.146.59.156/32",
"52.146.59.156/32", "52.146.59.154/32",
"52.146.59.154/32", "52.146.58.236/32",
"52.146.58.236/32", "20.62.224.44/32",
"20.62.224.44/32", "51.104.180.53/32",
"51.104.180.53/32", "51.104.180.47/32",
"51.104.180.47/32", "51.104.180.26/32",
"51.104.180.26/32", "51.104.146.225/32",
"51.104.146.225/32", "51.104.146.235/32",
"51.104.146.235/32", "20.73.202.147/32",
"20.73.202.147/32", "20.73.132.240/32",
"20.73.132.240/32", "20.71.12.143/32",
"20.71.12.143/32", "20.56.197.58/32",
"20.56.197.58/32", "20.56.197.63/32",
"20.56.197.63/32", "20.43.150.93/32",
"20.43.150.93/32", "20.43.150.85/32",
"20.43.150.85/32", "20.44.222.1/32",
"20.44.222.1/32", "40.89.243.175/32",
"40.89.243.175/32", "13.89.106.77/32",
"13.89.106.77/32", "52.143.242.6/32",
"52.143.242.6/32", "52.143.241.111/32",
"52.143.241.111/32", "52.154.60.82/32",
"52.154.60.82/32", "20.197.209.11/32",
"20.197.209.11/32", "20.197.209.27/32",
"20.197.209.27/32", "20.226.133.105/32",
"20.226.133.105/32", "191.234.216.4/32",
"191.234.216.4/32", "191.234.216.178/32",
"191.234.216.178/32", "20.53.92.211/32",
"20.53.92.211/32", "20.53.91.2/32",
"20.53.91.2/32", "20.207.99.197/32",
"20.207.99.197/32", "20.207.97.190/32",
"20.207.97.190/32", "40.81.250.205/32",
"40.81.250.205/32", "40.64.106.11/32",
"40.64.106.11/32", "40.64.105.247/32",
"40.64.105.247/32", "20.72.242.93/32",
"20.72.242.93/32", "20.99.255.235/32",
"20.99.255.235/32", "20.113.3.121/32",
"20.113.3.121/32", "52.224.16.221/32",
"52.224.16.221/32", "52.224.21.53/32",
"52.224.21.53/32", "52.224.20.204/32",
"52.224.20.204/32", "52.224.21.19/32",
"52.224.21.19/32", "52.224.20.249/32",
"52.224.20.249/32", "52.224.20.203/32",
"52.224.20.203/32", "52.224.20.190/32",
"52.224.20.190/32", "52.224.16.229/32",
"52.224.16.229/32", "52.224.21.20/32",
"52.224.21.20/32", "52.146.63.80/32",
"52.146.63.80/32", "52.224.20.227/32",
"52.224.20.227/32", "52.224.20.193/32",
"52.224.20.193/32", "52.190.37.160/32",
"52.190.37.160/32", "52.224.21.23/32",
"52.224.21.23/32", "52.224.20.223/32",
"52.224.20.223/32", "52.224.20.181/32",
"52.224.20.181/32", "52.224.21.49/32",
"52.224.21.49/32", "52.224.21.55/32",
"52.224.21.55/32", "52.224.21.61/32",
"52.224.21.61/32", "52.224.19.152/32",
"52.224.19.152/32", "52.224.20.186/32",
"52.224.20.186/32", "52.224.21.27/32",
"52.224.21.27/32", "52.224.21.51/32",
"52.224.21.51/32", "52.224.20.174/32",
"52.224.20.174/32", "52.224.21.4/32",
"52.224.21.4/32", "51.104.164.109/32",
"51.104.164.109/32", "51.104.167.71/32",
"51.104.167.71/32", "51.104.160.177/32",
"51.104.160.177/32", "51.104.162.149/32",
"51.104.162.149/32", "51.104.167.95/32",
"51.104.167.95/32", "51.104.167.54/32",
"51.104.167.54/32", "51.104.166.111/32",
"51.104.166.111/32", "51.104.167.88/32",
"51.104.167.88/32", "51.104.161.32/32",
"51.104.161.32/32", "51.104.163.250/32",
"51.104.163.250/32", "51.104.164.189/32",
"51.104.164.189/32", "51.104.167.19/32",
"51.104.167.19/32", "51.104.160.167/32",
"51.104.160.167/32", "51.104.167.110/32",
"51.104.167.110/32", "20.191.44.119/32",
"20.191.44.119/32", "51.104.167.104/32",
"51.104.167.104/32", "20.191.44.234/32",
"20.191.44.234/32", "51.104.164.215/32",
"51.104.164.215/32", "51.104.167.52/32",
"51.104.167.52/32", "20.191.44.22/32",
"20.191.44.22/32", "51.104.167.87/32",
"51.104.167.87/32", "51.104.167.96/32",
"51.104.167.96/32", "20.191.44.16/32",
"20.191.44.16/32", "51.104.167.61/32",
"51.104.167.61/32", "51.104.164.147/32",
"51.104.164.147/32", "20.50.48.159/32",
"20.50.48.159/32", "40.114.182.172/32",
"40.114.182.172/32", "20.50.50.130/32",
"20.50.50.130/32", "20.50.50.163/32",
"20.50.50.163/32", "20.50.50.46/32",
"20.50.50.46/32", "40.114.182.153/32",
"40.114.182.153/32", "20.50.50.118/32",
"20.50.50.118/32", "20.50.49.55/32",
"20.50.49.55/32", "20.50.49.25/32",
"20.50.49.25/32", "40.114.183.251/32",
"40.114.183.251/32", "20.50.50.123/32",
"20.50.50.123/32", "20.50.49.237/32",
"20.50.49.237/32", "20.50.48.192/32",
"20.50.48.192/32", "20.50.50.134/32",
"20.50.50.134/32", "51.138.90.233/32",
"51.138.90.233/32", "40.114.183.196/32",
"40.114.183.196/32", "20.50.50.146/32",
"20.50.50.146/32", "40.114.183.88/32",
"40.114.183.88/32", "20.50.50.145/32",
"20.50.50.145/32", "20.50.50.121/32",
"20.50.50.121/32", "20.50.49.40/32",
"20.50.49.40/32", "51.138.90.206/32",
"51.138.90.206/32", "40.114.182.45/32",
"40.114.182.45/32", "51.138.90.161/32",
"51.138.90.161/32", "20.50.49.0/32",
"20.50.49.0/32", "40.119.232.215/32",
"40.119.232.215/32", "104.43.55.167/32",
"104.43.55.167/32", "40.119.232.251/32",
"40.119.232.251/32", "40.119.232.50/32",
"40.119.232.50/32", "40.119.232.146/32",
"40.119.232.146/32", "40.119.232.218/32",
"40.119.232.218/32", "104.43.54.127/32",
"104.43.54.127/32", "104.43.55.117/32",
"104.43.55.117/32", "104.43.55.116/32",
"104.43.55.116/32", "104.43.55.166/32",
"104.43.55.166/32", "52.154.169.50/32",
"52.154.169.50/32", "52.154.171.70/32",
"52.154.171.70/32", "52.154.170.229/32",
"52.154.170.229/32", "52.154.170.113/32",
"52.154.170.113/32", "52.154.171.44/32",
"52.154.171.44/32", "52.154.172.2/32",
"52.154.172.2/32", "52.143.244.81/32",
"52.143.244.81/32", "52.154.171.87/32",
"52.154.171.87/32", "52.154.171.250/32",
"52.154.171.250/32", "52.154.170.28/32",
"52.154.170.28/32", "52.154.170.122/32",
"52.154.170.122/32", "52.143.243.117/32",
"52.143.243.117/32", "52.143.247.235/32",
"52.143.247.235/32", "52.154.171.235/32",
"52.154.171.235/32", "52.154.171.196/32",
"52.154.171.196/32", "52.154.171.0/32",
"52.154.171.0/32", "52.154.170.243/32",
"52.154.170.243/32", "52.154.170.26/32",
"52.154.170.26/32", "52.154.169.200/32",
"52.154.169.200/32", "52.154.170.96/32",
"52.154.170.96/32", "52.154.170.88/32",
"52.154.170.88/32", "52.154.171.150/32",
"52.154.171.150/32", "52.154.171.205/32",
"52.154.171.205/32", "52.154.170.117/32",
"52.154.170.117/32", "52.154.170.209/32",
"52.154.170.209/32", "191.235.202.48/32",
"191.235.202.48/32", "191.233.3.202/32",
"191.233.3.202/32", "191.235.201.214/32",
"191.235.201.214/32", "191.233.3.197/32",
"191.233.3.197/32", "191.235.202.38/32",
"191.235.202.38/32", "20.53.78.144/32",
"20.53.78.144/32", "20.193.24.10/32",
"20.193.24.10/32", "20.53.78.236/32",
"20.53.78.236/32", "20.53.78.138/32",
"20.53.78.138/32", "20.53.78.123/32",
"20.53.78.123/32", "20.53.78.106/32",
"20.53.78.106/32", "20.193.27.215/32",
"20.193.27.215/32", "20.193.25.197/32",
"20.193.25.197/32", "20.193.12.126/32",
"20.193.12.126/32", "20.193.24.251/32",
"20.193.24.251/32", "20.204.242.101/32",
"20.204.242.101/32", "20.207.72.113/32",
"20.207.72.113/32", "20.204.242.19/32",
"20.204.242.19/32", "20.219.45.67/32",
"20.219.45.67/32", "20.207.72.11/32",
"20.207.72.11/32", "20.219.45.190/32",
"20.219.45.190/32", "20.204.243.55/32",
"20.204.243.55/32", "20.204.241.148/32",
"20.204.241.148/32", "20.207.72.110/32",
"20.207.72.110/32", "20.204.240.172/32",
"20.204.240.172/32", "20.207.72.21/32",
"20.207.72.21/32", "20.204.246.81/32",
"20.204.246.81/32", "20.207.107.181/32",
"20.207.107.181/32", "20.204.246.254/32",
"20.204.246.254/32", "20.219.43.246/32",
"20.219.43.246/32", "52.149.25.43/32",
"52.149.25.43/32", "52.149.61.51/32",
"52.149.61.51/32", "52.149.58.139/32",
"52.149.58.139/32", "52.149.60.38/32",
"52.149.60.38/32", "52.148.165.38/32",
"52.148.165.38/32", "52.143.95.162/32",
"52.143.95.162/32", "52.149.56.151/32",
"52.149.56.151/32", "52.149.30.45/32",
"52.149.30.45/32", "52.149.58.173/32",
"52.149.58.173/32", "52.143.95.204/32",
"52.143.95.204/32", "52.149.28.83/32",
"52.149.28.83/32", "52.149.58.69/32",
"52.149.58.69/32", "52.148.161.87/32",
"52.148.161.87/32", "52.149.58.27/32",
"52.149.58.27/32", "52.149.28.18/32",
"52.149.28.18/32", "20.79.226.26/32",
"20.79.226.26/32", "20.79.239.66/32",
"20.79.239.66/32", "20.79.238.198/32",
"20.79.238.198/32", "20.113.14.159/32",
"20.113.14.159/32", "20.75.144.152/32",
"20.75.144.152/32", "20.43.172.120/32",
"20.43.172.120/32", "20.53.134.160/32",
"20.53.134.160/32", "20.201.15.208/32",
"20.201.15.208/32", "20.93.28.24/32",
"20.93.28.24/32", "20.61.34.40/32",
"20.61.34.40/32", "52.242.224.168/32",
"52.242.224.168/32", "20.80.129.80/32",
"20.80.129.80/32", "20.195.108.47/32",
"20.195.108.47/32", "4.195.133.120/32",
"4.195.133.120/32", "4.228.76.163/32",
"4.228.76.163/32", "4.182.131.108/32",
"4.182.131.108/32", "4.209.224.56/32",
"4.209.224.56/32", "108.141.83.74/32",
"108.141.83.74/32", "4.213.46.14/32",
"4.213.46.14/32", "172.169.17.165/32",
"172.169.17.165/32", "51.8.71.117/32",
"51.8.71.117/32", "20.3.1.178/32",
"20.3.1.178/32", "52.149.56.151/32",
"52.149.56.151/32", "52.149.30.45/32",
"52.149.30.45/32", "52.149.58.173/32",
"52.149.58.173/32", "52.143.95.204/32",
"52.143.95.204/32", "52.149.28.83/32",
"52.149.28.83/32", "52.149.58.69/32",
"52.149.58.69/32", "52.148.161.87/32",
"52.148.161.87/32", "52.149.58.27/32",
"52.149.58.27/32", "52.149.28.18/32",
"52.149.28.18/32", "20.79.226.26/32",
"20.79.226.26/32", "20.79.239.66/32",
"20.79.239.66/32", "20.79.238.198/32",
"20.79.238.198/32", "20.113.14.159/32",
"20.113.14.159/32", "20.75.144.152/32",
"20.75.144.152/32", "20.43.172.120/32",
"20.43.172.120/32", "20.53.134.160/32",
"20.53.134.160/32", "20.201.15.208/32",
"20.201.15.208/32", "20.93.28.24/32",
"20.93.28.24/32", "20.61.34.40/32",
"20.61.34.40/32", "52.242.224.168/32",
"52.242.224.168/32", "20.80.129.80/32",
"20.80.129.80/32", "20.195.108.47/32",
"20.195.108.47/32", "4.195.133.120/32",
"4.195.133.120/32", "4.228.76.163/32",
"4.228.76.163/32", "4.182.131.108/32",
"4.182.131.108/32", "4.209.224.56/32",
"4.209.224.56/32", "108.141.83.74/32",
"108.141.83.74/32", "4.213.46.14/32",
"4.213.46.14/32", "172.169.17.165/32",
"172.169.17.165/32", "51.8.71.117/32",
"51.8.71.117/32", "20.3.1.178/32"
"20.3.1.178/32", ]
]

519
data/crawlers/googlebot.yaml
View File

@@ -2,263 +2,262 @@
user_agent_regex: \+http\://www\.google\.com/bot\.html user_agent_regex: \+http\://www\.google\.com/bot\.html
action: ALLOW action: ALLOW
# https://developers.google.com/static/search/apis/ipranges/googlebot.json # https://developers.google.com/static/search/apis/ipranges/googlebot.json
remote_addresses: remote_addresses: [
[ "2001:4860:4801:10::/64",
"2001:4860:4801:10::/64", "2001:4860:4801:11::/64",
"2001:4860:4801:11::/64", "2001:4860:4801:12::/64",
"2001:4860:4801:12::/64", "2001:4860:4801:13::/64",
"2001:4860:4801:13::/64", "2001:4860:4801:14::/64",
"2001:4860:4801:14::/64", "2001:4860:4801:15::/64",
"2001:4860:4801:15::/64", "2001:4860:4801:16::/64",
"2001:4860:4801:16::/64", "2001:4860:4801:17::/64",
"2001:4860:4801:17::/64", "2001:4860:4801:18::/64",
"2001:4860:4801:18::/64", "2001:4860:4801:19::/64",
"2001:4860:4801:19::/64", "2001:4860:4801:1a::/64",
"2001:4860:4801:1a::/64", "2001:4860:4801:1b::/64",
"2001:4860:4801:1b::/64", "2001:4860:4801:1c::/64",
"2001:4860:4801:1c::/64", "2001:4860:4801:1d::/64",
"2001:4860:4801:1d::/64", "2001:4860:4801:1e::/64",
"2001:4860:4801:1e::/64", "2001:4860:4801:1f::/64",
"2001:4860:4801:1f::/64", "2001:4860:4801:20::/64",
"2001:4860:4801:20::/64", "2001:4860:4801:21::/64",
"2001:4860:4801:21::/64", "2001:4860:4801:22::/64",
"2001:4860:4801:22::/64", "2001:4860:4801:23::/64",
"2001:4860:4801:23::/64", "2001:4860:4801:24::/64",
"2001:4860:4801:24::/64", "2001:4860:4801:25::/64",
"2001:4860:4801:25::/64", "2001:4860:4801:26::/64",
"2001:4860:4801:26::/64", "2001:4860:4801:27::/64",
"2001:4860:4801:27::/64", "2001:4860:4801:28::/64",
"2001:4860:4801:28::/64", "2001:4860:4801:29::/64",
"2001:4860:4801:29::/64", "2001:4860:4801:2::/64",
"2001:4860:4801:2::/64", "2001:4860:4801:2a::/64",
"2001:4860:4801:2a::/64", "2001:4860:4801:2b::/64",
"2001:4860:4801:2b::/64", "2001:4860:4801:2c::/64",
"2001:4860:4801:2c::/64", "2001:4860:4801:2d::/64",
"2001:4860:4801:2d::/64", "2001:4860:4801:2e::/64",
"2001:4860:4801:2e::/64", "2001:4860:4801:2f::/64",
"2001:4860:4801:2f::/64", "2001:4860:4801:31::/64",
"2001:4860:4801:31::/64", "2001:4860:4801:32::/64",
"2001:4860:4801:32::/64", "2001:4860:4801:33::/64",
"2001:4860:4801:33::/64", "2001:4860:4801:34::/64",
"2001:4860:4801:34::/64", "2001:4860:4801:35::/64",
"2001:4860:4801:35::/64", "2001:4860:4801:36::/64",
"2001:4860:4801:36::/64", "2001:4860:4801:37::/64",
"2001:4860:4801:37::/64", "2001:4860:4801:38::/64",
"2001:4860:4801:38::/64", "2001:4860:4801:39::/64",
"2001:4860:4801:39::/64", "2001:4860:4801:3a::/64",
"2001:4860:4801:3a::/64", "2001:4860:4801:3b::/64",
"2001:4860:4801:3b::/64", "2001:4860:4801:3c::/64",
"2001:4860:4801:3c::/64", "2001:4860:4801:3d::/64",
"2001:4860:4801:3d::/64", "2001:4860:4801:3e::/64",
"2001:4860:4801:3e::/64", "2001:4860:4801:40::/64",
"2001:4860:4801:40::/64", "2001:4860:4801:41::/64",
"2001:4860:4801:41::/64", "2001:4860:4801:42::/64",
"2001:4860:4801:42::/64", "2001:4860:4801:43::/64",
"2001:4860:4801:43::/64", "2001:4860:4801:44::/64",
"2001:4860:4801:44::/64", "2001:4860:4801:45::/64",
"2001:4860:4801:45::/64", "2001:4860:4801:46::/64",
"2001:4860:4801:46::/64", "2001:4860:4801:47::/64",
"2001:4860:4801:47::/64", "2001:4860:4801:48::/64",
"2001:4860:4801:48::/64", "2001:4860:4801:49::/64",
"2001:4860:4801:49::/64", "2001:4860:4801:4a::/64",
"2001:4860:4801:4a::/64", "2001:4860:4801:4b::/64",
"2001:4860:4801:4b::/64", "2001:4860:4801:4c::/64",
"2001:4860:4801:4c::/64", "2001:4860:4801:50::/64",
"2001:4860:4801:50::/64", "2001:4860:4801:51::/64",
"2001:4860:4801:51::/64", "2001:4860:4801:52::/64",
"2001:4860:4801:52::/64", "2001:4860:4801:53::/64",
"2001:4860:4801:53::/64", "2001:4860:4801:54::/64",
"2001:4860:4801:54::/64", "2001:4860:4801:55::/64",
"2001:4860:4801:55::/64", "2001:4860:4801:56::/64",
"2001:4860:4801:56::/64", "2001:4860:4801:60::/64",
"2001:4860:4801:60::/64", "2001:4860:4801:61::/64",
"2001:4860:4801:61::/64", "2001:4860:4801:62::/64",
"2001:4860:4801:62::/64", "2001:4860:4801:63::/64",
"2001:4860:4801:63::/64", "2001:4860:4801:64::/64",
"2001:4860:4801:64::/64", "2001:4860:4801:65::/64",
"2001:4860:4801:65::/64", "2001:4860:4801:66::/64",
"2001:4860:4801:66::/64", "2001:4860:4801:67::/64",
"2001:4860:4801:67::/64", "2001:4860:4801:68::/64",
"2001:4860:4801:68::/64", "2001:4860:4801:69::/64",
"2001:4860:4801:69::/64", "2001:4860:4801:6a::/64",
"2001:4860:4801:6a::/64", "2001:4860:4801:6b::/64",
"2001:4860:4801:6b::/64", "2001:4860:4801:6c::/64",
"2001:4860:4801:6c::/64", "2001:4860:4801:6d::/64",
"2001:4860:4801:6d::/64", "2001:4860:4801:6e::/64",
"2001:4860:4801:6e::/64", "2001:4860:4801:6f::/64",
"2001:4860:4801:6f::/64", "2001:4860:4801:70::/64",
"2001:4860:4801:70::/64", "2001:4860:4801:71::/64",
"2001:4860:4801:71::/64", "2001:4860:4801:72::/64",
"2001:4860:4801:72::/64", "2001:4860:4801:73::/64",
"2001:4860:4801:73::/64", "2001:4860:4801:74::/64",
"2001:4860:4801:74::/64", "2001:4860:4801:75::/64",
"2001:4860:4801:75::/64", "2001:4860:4801:76::/64",
"2001:4860:4801:76::/64", "2001:4860:4801:77::/64",
"2001:4860:4801:77::/64", "2001:4860:4801:78::/64",
"2001:4860:4801:78::/64", "2001:4860:4801:79::/64",
"2001:4860:4801:79::/64", "2001:4860:4801:80::/64",
"2001:4860:4801:80::/64", "2001:4860:4801:81::/64",
"2001:4860:4801:81::/64", "2001:4860:4801:82::/64",
"2001:4860:4801:82::/64", "2001:4860:4801:83::/64",
"2001:4860:4801:83::/64", "2001:4860:4801:84::/64",
"2001:4860:4801:84::/64", "2001:4860:4801:85::/64",
"2001:4860:4801:85::/64", "2001:4860:4801:86::/64",
"2001:4860:4801:86::/64", "2001:4860:4801:87::/64",
"2001:4860:4801:87::/64", "2001:4860:4801:88::/64",
"2001:4860:4801:88::/64", "2001:4860:4801:90::/64",
"2001:4860:4801:90::/64", "2001:4860:4801:91::/64",
"2001:4860:4801:91::/64", "2001:4860:4801:92::/64",
"2001:4860:4801:92::/64", "2001:4860:4801:93::/64",
"2001:4860:4801:93::/64", "2001:4860:4801:94::/64",
"2001:4860:4801:94::/64", "2001:4860:4801:95::/64",
"2001:4860:4801:95::/64", "2001:4860:4801:96::/64",
"2001:4860:4801:96::/64", "2001:4860:4801:a0::/64",
"2001:4860:4801:a0::/64", "2001:4860:4801:a1::/64",
"2001:4860:4801:a1::/64", "2001:4860:4801:a2::/64",
"2001:4860:4801:a2::/64", "2001:4860:4801:a3::/64",
"2001:4860:4801:a3::/64", "2001:4860:4801:a4::/64",
"2001:4860:4801:a4::/64", "2001:4860:4801:a5::/64",
"2001:4860:4801:a5::/64", "2001:4860:4801:c::/64",
"2001:4860:4801:c::/64", "2001:4860:4801:f::/64",
"2001:4860:4801:f::/64", "192.178.5.0/27",
"192.178.5.0/27", "192.178.6.0/27",
"192.178.6.0/27", "192.178.6.128/27",
"192.178.6.128/27", "192.178.6.160/27",
"192.178.6.160/27", "192.178.6.192/27",
"192.178.6.192/27", "192.178.6.32/27",
"192.178.6.32/27", "192.178.6.64/27",
"192.178.6.64/27", "192.178.6.96/27",
"192.178.6.96/27", "34.100.182.96/28",
"34.100.182.96/28", "34.101.50.144/28",
"34.101.50.144/28", "34.118.254.0/28",
"34.118.254.0/28", "34.118.66.0/28",
"34.118.66.0/28", "34.126.178.96/28",
"34.126.178.96/28", "34.146.150.144/28",
"34.146.150.144/28", "34.147.110.144/28",
"34.147.110.144/28", "34.151.74.144/28",
"34.151.74.144/28", "34.152.50.64/28",
"34.152.50.64/28", "34.154.114.144/28",
"34.154.114.144/28", "34.155.98.32/28",
"34.155.98.32/28", "34.165.18.176/28",
"34.165.18.176/28", "34.175.160.64/28",
"34.175.160.64/28", "34.176.130.16/28",
"34.176.130.16/28", "34.22.85.0/27",
"34.22.85.0/27", "34.64.82.64/28",
"34.64.82.64/28", "34.65.242.112/28",
"34.65.242.112/28", "34.80.50.80/28",
"34.80.50.80/28", "34.88.194.0/28",
"34.88.194.0/28", "34.89.10.80/28",
"34.89.10.80/28", "34.89.198.80/28",
"34.89.198.80/28", "34.96.162.48/28",
"34.96.162.48/28", "35.247.243.240/28",
"35.247.243.240/28", "66.249.64.0/27",
"66.249.64.0/27", "66.249.64.128/27",
"66.249.64.128/27", "66.249.64.160/27",
"66.249.64.160/27", "66.249.64.224/27",
"66.249.64.224/27", "66.249.64.32/27",
"66.249.64.32/27", "66.249.64.64/27",
"66.249.64.64/27", "66.249.64.96/27",
"66.249.64.96/27", "66.249.65.0/27",
"66.249.65.0/27", "66.249.65.128/27",
"66.249.65.128/27", "66.249.65.160/27",
"66.249.65.160/27", "66.249.65.192/27",
"66.249.65.192/27", "66.249.65.224/27",
"66.249.65.224/27", "66.249.65.32/27",
"66.249.65.32/27", "66.249.65.64/27",
"66.249.65.64/27", "66.249.65.96/27",
"66.249.65.96/27", "66.249.66.0/27",
"66.249.66.0/27", "66.249.66.128/27",
"66.249.66.128/27", "66.249.66.160/27",
"66.249.66.160/27", "66.249.66.192/27",
"66.249.66.192/27", "66.249.66.224/27",
"66.249.66.224/27", "66.249.66.32/27",
"66.249.66.32/27", "66.249.66.64/27",
"66.249.66.64/27", "66.249.66.96/27",
"66.249.66.96/27", "66.249.68.0/27",
"66.249.68.0/27", "66.249.68.128/27",
"66.249.68.128/27", "66.249.68.32/27",
"66.249.68.32/27", "66.249.68.64/27",
"66.249.68.64/27", "66.249.68.96/27",
"66.249.68.96/27", "66.249.69.0/27",
"66.249.69.0/27", "66.249.69.128/27",
"66.249.69.128/27", "66.249.69.160/27",
"66.249.69.160/27", "66.249.69.192/27",
"66.249.69.192/27", "66.249.69.224/27",
"66.249.69.224/27", "66.249.69.32/27",
"66.249.69.32/27", "66.249.69.64/27",
"66.249.69.64/27", "66.249.69.96/27",
"66.249.69.96/27", "66.249.70.0/27",
"66.249.70.0/27", "66.249.70.128/27",
"66.249.70.128/27", "66.249.70.160/27",
"66.249.70.160/27", "66.249.70.192/27",
"66.249.70.192/27", "66.249.70.224/27",
"66.249.70.224/27", "66.249.70.32/27",
"66.249.70.32/27", "66.249.70.64/27",
"66.249.70.64/27", "66.249.70.96/27",
"66.249.70.96/27", "66.249.71.0/27",
"66.249.71.0/27", "66.249.71.128/27",
"66.249.71.128/27", "66.249.71.160/27",
"66.249.71.160/27", "66.249.71.192/27",
"66.249.71.192/27", "66.249.71.224/27",
"66.249.71.224/27", "66.249.71.32/27",
"66.249.71.32/27", "66.249.71.64/27",
"66.249.71.64/27", "66.249.71.96/27",
"66.249.71.96/27", "66.249.72.0/27",
"66.249.72.0/27", "66.249.72.128/27",
"66.249.72.128/27", "66.249.72.160/27",
"66.249.72.160/27", "66.249.72.192/27",
"66.249.72.192/27", "66.249.72.224/27",
"66.249.72.224/27", "66.249.72.32/27",
"66.249.72.32/27", "66.249.72.64/27",
"66.249.72.64/27", "66.249.72.96/27",
"66.249.72.96/27", "66.249.73.0/27",
"66.249.73.0/27", "66.249.73.128/27",
"66.249.73.128/27", "66.249.73.160/27",
"66.249.73.160/27", "66.249.73.192/27",
"66.249.73.192/27", "66.249.73.224/27",
"66.249.73.224/27", "66.249.73.32/27",
"66.249.73.32/27", "66.249.73.64/27",
"66.249.73.64/27", "66.249.73.96/27",
"66.249.73.96/27", "66.249.74.0/27",
"66.249.74.0/27", "66.249.74.128/27",
"66.249.74.128/27", "66.249.74.160/27",
"66.249.74.160/27", "66.249.74.192/27",
"66.249.74.192/27", "66.249.74.32/27",
"66.249.74.32/27", "66.249.74.64/27",
"66.249.74.64/27", "66.249.74.96/27",
"66.249.74.96/27", "66.249.75.0/27",
"66.249.75.0/27", "66.249.75.128/27",
"66.249.75.128/27", "66.249.75.160/27",
"66.249.75.160/27", "66.249.75.192/27",
"66.249.75.192/27", "66.249.75.224/27",
"66.249.75.224/27", "66.249.75.32/27",
"66.249.75.32/27", "66.249.75.64/27",
"66.249.75.64/27", "66.249.75.96/27",
"66.249.75.96/27", "66.249.76.0/27",
"66.249.76.0/27", "66.249.76.128/27",
"66.249.76.128/27", "66.249.76.160/27",
"66.249.76.160/27", "66.249.76.192/27",
"66.249.76.192/27", "66.249.76.224/27",
"66.249.76.224/27", "66.249.76.32/27",
"66.249.76.32/27", "66.249.76.64/27",
"66.249.76.64/27", "66.249.76.96/27",
"66.249.76.96/27", "66.249.77.0/27",
"66.249.77.0/27", "66.249.77.128/27",
"66.249.77.128/27", "66.249.77.160/27",
"66.249.77.160/27", "66.249.77.192/27",
"66.249.77.192/27", "66.249.77.224/27",
"66.249.77.224/27", "66.249.77.32/27",
"66.249.77.32/27", "66.249.77.64/27",
"66.249.77.64/27", "66.249.77.96/27",
"66.249.77.96/27", "66.249.78.0/27",
"66.249.78.0/27", "66.249.78.32/27",
"66.249.78.32/27", "66.249.79.0/27",
"66.249.79.0/27", "66.249.79.128/27",
"66.249.79.128/27", "66.249.79.160/27",
"66.249.79.160/27", "66.249.79.192/27",
"66.249.79.192/27", "66.249.79.224/27",
"66.249.79.224/27", "66.249.79.32/27",
"66.249.79.32/27", "66.249.79.64/27",
"66.249.79.64/27", "66.249.79.96/27"
"66.249.79.96/27", ]
]

6
data/crawlers/internet-archive.yaml
View File

@@ -1,4 +1,8 @@
- name: internet-archive - name: internet-archive
action: ALLOW action: ALLOW
# https://ipinfo.io/AS7941 # https://ipinfo.io/AS7941
remote_addresses: ["207.241.224.0/20", "208.70.24.0/21", "2620:0:9c0::/48"] remote_addresses: [
"207.241.224.0/20",
"208.70.24.0/21",
"2620:0:9c0::/48"
]

13
data/crawlers/kagibot.yaml
View File

@@ -2,10 +2,9 @@
user_agent_regex: \+https\://kagi\.com/bot user_agent_regex: \+https\://kagi\.com/bot
action: ALLOW action: ALLOW
# https://kagi.com/bot # https://kagi.com/bot
remote_addresses: remote_addresses: [
[ "216.18.205.234/32",
"216.18.205.234/32", "35.212.27.76/32",
"35.212.27.76/32", "104.254.65.50/32",
"104.254.65.50/32", "209.151.156.194/32"
"209.151.156.194/32", ]
]

15
data/crawlers/marginalia.yaml
View File

@@ -2,11 +2,10 @@
user_agent_regex: search\.marginalia\.nu user_agent_regex: search\.marginalia\.nu
action: ALLOW action: ALLOW
# Received directly over email # Received directly over email
remote_addresses: remote_addresses: [
[ "193.183.0.162/31",
"193.183.0.162/31", "193.183.0.164/30",
"193.183.0.164/30", "193.183.0.168/30",
"193.183.0.168/30", "193.183.0.172/31",
"193.183.0.172/31", "193.183.0.174/32"
"193.183.0.174/32", ]
]

2
data/crawlers/mojeekbot.yaml
View File

@@ -2,4 +2,4 @@
user_agent_regex: \+https\://www\.mojeek\.com/bot\.html user_agent_regex: \+https\://www\.mojeek\.com/bot\.html
action: ALLOW action: ALLOW
# https://www.mojeek.com/bot.html # https://www.mojeek.com/bot.html
remote_addresses: ["5.102.173.71/32"] remote_addresses: [ "5.102.173.71/32" ]

21
data/crawlers/openai-gptbot.yaml
View File

@@ -4,14 +4,13 @@
user_agent_regex: GPTBot/1\.1; \+https\://openai\.com/gptbot user_agent_regex: GPTBot/1\.1; \+https\://openai\.com/gptbot
action: ALLOW action: ALLOW
# https://openai.com/gptbot.json # https://openai.com/gptbot.json
remote_addresses: remote_addresses: [
[ "52.230.152.0/24",
"52.230.152.0/24", "20.171.206.0/24",
"20.171.206.0/24", "20.171.207.0/24",
"20.171.207.0/24", "4.227.36.0/25",
"4.227.36.0/25", "20.125.66.80/28",
"20.125.66.80/28", "172.182.204.0/24",
"172.182.204.0/24", "172.182.214.0/24",
"172.182.214.0/24", "172.182.215.0/24",
"172.182.215.0/24", ]
]

15
data/crawlers/openai-searchbot.yaml
View File

@@ -4,11 +4,10 @@
user_agent_regex: OAI-SearchBot/1\.0; \+https\://openai\.com/searchbot user_agent_regex: OAI-SearchBot/1\.0; \+https\://openai\.com/searchbot
action: ALLOW action: ALLOW
# https://openai.com/searchbot.json # https://openai.com/searchbot.json
remote_addresses: remote_addresses: [
[ "20.42.10.176/28",
"20.42.10.176/28", "172.203.190.128/28",
"172.203.190.128/28", "104.210.140.128/28",
"104.210.140.128/28", "51.8.102.0/24",
"51.8.102.0/24", "135.234.64.0/24"
"135.234.64.0/24", ]
]

17
data/crawlers/perplexitybot.yaml
View File

@@ -1,17 +0,0 @@
# Indexing for search, does not collect training data
# https://docs.perplexity.ai/guides/bots
- name: perplexitybot
user_agent_regex: PerplexityBot/.+; \+https\://perplexity\.ai/perplexitybot
action: ALLOW
# https://www.perplexity.com/perplexitybot.json
remote_addresses:
[
"107.20.236.150/32",
"3.224.62.45/32",
"18.210.92.235/32",
"3.222.232.239/32",
"3.211.124.183/32",
"3.231.139.107/32",
"18.97.1.228/30",
"18.97.9.96/29",
]

2
data/crawlers/qwantbot.yaml
View File

@@ -2,4 +2,4 @@
user_agent_regex: \+https\://help\.qwant\.com/bot/ user_agent_regex: \+https\://help\.qwant\.com/bot/
action: ALLOW action: ALLOW
# https://help.qwant.com/wp-content/uploads/sites/2/2025/01/qwantbot.json # https://help.qwant.com/wp-content/uploads/sites/2/2025/01/qwantbot.json
remote_addresses: ["91.242.162.0/24"] remote_addresses: [ "91.242.162.0/24" ]

12
data/crawlers/yandexbot.yaml
View File

@@ -1,6 +1,6 @@
- name: yandexbot - name: yandexbot
action: ALLOW action: ALLOW
expression: expression:
all: all:
- userAgent.matches("\\+http\\://yandex\\.com/bots") - userAgent.matches("\\+http\\://yandex\\.com/bots")
- verifyFCrDNS(remoteAddress, "^.*\\.yandex\\.(ru|com|net)$") - verifyFCrDNS(remoteAddress, "^.*\\.yandex\\.(ru|com|net)$")

2
data/meta/README.md
View File

@@ -2,4 +2,4 @@
Contains policies that exclusively reference policies in _multiple_ other data folders. Contains policies that exclusively reference policies in _multiple_ other data folders.
Akin to "stances" that the administrator can take, with reference to various topics, such as AI/LLM systems. Akin to "stances" that the administrator can take, with reference to various topics, such as AI/LLM systems.

2
data/meta/ai-block-aggressive.yaml
View File

@@ -3,4 +3,4 @@
- import: (data)/bots/ai-catchall.yaml - import: (data)/bots/ai-catchall.yaml
- import: (data)/clients/ai.yaml - import: (data)/clients/ai.yaml
- import: (data)/crawlers/ai-search.yaml - import: (data)/crawlers/ai-search.yaml
- import: (data)/crawlers/ai-training.yaml - import: (data)/crawlers/ai-training.yaml

4
data/meta/ai-block-moderate.yaml
View File

@@ -3,7 +3,5 @@
- import: (data)/bots/ai-catchall.yaml - import: (data)/bots/ai-catchall.yaml
- import: (data)/crawlers/ai-training.yaml - import: (data)/crawlers/ai-training.yaml
- import: (data)/crawlers/openai-searchbot.yaml - import: (data)/crawlers/openai-searchbot.yaml
- import: (data)/crawlers/perplexitybot.yaml
- import: (data)/clients/openai-chatgpt-user.yaml - import: (data)/clients/openai-chatgpt-user.yaml
- import: (data)/clients/mistral-mistralai-user.yaml - import: (data)/clients/mistral-mistralai-user.yaml
- import: (data)/clients/perplexity-user.yaml

4
data/meta/ai-block-permissive.yaml
View File

@@ -2,7 +2,5 @@
- import: (data)/bots/ai-catchall.yaml - import: (data)/bots/ai-catchall.yaml
- import: (data)/crawlers/openai-searchbot.yaml - import: (data)/crawlers/openai-searchbot.yaml
- import: (data)/crawlers/openai-gptbot.yaml - import: (data)/crawlers/openai-gptbot.yaml
- import: (data)/crawlers/perplexitybot.yaml
- import: (data)/clients/openai-chatgpt-user.yaml - import: (data)/clients/openai-chatgpt-user.yaml
- import: (data)/clients/mistral-mistralai-user.yaml - import: (data)/clients/mistral-mistralai-user.yaml
- import: (data)/clients/perplexity-user.yaml

44
data/meta/default-config.yaml
View File

@@ -79,6 +79,50 @@
# weight: # weight:
# adjust: -10 # adjust: -10
# Assert behaviour that only genuine browsers display. This ensures that Chrome
# or Firefox versions
- name: realistic-browser-catchall
expression:
all:
- '"User-Agent" in headers'
- '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
- '"Accept" in headers'
- '"Sec-Fetch-Dest" in headers'
- '"Sec-Fetch-Mode" in headers'
- '"Sec-Fetch-Site" in headers'
- '"Accept-Encoding" in headers'
- '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
- '"Accept-Language" in headers'
action: WEIGH
weight:
adjust: -10
# The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
- name: upgrade-insecure-requests
expression: '"Upgrade-Insecure-Requests" in headers'
action: WEIGH
weight:
adjust: -2
# Chrome should behave like Chrome
- name: chrome-is-proper
expression:
all:
- userAgent.contains("Chrome")
- '"Sec-Ch-Ua" in headers'
- 'headers["Sec-Ch-Ua"].contains("Chromium")'
- '"Sec-Ch-Ua-Mobile" in headers'
- '"Sec-Ch-Ua-Platform" in headers'
action: WEIGH
weight:
adjust: -5
- name: should-have-accept
expression: '!("Accept" in headers)'
action: WEIGH
weight:
adjust: 5
# Generic catchall rule # Generic catchall rule
- name: generic-browser - name: generic-browser
user_agent_regex: >- user_agent_regex: >-

4
data/meta/messengers-preview.yaml
View File

@@ -1,2 +1,2 @@
- import: (data)/clients/telegram-preview.yaml - import: (data)/clients/telegram-preview.yaml
- import: (data)/clients/vk-preview.yaml - import: (data)/clients/vk-preview.yaml

26
data/services/updown.yaml
View File

@@ -1,26 +0,0 @@
# https://updown.io/about
- name: updown
user_agent_regex: updown.io
action: ALLOW
remote_addresses: [
"45.32.74.41/32",
"104.238.136.194/32",
"192.99.37.47/32",
"91.121.222.175/32",
"104.238.159.87/32",
"102.212.60.78/32",
"135.181.102.135/32",
"45.32.107.181/32",
"45.76.104.117/32",
"45.63.29.207/32",
"2001:19f0:6001:2c6::1/128",
"2001:19f0:9002:11a::1/128",
"2607:5300:60:4c2f::1/128",
"2001:41d0:2:85af::1/128",
"2001:19f0:6c01:145::1/128",
"2c0f:c40:4003:4::2/128",
"2a01:4f9:c010:d5f9::1/128",
"2001:19f0:4400:402e::1/128",
"2001:19f0:7001:45a::1/128",
"2001:19f0:5801:1d8::1/128"
]

439
data/services/uptime-robot.yaml
View File

@@ -2,223 +2,222 @@
user_agent_regex: UptimeRobot user_agent_regex: UptimeRobot
action: ALLOW action: ALLOW
# https://api.uptimerobot.com/meta/ips # https://api.uptimerobot.com/meta/ips
remote_addresses: remote_addresses: [
[ "3.12.251.153/32",
"3.12.251.153/32", "3.20.63.178/32",
"3.20.63.178/32", "3.77.67.4/32",
"3.77.67.4/32", "3.79.134.69/32",
"3.79.134.69/32", "3.105.133.239/32",
"3.105.133.239/32", "3.105.190.221/32",
"3.105.190.221/32", "3.133.226.214/32",
"3.133.226.214/32", "3.149.57.90/32",
"3.149.57.90/32", "3.212.128.62/32",
"3.212.128.62/32", "5.161.61.238/32",
"5.161.61.238/32", "5.161.73.160/32",
"5.161.73.160/32", "5.161.75.7/32",
"5.161.75.7/32", "5.161.113.195/32",
"5.161.113.195/32", "5.161.117.52/32",
"5.161.117.52/32", "5.161.177.47/32",
"5.161.177.47/32", "5.161.194.92/32",
"5.161.194.92/32", "5.161.215.244/32",
"5.161.215.244/32", "5.223.43.32/32",
"5.223.43.32/32", "5.223.53.147/32",
"5.223.53.147/32", "5.223.57.22/32",
"5.223.57.22/32", "18.116.205.62/32",
"18.116.205.62/32", "18.180.208.214/32",
"18.180.208.214/32", "18.192.166.72/32",
"18.192.166.72/32", "18.193.252.127/32",
"18.193.252.127/32", "24.144.78.39/32",
"24.144.78.39/32", "24.144.78.185/32",
"24.144.78.185/32", "34.198.201.66/32",
"34.198.201.66/32", "45.55.123.175/32",
"45.55.123.175/32", "45.55.127.146/32",
"45.55.127.146/32", "49.13.24.81/32",
"49.13.24.81/32", "49.13.130.29/32",
"49.13.130.29/32", "49.13.134.145/32",
"49.13.134.145/32", "49.13.164.148/32",
"49.13.164.148/32", "49.13.167.123/32",
"49.13.167.123/32", "52.15.147.27/32",
"52.15.147.27/32", "52.22.236.30/32",
"52.22.236.30/32", "52.28.162.93/32",
"52.28.162.93/32", "52.59.43.236/32",
"52.59.43.236/32", "52.87.72.16/32",
"52.87.72.16/32", "54.64.67.106/32",
"54.64.67.106/32", "54.79.28.129/32",
"54.79.28.129/32", "54.87.112.51/32",
"54.87.112.51/32", "54.167.223.174/32",
"54.167.223.174/32", "54.249.170.27/32",
"54.249.170.27/32", "63.178.84.147/32",
"63.178.84.147/32", "64.225.81.248/32",
"64.225.81.248/32", "64.225.82.147/32",
"64.225.82.147/32", "69.162.124.227/32",
"69.162.124.227/32", "69.162.124.235/32",
"69.162.124.235/32", "69.162.124.238/32",
"69.162.124.238/32", "78.46.190.63/32",
"78.46.190.63/32", "78.46.215.1/32",
"78.46.215.1/32", "78.47.98.55/32",
"78.47.98.55/32", "78.47.173.76/32",
"78.47.173.76/32", "88.99.80.227/32",
"88.99.80.227/32", "91.99.101.207/32",
"91.99.101.207/32", "128.140.41.193/32",
"128.140.41.193/32", "128.140.106.114/32",
"128.140.106.114/32", "129.212.132.140/32",
"129.212.132.140/32", "134.199.240.137/32",
"134.199.240.137/32", "138.197.53.117/32",
"138.197.53.117/32", "138.197.53.138/32",
"138.197.53.138/32", "138.197.54.143/32",
"138.197.54.143/32", "138.197.54.247/32",
"138.197.54.247/32", "138.197.63.92/32",
"138.197.63.92/32", "139.59.50.44/32",
"139.59.50.44/32", "142.132.180.39/32",
"142.132.180.39/32", "143.198.249.237/32",
"143.198.249.237/32", "143.198.250.89/32",
"143.198.250.89/32", "143.244.196.21/32",
"143.244.196.21/32", "143.244.196.211/32",
"143.244.196.211/32", "143.244.221.177/32",
"143.244.221.177/32", "144.126.251.21/32",
"144.126.251.21/32", "146.190.9.187/32",
"146.190.9.187/32", "152.42.149.135/32",
"152.42.149.135/32", "157.90.155.240/32",
"157.90.155.240/32", "157.90.156.63/32",
"157.90.156.63/32", "159.69.158.189/32",
"159.69.158.189/32", "159.223.243.219/32",
"159.223.243.219/32", "161.35.247.201/32",
"161.35.247.201/32", "167.99.18.52/32",
"167.99.18.52/32", "167.235.143.113/32",
"167.235.143.113/32", "168.119.53.160/32",
"168.119.53.160/32", "168.119.96.239/32",
"168.119.96.239/32", "168.119.123.75/32",
"168.119.123.75/32", "170.64.250.64/32",
"170.64.250.64/32", "170.64.250.132/32",
"170.64.250.132/32", "170.64.250.235/32",
"170.64.250.235/32", "178.156.181.172/32",
"178.156.181.172/32", "178.156.184.20/32",
"178.156.184.20/32", "178.156.185.127/32",
"178.156.185.127/32", "178.156.185.231/32",
"178.156.185.231/32", "178.156.187.238/32",
"178.156.187.238/32", "178.156.189.113/32",
"178.156.189.113/32", "178.156.189.249/32",
"178.156.189.249/32", "188.166.201.79/32",
"188.166.201.79/32", "206.189.241.133/32",
"206.189.241.133/32", "209.38.49.1/32",
"209.38.49.1/32", "209.38.49.206/32",
"209.38.49.206/32", "209.38.49.226/32",
"209.38.49.226/32", "209.38.51.43/32",
"209.38.51.43/32", "209.38.53.7/32",
"209.38.53.7/32", "209.38.124.252/32",
"209.38.124.252/32", "216.144.248.18/31",
"216.144.248.18/31", "216.144.248.21/32",
"216.144.248.21/32", "216.144.248.22/31",
"216.144.248.22/31", "216.144.248.24/30",
"216.144.248.24/30", "216.144.248.28/31",
"216.144.248.28/31", "216.144.248.30/32",
"216.144.248.30/32", "216.245.221.83/32",
"216.245.221.83/32", "2400:6180:10:200::56a0:b000/128",
"2400:6180:10:200::56a0:b000/128", "2400:6180:10:200::56a0:c000/128",
"2400:6180:10:200::56a0:c000/128", "2400:6180:10:200::56a0:e000/128",
"2400:6180:10:200::56a0:e000/128", "2400:6180:100:d0::94b6:4001/128",
"2400:6180:100:d0::94b6:4001/128", "2400:6180:100:d0::94b6:5001/128",
"2400:6180:100:d0::94b6:5001/128", "2400:6180:100:d0::94b6:7001/128",
"2400:6180:100:d0::94b6:7001/128", "2406:da14:94d:8601:9d0d:7754:bedf:e4f5/128",
"2406:da14:94d:8601:9d0d:7754:bedf:e4f5/128", "2406:da14:94d:8601:b325:ff58:2bba:7934/128",
"2406:da14:94d:8601:b325:ff58:2bba:7934/128", "2406:da14:94d:8601:db4b:c5ac:2cbe:9a79/128",
"2406:da14:94d:8601:db4b:c5ac:2cbe:9a79/128", "2406:da1c:9c8:dc02:7ae1:f2ea:ab91:2fde/128",
"2406:da1c:9c8:dc02:7ae1:f2ea:ab91:2fde/128", "2406:da1c:9c8:dc02:7db9:f38b:7b9f:402e/128",
"2406:da1c:9c8:dc02:7db9:f38b:7b9f:402e/128", "2406:da1c:9c8:dc02:82b2:f0fd:ee96:579/128",
"2406:da1c:9c8:dc02:82b2:f0fd:ee96:579/128", "2600:1f16:775:3a00:ac3:c5eb:7081:942e/128",
"2600:1f16:775:3a00:ac3:c5eb:7081:942e/128", "2600:1f16:775:3a00:37bf:6026:e54a:f03a/128",
"2600:1f16:775:3a00:37bf:6026:e54a:f03a/128", "2600:1f16:775:3a00:3f24:5bb0:95d7:5a6b/128",
"2600:1f16:775:3a00:3f24:5bb0:95d7:5a6b/128", "2600:1f16:775:3a00:8c2c:2ba6:778f:5be5/128",
"2600:1f16:775:3a00:8c2c:2ba6:778f:5be5/128", "2600:1f16:775:3a00:91ac:3120:ff38:92b5/128",
"2600:1f16:775:3a00:91ac:3120:ff38:92b5/128", "2600:1f16:775:3a00:dbbe:36b0:3c45:da32/128",
"2600:1f16:775:3a00:dbbe:36b0:3c45:da32/128", "2600:1f18:179:f900:71:af9a:ade7:d772/128",
"2600:1f18:179:f900:71:af9a:ade7:d772/128", "2600:1f18:179:f900:2406:9399:4ae6:c5d3/128",
"2600:1f18:179:f900:2406:9399:4ae6:c5d3/128", "2600:1f18:179:f900:4696:7729:7bb3:f52f/128",
"2600:1f18:179:f900:4696:7729:7bb3:f52f/128", "2600:1f18:179:f900:4b7d:d1cc:2d10:211/128",
"2600:1f18:179:f900:4b7d:d1cc:2d10:211/128", "2600:1f18:179:f900:5c68:91b6:5d75:5d7/128",
"2600:1f18:179:f900:5c68:91b6:5d75:5d7/128", "2600:1f18:179:f900:e8dd:eed1:a6c:183b/128",
"2600:1f18:179:f900:e8dd:eed1:a6c:183b/128", "2604:a880:800:14:0:1:68ba:d000/128",
"2604:a880:800:14:0:1:68ba:d000/128", "2604:a880:800:14:0:1:68ba:e000/128",
"2604:a880:800:14:0:1:68ba:e000/128", "2604:a880:800:14:0:1:68bb:0/128",
"2604:a880:800:14:0:1:68bb:0/128", "2604:a880:800:14:0:1:68bb:1000/128",
"2604:a880:800:14:0:1:68bb:1000/128", "2604:a880:800:14:0:1:68bb:3000/128",
"2604:a880:800:14:0:1:68bb:3000/128", "2604:a880:800:14:0:1:68bb:4000/128",
"2604:a880:800:14:0:1:68bb:4000/128", "2604:a880:800:14:0:1:68bb:5000/128",
"2604:a880:800:14:0:1:68bb:5000/128", "2604:a880:800:14:0:1:68bb:6000/128",
"2604:a880:800:14:0:1:68bb:6000/128", "2604:a880:800:14:0:1:68bb:7000/128",
"2604:a880:800:14:0:1:68bb:7000/128", "2604:a880:800:14:0:1:68bb:a000/128",
"2604:a880:800:14:0:1:68bb:a000/128", "2604:a880:800:14:0:1:68bb:b000/128",
"2604:a880:800:14:0:1:68bb:b000/128", "2604:a880:800:14:0:1:68bb:c000/128",
"2604:a880:800:14:0:1:68bb:c000/128", "2604:a880:800:14:0:1:68bb:d000/128",
"2604:a880:800:14:0:1:68bb:d000/128", "2604:a880:800:14:0:1:68bb:e000/128",
"2604:a880:800:14:0:1:68bb:e000/128", "2604:a880:800:14:0:1:68bb:f000/128",
"2604:a880:800:14:0:1:68bb:f000/128", "2607:ff68:107::4/128",
"2607:ff68:107::4/128", "2607:ff68:107::14/128",
"2607:ff68:107::14/128", "2607:ff68:107::33/128",
"2607:ff68:107::33/128", "2607:ff68:107::48/127",
"2607:ff68:107::48/127", "2607:ff68:107::50/125",
"2607:ff68:107::50/125", "2607:ff68:107::58/127",
"2607:ff68:107::58/127", "2607:ff68:107::60/128",
"2607:ff68:107::60/128", "2a01:4f8:c0c:83fa::1/128",
"2a01:4f8:c0c:83fa::1/128", "2a01:4f8:c17:42e4::1/128",
"2a01:4f8:c17:42e4::1/128", "2a01:4f8:c2c:9fc6::1/128",
"2a01:4f8:c2c:9fc6::1/128", "2a01:4f8:c2c:beae::1/128",
"2a01:4f8:c2c:beae::1/128", "2a01:4f8:1c1a:3d53::1/128",
"2a01:4f8:1c1a:3d53::1/128", "2a01:4f8:1c1b:4ef4::1/128",
"2a01:4f8:1c1b:4ef4::1/128", "2a01:4f8:1c1b:5b5a::1/128",
"2a01:4f8:1c1b:5b5a::1/128", "2a01:4f8:1c1b:7ecc::1/128",
"2a01:4f8:1c1b:7ecc::1/128", "2a01:4f8:1c1c:11aa::1/128",
"2a01:4f8:1c1c:11aa::1/128", "2a01:4f8:1c1c:5353::1/128",
"2a01:4f8:1c1c:5353::1/128", "2a01:4f8:1c1c:7240::1/128",
"2a01:4f8:1c1c:7240::1/128", "2a01:4f8:1c1c:a98a::1/128",
"2a01:4f8:1c1c:a98a::1/128", "2a01:4f8:c012:c60e::1/128",
"2a01:4f8:c012:c60e::1/128", "2a01:4f8:c013:c18::1/128",
"2a01:4f8:c013:c18::1/128", "2a01:4f8:c013:34c0::1/128",
"2a01:4f8:c013:34c0::1/128", "2a01:4f8:c013:3b0f::1/128",
"2a01:4f8:c013:3b0f::1/128", "2a01:4f8:c013:3c52::1/128",
"2a01:4f8:c013:3c52::1/128", "2a01:4f8:c013:3c53::1/128",
"2a01:4f8:c013:3c53::1/128", "2a01:4f8:c013:3c54::1/128",
"2a01:4f8:c013:3c54::1/128", "2a01:4f8:c013:3c55::1/128",
"2a01:4f8:c013:3c55::1/128", "2a01:4f8:c013:3c56::1/128",
"2a01:4f8:c013:3c56::1/128", "2a01:4ff:f0:bfd::1/128",
"2a01:4ff:f0:bfd::1/128", "2a01:4ff:f0:2219::1/128",
"2a01:4ff:f0:2219::1/128", "2a01:4ff:f0:3e03::1/128",
"2a01:4ff:f0:3e03::1/128", "2a01:4ff:f0:5f80::1/128",
"2a01:4ff:f0:5f80::1/128", "2a01:4ff:f0:7fad::1/128",
"2a01:4ff:f0:7fad::1/128", "2a01:4ff:f0:9c5f::1/128",
"2a01:4ff:f0:9c5f::1/128", "2a01:4ff:f0:b2f2::1/128",
"2a01:4ff:f0:b2f2::1/128", "2a01:4ff:f0:b6f1::1/128",
"2a01:4ff:f0:b6f1::1/128", "2a01:4ff:f0:d283::1/128",
"2a01:4ff:f0:d283::1/128", "2a01:4ff:f0:d3cd::1/128",
"2a01:4ff:f0:d3cd::1/128", "2a01:4ff:f0:e516::1/128",
"2a01:4ff:f0:e516::1/128", "2a01:4ff:f0:e9cf::1/128",
"2a01:4ff:f0:e9cf::1/128", "2a01:4ff:f0:eccb::1/128",
"2a01:4ff:f0:eccb::1/128", "2a01:4ff:f0:efd1::1/128",
"2a01:4ff:f0:efd1::1/128", "2a01:4ff:f0:fdc7::1/128",
"2a01:4ff:f0:fdc7::1/128", "2a01:4ff:2f0:193c::1/128",
"2a01:4ff:2f0:193c::1/128", "2a01:4ff:2f0:27de::1/128",
"2a01:4ff:2f0:27de::1/128", "2a01:4ff:2f0:3b3a::1/128",
"2a01:4ff:2f0:3b3a::1/128", "2a03:b0c0:2:f0::bd91:f001/128",
"2a03:b0c0:2:f0::bd91:f001/128", "2a03:b0c0:2:f0::bd92:1/128",
"2a03:b0c0:2:f0::bd92:1/128", "2a03:b0c0:2:f0::bd92:1001/128",
"2a03:b0c0:2:f0::bd92:1001/128", "2a03:b0c0:2:f0::bd92:2001/128",
"2a03:b0c0:2:f0::bd92:2001/128", "2a03:b0c0:2:f0::bd92:4001/128",
"2a03:b0c0:2:f0::bd92:4001/128", "2a03:b0c0:2:f0::bd92:5001/128",
"2a03:b0c0:2:f0::bd92:5001/128", "2a03:b0c0:2:f0::bd92:6001/128",
"2a03:b0c0:2:f0::bd92:6001/128", "2a03:b0c0:2:f0::bd92:7001/128",
"2a03:b0c0:2:f0::bd92:7001/128", "2a03:b0c0:2:f0::bd92:8001/128",
"2a03:b0c0:2:f0::bd92:8001/128", "2a03:b0c0:2:f0::bd92:9001/128",
"2a03:b0c0:2:f0::bd92:9001/128", "2a03:b0c0:2:f0::bd92:a001/128",
"2a03:b0c0:2:f0::bd92:a001/128", "2a03:b0c0:2:f0::bd92:b001/128",
"2a03:b0c0:2:f0::bd92:b001/128", "2a03:b0c0:2:f0::bd92:c001/128",
"2a03:b0c0:2:f0::bd92:c001/128", "2a03:b0c0:2:f0::bd92:e001/128",
"2a03:b0c0:2:f0::bd92:e001/128", "2a03:b0c0:2:f0::bd92:f001/128",
"2a03:b0c0:2:f0::bd92:f001/128", "2a05:d014:1815:3400:6d:9235:c1c0:96ad/128",
"2a05:d014:1815:3400:6d:9235:c1c0:96ad/128", "2a05:d014:1815:3400:654f:bd37:724c:212b/128",
"2a05:d014:1815:3400:654f:bd37:724c:212b/128", "2a05:d014:1815:3400:90b4:4ef9:5631:b170/128",
"2a05:d014:1815:3400:90b4:4ef9:5631:b170/128", "2a05:d014:1815:3400:9779:d8e9:100a:9642/128",
"2a05:d014:1815:3400:9779:d8e9:100a:9642/128", "2a05:d014:1815:3400:af29:e95e:64ff:df81/128",
"2a05:d014:1815:3400:af29:e95e:64ff:df81/128", "2a05:d014:1815:3400:c7d6:f7f3:6cc1:30d1/128",
"2a05:d014:1815:3400:c7d6:f7f3:6cc1:30d1/128", "2a05:d014:1815:3400:d784:e5dd:8e0:67cb/128",
"2a05:d014:1815:3400:d784:e5dd:8e0:67cb/128", ]
]

2
decaymap/decaymap.go
View File

@@ -146,7 +146,7 @@ func (m *Impl[K, V]) Close() {
func (m *Impl[K, V]) cleanupWorker() { func (m *Impl[K, V]) cleanupWorker() {
defer m.wg.Done() defer m.wg.Done()
batch := make([]deleteReq[K], 0, 64) batch := make([]deleteReq[K], 0, 64)
ticker := time.NewTicker(500 * time.Millisecond) ticker := time.NewTicker(10 * time.Millisecond)
defer ticker.Stop() defer ticker.Stop()
flush := func() { flush := func() {

2
decaymap/decaymap_test.go
View File

@@ -32,7 +32,7 @@ func TestImpl(t *testing.T) {
// Deletion of expired entries after Get is deferred to a background worker. // Deletion of expired entries after Get is deferred to a background worker.
// Assert it eventually disappears from the map. // Assert it eventually disappears from the map.
deadline := time.Now().Add(700 * time.Millisecond) deadline := time.Now().Add(200 * time.Millisecond)
for time.Now().Before(deadline) { for time.Now().Before(deadline) {
if dm.Len() == 0 { if dm.Len() == 0 {
break break

2
docs/blog/2025-06-27-release-1.20.0/index.mdx
View File

@@ -226,7 +226,7 @@ So far Anubis supports the following languages:
- English (Simplified and Traditional) - English (Simplified and Traditional)
- French - French
- Portuguese (Brazil) - Portugese (Brazil)
- Spanish - Spanish
If you want to contribute translations, please [file an issue](https://github.com/TecharoHQ/anubis/issues/new) with your language of choice or submit a pull request to [the `lib/localization/locales` folder](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). We are about to introduce features to the translation stack, so you may want to hold off a hot minute, but we welcome any and all contributions to making Anubis useful to a global audience. If you want to contribute translations, please [file an issue](https://github.com/TecharoHQ/anubis/issues/new) with your language of choice or submit a pull request to [the `lib/localization/locales` folder](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). We are about to introduce features to the translation stack, so you may want to hold off a hot minute, but we welcome any and all contributions to making Anubis useful to a global audience.

2
docs/blog/2025-07-22-release-1.21.1/index.mdx
View File

@@ -69,7 +69,7 @@ I am waiting to hear back from NLNet on if Anubis was selected for funding or no
Anubis now supports localized responses. Locales can be added in [lib/localization/locales/](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). This release includes support for the following languages: Anubis now supports localized responses. Locales can be added in [lib/localization/locales/](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). This release includes support for the following languages:
- [Brazilian Portuguese](https://github.com/TecharoHQ/anubis/pull/726) - [Brazilian Portugese](https://github.com/TecharoHQ/anubis/pull/726)
- [Chinese (Simplified)](https://github.com/TecharoHQ/anubis/pull/774) - [Chinese (Simplified)](https://github.com/TecharoHQ/anubis/pull/774)
- [Chinese (Traditional)](https://github.com/TecharoHQ/anubis/pull/759) - [Chinese (Traditional)](https://github.com/TecharoHQ/anubis/pull/759)
- [Czech](https://github.com/TecharoHQ/anubis/pull/849) - [Czech](https://github.com/TecharoHQ/anubis/pull/849)

150
docs/blog/2025-08-28-cpu-core-odd/ProofOfWorkDiagram/index.jsx
View File

@@ -1,16 +1,14 @@
import React, { useState, useEffect, useMemo } from "react"; import React, { useState, useEffect, useMemo } from 'react';
import styles from "./styles.module.css"; import styles from './styles.module.css';
// A helper function to perform SHA-256 hashing. // A helper function to perform SHA-256 hashing.
// It takes a string, encodes it, hashes it, and returns a hex string. // It takes a string, encodes it, hashes it, and returns a hex string.
async function sha256(message) { async function sha256(message) {
try { try {
const msgBuffer = new TextEncoder().encode(message); const msgBuffer = new TextEncoder().encode(message);
const hashBuffer = await crypto.subtle.digest("SHA-256", msgBuffer); const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);
const hashArray = Array.from(new Uint8Array(hashBuffer)); const hashArray = Array.from(new Uint8Array(hashBuffer));
const hashHex = hashArray const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
.map((b) => b.toString(16).padStart(2, "0"))
.join("");
return hashHex; return hashHex;
} catch (error) { } catch (error) {
console.error("Hashing failed:", error); console.error("Hashing failed:", error);
@@ -23,42 +21,21 @@ const generateRandomHex = (bytes = 16) => {
const buffer = new Uint8Array(bytes); const buffer = new Uint8Array(bytes);
crypto.getRandomValues(buffer); crypto.getRandomValues(buffer);
return Array.from(buffer) return Array.from(buffer)
.map((byte) => byte.toString(16).padStart(2, "0")) .map(byte => byte.toString(16).padStart(2, '0'))
.join(""); .join('');
}; };
// Icon components for better visual feedback // Icon components for better visual feedback
const CheckIcon = () => ( const CheckIcon = () => (
<svg <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconGreen} fill="none" viewBox="0 0 24 24" stroke="currentColor">
xmlns="http://www.w3.org/2000/svg" <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z" />
className={styles.iconGreen}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z"
/>
</svg> </svg>
); );
const XCircleIcon = () => ( const XCircleIcon = () => (
<svg <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconRed} fill="none" viewBox="0 0 24 24" stroke="currentColor">
xmlns="http://www.w3.org/2000/svg" <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z" />
className={styles.iconRed}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z"
/>
</svg> </svg>
); );
@@ -69,7 +46,7 @@ export default function App() {
// State for the nonce, which is the variable we can change // State for the nonce, which is the variable we can change
const [nonce, setNonce] = useState(0); const [nonce, setNonce] = useState(0);
// State to store the resulting hash // State to store the resulting hash
const [hash, setHash] = useState(""); const [hash, setHash] = useState('');
// A flag to indicate if the current hash is the "winning" one // A flag to indicate if the current hash is the "winning" one
const [isMining, setIsMining] = useState(false); const [isMining, setIsMining] = useState(false);
const [isFound, setIsFound] = useState(false); const [isFound, setIsFound] = useState(false);
@@ -78,10 +55,7 @@ export default function App() {
const difficulty = "00"; const difficulty = "00";
// Memoize the combined data to avoid recalculating on every render // Memoize the combined data to avoid recalculating on every render
const combinedData = useMemo( const combinedData = useMemo(() => `${challenge}${nonce}`, [challenge, nonce]);
() => `${challenge}${nonce}`,
[challenge, nonce],
);
// This effect hook recalculates the hash whenever the combinedData changes. // This effect hook recalculates the hash whenever the combinedData changes.
useEffect(() => { useEffect(() => {
@@ -94,9 +68,7 @@ export default function App() {
} }
}; };
calculateHash(); calculateHash();
return () => { return () => { isMounted = false; };
isMounted = false;
};
}, [combinedData, difficulty]); }, [combinedData, difficulty]);
// This effect handles the automatic mining process // This effect handles the automatic mining process
@@ -121,7 +93,7 @@ export default function App() {
// Update the UI periodically to avoid freezing the browser // Update the UI periodically to avoid freezing the browser
if (miningNonce % 100 === 0) { if (miningNonce % 100 === 0) {
setNonce(miningNonce); setNonce(miningNonce);
await new Promise((resolve) => setTimeout(resolve, 0)); // Yield to the browser await new Promise(resolve => setTimeout(resolve, 0)); // Yield to the browser
} }
} }
}; };
@@ -130,27 +102,28 @@ export default function App() {
return () => { return () => {
continueMining = false; continueMining = false;
}; }
}, [isMining, challenge, nonce, difficulty]); }, [isMining, challenge, nonce, difficulty]);
const handleMineClick = () => { const handleMineClick = () => {
setIsMining(true); setIsMining(true);
}; }
const handleStopClick = () => { const handleStopClick = () => {
setIsMining(false); setIsMining(false);
}; }
const handleResetClick = () => { const handleResetClick = () => {
setIsMining(false); setIsMining(false);
setNonce(0); setNonce(0);
}; }
const handleNewChallengeClick = () => { const handleNewChallengeClick = () => {
setIsMining(false); setIsMining(false);
setChallenge(generateRandomHex(16)); setChallenge(generateRandomHex(16));
setNonce(0); setNonce(0);
}; }
// Helper to render the hash with colored leading characters // Helper to render the hash with colored leading characters
const renderHash = () => { const renderHash = () => {
@@ -180,46 +153,12 @@ export default function App() {
<div className={styles.block}> <div className={styles.block}>
<h2 className={styles.blockTitle}>2. Nonce</h2> <h2 className={styles.blockTitle}>2. Nonce</h2>
<div className={styles.nonceControls}> <div className={styles.nonceControls}>
<button <button onClick={() => setNonce(n => n - 1)} disabled={isMining} className={styles.nonceButton}>
onClick={() => setNonce((n) => n - 1)} <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconSmall} fill="none" viewBox="0 0 24 24" stroke="currentColor"><path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M20 12H4" /></svg>
disabled={isMining}
className={styles.nonceButton}
>
<svg
xmlns="http://www.w3.org/2000/svg"
className={styles.iconSmall}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M20 12H4"
/>
</svg>
</button> </button>
<span className={styles.nonceValue}>{nonce}</span> <span className={styles.nonceValue}>{nonce}</span>
<button <button onClick={() => setNonce(n => n + 1)} disabled={isMining} className={styles.nonceButton}>
onClick={() => setNonce((n) => n + 1)} <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconSmall} fill="none" viewBox="0 0 24 24" stroke="currentColor"><path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 4v16m8-8H4" /></svg>
disabled={isMining}
className={styles.nonceButton}
>
<svg
xmlns="http://www.w3.org/2000/svg"
className={styles.iconSmall}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M12 4v16m8-8H4"
/>
</svg>
</button> </button>
</div> </div>
</div> </div>
@@ -233,26 +172,13 @@ export default function App() {
{/* Arrow pointing down */} {/* Arrow pointing down */}
<div className={styles.arrowContainer}> <div className={styles.arrowContainer}>
<svg <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconGray} fill="none" viewBox="0 0 24 24" stroke="currentColor">
xmlns="http://www.w3.org/2000/svg" <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 14l-7 7m0 0l-7-7m7 7V3" />
className={styles.iconGray}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M19 14l-7 7m0 0l-7-7m7 7V3"
/>
</svg> </svg>
</div> </div>
{/* Hash Output Block */} {/* Hash Output Block */}
<div <div className={`${styles.hashContainer} ${isFound ? styles.hashContainerSuccess : styles.hashContainerError}`}>
className={`${styles.hashContainer} ${isFound ? styles.hashContainerSuccess : styles.hashContainerError}`}
>
<div className={styles.hashContent}> <div className={styles.hashContent}>
<div className={styles.hashText}> <div className={styles.hashText}>
<h2 className={styles.blockTitle}>4. Resulting Hash (SHA-256)</h2> <h2 className={styles.blockTitle}>4. Resulting Hash (SHA-256)</h2>
@@ -267,30 +193,18 @@ export default function App() {
{/* Mining Controls */} {/* Mining Controls */}
<div className={styles.buttonContainer}> <div className={styles.buttonContainer}>
{!isMining ? ( {!isMining ? (
<button <button onClick={handleMineClick} className={`${styles.button} ${styles.buttonCyan}`}>
onClick={handleMineClick}
className={`${styles.button} ${styles.buttonCyan}`}
>
Auto-Mine Auto-Mine
</button> </button>
) : ( ) : (
<button <button onClick={handleStopClick} className={`${styles.button} ${styles.buttonYellow}`}>
onClick={handleStopClick}
className={`${styles.button} ${styles.buttonYellow}`}
>
Stop Mining Stop Mining
</button> </button>
)} )}
<button <button onClick={handleNewChallengeClick} className={`${styles.button} ${styles.buttonIndigo}`}>
onClick={handleNewChallengeClick}
className={`${styles.button} ${styles.buttonIndigo}`}
>
New Challenge New Challenge
</button> </button>
<button <button onClick={handleResetClick} className={`${styles.button} ${styles.buttonGray}`}>
onClick={handleResetClick}
className={`${styles.button} ${styles.buttonGray}`}
>
Reset Nonce Reset Nonce
</button> </button>
</div> </div>

8
docs/blog/2025-08-28-cpu-core-odd/ProofOfWorkDiagram/styles.module.css
View File

@@ -48,9 +48,7 @@
background-color: rgb(31 41 55); background-color: rgb(31 41 55);
padding: 1.5rem; padding: 1.5rem;
border-radius: 0.5rem; border-radius: 0.5rem;
box-shadow: box-shadow: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
0 10px 15px -3px rgb(0 0 0 / 0.1),
0 4px 6px -4px rgb(0 0 0 / 0.1);
height: 100%; height: 100%;
display: flex; display: flex;
flex-direction: column; flex-direction: column;
@@ -160,9 +158,7 @@
.hashContainer { .hashContainer {
padding: 1.5rem; padding: 1.5rem;
border-radius: 0.5rem; border-radius: 0.5rem;
box-shadow: box-shadow: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
0 10px 15px -3px rgb(0 0 0 / 0.1),
0 4px 6px -4px rgb(0 0 0 / 0.1);
transition: all 300ms; transition: all 300ms;
border: 2px solid; border: 2px solid;
} }

21
docs/docs/CHANGELOG.md
View File

@@ -11,17 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
- Add iplist2rule tool that lets admins turn an IP address blocklist into an Anubis ruleset.
- Add Polish locale ([#1292](https://github.com/TecharoHQ/anubis/pull/1309))
- Fix honeypot and imprint links missing `BASE_PREFIX` when deployed behind a path prefix ([#1402](https://github.com/TecharoHQ/anubis/issues/1402))
- Improve idle performance in memory storage
<!-- This changes the project to: --> <!-- This changes the project to: -->
## v1.24.0: Y'shtola Rhul
Anubis is back and better than ever! Lots of minor fixes with some big ones interspersed.
- Fix panic when validating challenges after privacy-mode browsers strip headers and the follow-up request matches an `ALLOW` threshold. - Fix panic when validating challenges after privacy-mode browsers strip headers and the follow-up request matches an `ALLOW` threshold.
- Expose WEIGHT rule matches as Prometheus metrics. - Expose WEIGHT rule matches as Prometheus metrics.
- Allow more OCI registry clients [based on feedback](https://github.com/TecharoHQ/anubis/pull/1253#issuecomment-3506744184). - Allow more OCI registry clients [based on feedback](https://github.com/TecharoHQ/anubis/pull/1253#issuecomment-3506744184).
@@ -32,14 +23,6 @@ Anubis is back and better than ever! Lots of minor fixes with some big ones inte
- Add support to simple Valkey/Redis cluster mode - Add support to simple Valkey/Redis cluster mode
- Open Graph passthrough now reuses the configured target Host/SNI/TLS settings, so metadata fetches succeed when the upstream certificate differs from the public domain. ([1283](https://github.com/TecharoHQ/anubis/pull/1283)) - Open Graph passthrough now reuses the configured target Host/SNI/TLS settings, so metadata fetches succeed when the upstream certificate differs from the public domain. ([1283](https://github.com/TecharoHQ/anubis/pull/1283))
- Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures. - Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures.
- Refine the check that ensures the presence of the Accept header to avoid breaking docker clients.
- Removed rules intended to reward actual browsers due to abuse in the wild.
### Dataset poisoning
Anubis has the ability to engage in [dataset poisoning attacks](https://www.anthropic.com/research/small-samples-poison) using the [dataset poisoning subsystem](./admin/honeypot/overview.mdx). This allows every Anubis instance to be a honeypot to attract and flag abusive scrapers so that no administrator action is required to ban them.
There is much more information about this feature in [the dataset poisoning subsystem documentation](./admin/honeypot/overview.mdx). Administrators that are interested in learning how this feature works should consult that documentation.
### Deprecate `report_as` in challenge configuration ### Deprecate `report_as` in challenge configuration
@@ -108,22 +91,20 @@ Additionally, information about [how Anubis uses each logging level](./admin/pol
- DNS cache and other optimizations to minimize unnecessary DNS queries. - DNS cache and other optimizations to minimize unnecessary DNS queries.
The DNS cache TTL can be changed in the bots config like this: The DNS cache TTL can be changed in the bots config like this:
```yaml ```yaml
dns_ttl: dns_ttl:
forward: 600 forward: 600
reverse: 600 reverse: 600
``` ```
The default value for both forward and reverse queries is 300 seconds. The default value for both forward and reverse queries is 300 seconds.
The `verifyFCrDNS` CEL function has two overloads: The `verifyFCrDNS` CEL function has two overloads:
- `(addr)` - `(addr)`
Simply verifies that the remote side has PTR records pointing to the target address. Simply verifies that the remote side has PTR records pointing to the target address.
- `(addr, ptrPattern)` - `(addr, ptrPattern)`
Verifies that the remote side refers to a specific domain and that this domain points to the target IP. Verifies that the remote side refers to a specific domain and that this domain points to the target IP.
## v1.23.1: Lyse Hext - Echo 1 ## v1.23.1: Lyse Hext - Echo 1
- Fix `SERVE_ROBOTS_TXT` setting after the double slash fix broke it. - Fix `SERVE_ROBOTS_TXT` setting after the double slash fix broke it.

2
docs/docs/admin/_category_.json
View File

@@ -5,4 +5,4 @@
"type": "generated-index", "type": "generated-index",
"description": "Tradeoffs and considerations you may want to keep in mind when using Anubis." "description": "Tradeoffs and considerations you may want to keep in mind when using Anubis."
} }
} }

7
docs/docs/admin/botstopper.mdx
View File

@@ -51,8 +51,9 @@ If you are using Kubernetes, you will need to create an image pull secret:
kubectl create secret docker-registry \ kubectl create secret docker-registry \
techarohq-botstopper \ techarohq-botstopper \
--docker-server ghcr.io \ --docker-server ghcr.io \
--docker-username any-username \ --docker-username your-username \
--docker-password <your-access-token> \ --docker-password your-access-token \
--docker-email your@email.address
``` ```
Then attach it to your Deployment: Then attach it to your Deployment:
@@ -84,7 +85,7 @@ Follow [the upstream Docker compose directions](https://anubis.techaro.lol/docs/
OG_EXPIRY_TIME: "24h" OG_EXPIRY_TIME: "24h"
+ # botstopper config here + # botstopper config here
+ CHALLENGE_TITLE: "Doing math for your connection!" + CHALLENGE_TITLE: "Doing math for your connnection!"
+ ERROR_TITLE: "Something went wrong!" + ERROR_TITLE: "Something went wrong!"
+ OVERLAY_FOLDER: /assets + OVERLAY_FOLDER: /assets
+ volumes: + volumes:

2
docs/docs/admin/configuration/_category_.json
View File

@@ -5,4 +5,4 @@
"type": "generated-index", "type": "generated-index",
"description": "Detailed information about configuring parts of Anubis." "description": "Detailed information about configuring parts of Anubis."
} }
} }

2
docs/docs/admin/configuration/challenges/_category_.json
View File

@@ -2,4 +2,4 @@
"label": "Challenges", "label": "Challenges",
"position": 10, "position": 10,
"link": null "link": null
} }

26
docs/docs/admin/configuration/expressions.mdx
View File

@@ -243,16 +243,16 @@ function regexSafe(input: string): string;
`regexSafe` takes a string and escapes it for safe use inside of a regular expression. This is useful when you are creating regular expressions from headers or variables such as `remoteAddress`. `regexSafe` takes a string and escapes it for safe use inside of a regular expression. This is useful when you are creating regular expressions from headers or variables such as `remoteAddress`.
| Input | Output | | Input | Output |
| :------------------------- | :-------------- | | :------------------------ | :------------------------------ |
| `regexSafe("1.2.3.4")` | `1\\.2\\.3\\.4` | | `regexSafe("1.2.3.4")` | `1\\.2\\.3\\.4` |
| `regexSafe("techaro.lol")` | `techaro\\.lol` | | `regexSafe("techaro.lol")` | `techaro\\.lol` |
| `regexSafe("star*")` | `star\\*` | | `regexSafe("star*")` | `star\\*` |
| `regexSafe("plus+")` | `plus\\+` | | `regexSafe("plus+")` | `plus\\+` |
| `regexSafe("{braces}")` | `\\{braces\\}` | | `regexSafe("{braces}")` | `\\{braces\\}` |
| `regexSafe("start^")` | `start\\^` | | `regexSafe("start^")` | `start\\^` |
| `regexSafe("back\\slash")` | `back\\\\slash` | | `regexSafe("back\\slash")` | `back\\\\slash` |
| `regexSafe("dash-dash")` | `dash\\-dash` | | `regexSafe("dash-dash")` | `dash\\-dash` |
### `segments` ### `segments`
@@ -301,9 +301,9 @@ function arpaReverseIP(ip: string): string;
`arpaReverseIP` takes an IP address and returns its value in [ARPA notation](https://www.ietf.org/rfc/rfc2317.html). This can be useful when matching PTR record patterns. `arpaReverseIP` takes an IP address and returns its value in [ARPA notation](https://www.ietf.org/rfc/rfc2317.html). This can be useful when matching PTR record patterns.
| Input | Output | | Input | Output |
| :----------------------------- | :---------------------------------------------------------------- | | :----------------------------- | :------------------------------------------------------------------- |
| `arpaReverseIP("1.2.3.4")` | `4.3.2.1` | | `arpaReverseIP("1.2.3.4")` | `4.3.2.1` |
| `arpaReverseIP("2001:db8::1")` | `1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2` | | `arpaReverseIP("2001:db8::1")` | `1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2` |
#### `lookupHost` #### `lookupHost`

29
docs/docs/admin/configuration/import.mdx
View File

@@ -13,8 +13,6 @@ bots:
- # This correlates to data/bots/ai-catchall.yaml in the source tree - # This correlates to data/bots/ai-catchall.yaml in the source tree
import: (data)/bots/ai-catchall.yaml import: (data)/bots/ai-catchall.yaml
- import: (data)/bots/cloudflare-workers.yaml - import: (data)/bots/cloudflare-workers.yaml
# Import all the rules in the default configuration
- import: (data)/meta/default-config.yaml
``` ```
Of note, a bot rule can either have inline bot configuration or import a bot config snippet. You cannot do both in a single bot rule. Of note, a bot rule can either have inline bot configuration or import a bot config snippet. You cannot do both in a single bot rule.
@@ -37,33 +35,6 @@ config.BotOrImport: rule definition is invalid, you must set either bot rules or
Paths can either be prefixed with `(data)` to import from the [the data folder in the Anubis source tree](https://github.com/TecharoHQ/anubis/tree/main/data) or anywhere on the filesystem. If you don't have access to the Anubis source tree, check /usr/share/docs/anubis/data or in the tarball you extracted Anubis from. Paths can either be prefixed with `(data)` to import from the [the data folder in the Anubis source tree](https://github.com/TecharoHQ/anubis/tree/main/data) or anywhere on the filesystem. If you don't have access to the Anubis source tree, check /usr/share/docs/anubis/data or in the tarball you extracted Anubis from.
## Importing the default configuration
If you want to base your configuration off of the default configuration, import `(data)/meta/default-config.yaml`:
```yaml
bots:
- import: (data)/meta/default-config.yaml
# Write your rules here
```
This will keep your configuration up to date as Anubis adapts to emerging threats.
## How do I exempt most modern browsers from Anubis challenges?
If you want to exempt most modern browsers from Anubis challenges, import `(data)/common/acts-like-browser.yaml`:
```yaml
bots:
- import: (data)/meta/default-config.yaml
- import: (data)/common/acts-like-browser.yaml
# Write your rules here
```
These rules will allow traffic that "looks like" it's from a modern copy of Edge, Safari, Chrome, or Firefox. These rules used to be enabled by default, however user reports have suggested that AI scraper bots have adapted to conform to these rules to scrape without regard for the infrastructure they are attacking.
Use these rules at your own risk.
## Importing from imports ## Importing from imports
You can also import from an imported file in case you want to import an entire folder of rules at once. You can also import from an imported file in case you want to import an entire folder of rules at once.

2
docs/docs/admin/default-allow-behavior.mdx
View File

@@ -89,4 +89,4 @@ If you want to deny all traffic except what you explicitly allow, add a catch-al
- The implicit allow rule is always last and cannot be removed. - The implicit allow rule is always last and cannot be removed.
- Use your logs to monitor what traffic is being allowed by default. - Use your logs to monitor what traffic is being allowed by default.
See [Policy Definitions](./policies) for more details on writing rules. See [Policy Definitions](./policies) for more details on writing rules.

2
docs/docs/admin/environments/_category_.json
View File

@@ -5,4 +5,4 @@
"type": "generated-index", "type": "generated-index",
"description": "Detailed information about individual environments (such as HTTP servers, platforms, etc.) Anubis is known to work with." "description": "Detailed information about individual environments (such as HTTP servers, platforms, etc.) Anubis is known to work with."
} }
} }

2
docs/docs/admin/environments/kubernetes.mdx
View File

@@ -94,8 +94,10 @@ containers:
- ALL - ALL
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
``` ```
Then add a Service entry for Anubis: Then add a Service entry for Anubis:
```yaml ```yaml

117
docs/docs/admin/environments/nginx.mdx
View File

@@ -1,7 +1,5 @@
# Nginx # Nginx
import CodeBlock from "@theme/CodeBlock";
Anubis is intended to be a filter proxy. The way to integrate this with nginx is to break your configuration up into two parts: TLS termination and then HTTP routing. Consider this diagram: Anubis is intended to be a filter proxy. The way to integrate this with nginx is to break your configuration up into two parts: TLS termination and then HTTP routing. Consider this diagram:
```mermaid ```mermaid
@@ -38,26 +36,110 @@ These examples assume that you are using a setup where your nginx configuration
Assuming that we are protecting `anubistest.techaro.lol`, here's what the server configuration file would look like: Assuming that we are protecting `anubistest.techaro.lol`, here's what the server configuration file would look like:
import anubisTest from "!!raw-loader!./nginx/server-anubistest-techaro-lol.conf"; ```nginx
# /etc/nginx/conf.d/server-anubistest-techaro-lol.conf
<CodeBlock language="nginx">{anubisTest}</CodeBlock> # HTTP - Redirect all HTTP traffic to HTTPS
server {
listen 80;
listen [::]:80;
server_name anubistest.techaro.lol;
location / {
return 301 https://$host$request_uri;
}
}
# TLS termination server, this will listen over TLS (https) and then
# proxy all traffic to the target via Anubis.
server {
# Listen on TCP port 443 with TLS (https) and HTTP/2
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Http-Version $server_protocol;
proxy_pass http://anubis;
}
server_name anubistest.techaro.lol;
ssl_certificate /path/to/your/certs/anubistest.techaro.lol.crt;
ssl_certificate_key /path/to/your/certs/anubistest.techaro.lol.key;
}
# Backend server, this is where your webapp should actually live.
server {
listen unix:/run/nginx/nginx.sock;
server_name anubistest.techaro.lol;
root "/srv/http/anubistest.techaro.lol";
index index.html;
# Get the visiting IP from the TLS termination server
set_real_ip_from unix:;
real_ip_header X-Real-IP;
# Your normal configuration can go here
# location .php { fastcgi...} etc.
}
```
:::tip :::tip
You can copy the `location /` block into a separate file named something like `conf-anubis.inc` and then include it inline to other `server` blocks: You can copy the `location /` block into a separate file named something like `conf-anubis.inc` and then include it inline to other `server` blocks:
import anubisInclude from "!!raw-loader!./nginx/conf-anubis.inc"; ```nginx
# /etc/nginx/conf.d/conf-anubis.inc
<CodeBlock language="nginx">{anubisInclude}</CodeBlock> # Forward to anubis
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://anubis;
}
```
Then in a server block: Then in a server block:
<details> <details>
<summary>Full nginx config</summary> <summary>Full nginx config</summary>
import mimiTecharoLol from "!!raw-loader!./nginx/server-mimi-techaro-lol.conf"; ```nginx
# /etc/nginx/conf.d/server-mimi-techaro-lol.conf
<CodeBlock language="nginx">{mimiTecharoLol}</CodeBlock> server {
# Listen on 443 with SSL
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
# Slipstream via Anubis
include "conf-anubis.inc";
server_name mimi.techaro.lol;
ssl_certificate /path/to/your/certs/mimi.techaro.lol.crt;
ssl_certificate_key /path/to/your/certs/mimi.techaro.lol.key;
}
server {
listen unix:/run/nginx/nginx.sock;
server_name mimi.techaro.lol;
port_in_redirect off;
root "/srv/http/mimi.techaro.lol";
index index.html;
# Your normal configuration can go here
# location .php { fastcgi...} etc.
}
```
</details> </details>
@@ -65,9 +147,24 @@ import mimiTecharoLol from "!!raw-loader!./nginx/server-mimi-techaro-lol.conf";
Create an upstream for Anubis. Create an upstream for Anubis.
import anubisUpstream from "!!raw-loader!./nginx/upstream-anubis.conf"; ```nginx
# /etc/nginx/conf.d/upstream-anubis.conf
<CodeBlock language="nginx">{anubisUpstream}</CodeBlock> upstream anubis {
# Make sure this matches the values you set for `BIND` and `BIND_NETWORK`.
# If this does not match, your services will not be protected by Anubis.
# Try anubis first over a UNIX socket
server unix:/run/anubis/nginx.sock;
#server 127.0.0.1:8923;
# Optional: fall back to serving the websites directly. This allows your
# websites to be resilient against Anubis failing, at the risk of exposing
# them to the raw internet without protection. This is a tradeoff and can
# be worth it in some edge cases.
#server unix:/run/nginx.sock backup;
}
```
This can be repeated for multiple sites. Anubis does not care about the HTTP `Host` header and will happily cope with multiple websites via the same instance. This can be repeated for multiple sites. Anubis does not care about the HTTP `Host` header and will happily cope with multiple websites via the same instance.

Some files were not shown because too many files have changed in this diff Show More