arian/anubis-mirror
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2026-04-12 03:28:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: arian:Xe/contributing-commitlint-etc
Branches Tags
arian:main arian:dependabot/github_actions/github-actions-899c058108 arian:dependabot/go_modules/gomod-93cd730d29 arian:dependabot/npm_and_yarn/npm-34965409cd arian:Xe/feat-main-challenge-uses-preact arian:Xe/faq-min-browser-version arian:Xe/ddwrt-logo arian:Xe/toggle-source arian:Xe/pprof-2 arian:Xe/ci-multiple-go-versions arian:Xe/experimental-windows-binary arian:Xe/go-sh-for-build-scripts arian:Xe/doc-disabling-jit arian:add-claude-github-actions-1773949601522 arian:json/fix-pow-deref arian:Xe/no-govulncheck arian:Xe/docs-systemd-logging-to-file arian:json/gofix arian:json/add-cel-iterator arian:Xe/haproxy-smoke-test arian:Xe/sponsor-logo-sync arian:Xe/agent-hints arian:Xe/contributing-commitlint-etc arian:json/add-back-comments arian:Xe/fix-preact-static-path arian:Xe/document-meta-default-config arian:Xe/bump-go arian:revert-1370-dependabot/go_modules/gomod-76b51a1623 arian:Xe/iplist2rule arian:Xe/fix-nginx-gha arian:fix/nginxsmoke arian:Xe/expose-pprof-in-metrics arian:Xe/serialize-memory arian:Xe/nginx-config-test arian:Xe/no-more-kindness arian:Xe/adjust-accept-rule arian:Xe/honeypot arian:Xe/demote-explicit-deny-logs arian:fix/pin-versions arian:Xe/deprecate-report_as arian:Xe/dependabot-cooldown arian:Xe/logrotate arian:Xe/go-mod-tidy-check arian:Xe/redis-sentinel arian:docs/fix-1080 arian:fix/ogtags-sni arian:fix/ci-go-mod arian:chore/gomodupdates arian:fix/CVE2025_24369-flakyness arian:fix/upgrade-playwright arian:fix/nilpointerpanic arian:Xe/metrics-for-weigh-matches arian:Xe/fix-docs-deploy arian:Xe/dont-cookie-host-implicitly arian:Xe/ensure-embed-folder-matches-embed-fs arian:Xe/more-docker-client-programs arian:Xe/add-asset-build-verification-workflow arian:Xe/gh-1252/docker-registry-client-fix arian:Xe/chrome-version-number-deweighing arian:Xe/blog/abuse-reports arian:Xe/unblock-tencent-cloud arian:Xe/fix-serve-robots-txt arian:Xe/analytics-so-i-can-get-grants arian:Xe/fix-open-redirect-subrequest arian:Xe/remove-copilot-instructions arian:Xe/checker.List-and-like arian:Xe/block-tencent-cloud arian:Xe/fix-bbolt-errors arian:Xe/get-started-environments arian:Xe/show-error-state arian:Xe/fix-webcrypto-detection arian:Xe/even-less-paranoid arian:Xe/unflake-lib-package arian:Xe/default-config-macro arian:Xe/preact-deprecate arian:Xe/less-paranoid arian:Xe/wasm3 arian:Xe/double-slash-xess arian:Xe/double-slash-try-3 arian:Xe/fix-cookie-prefix-stutter arian:Xe/metarefresh-randomly-refresh-header arian:Xe/contentLength-in-expressions arian:Xe/ssh-ci-no-uname-av arian:Xe/ssh-ci-arm64 arian:Xe/actorify arian:Xe/log-filters arian:Xe/decaymap-sync-map arian:Xe/use-typescript arian:Xe/containerbuild-support-commas arian:Xe/npmjs-secvuln-fix arian:json/signingnudge arian:Xe/embed-services-folder arian:Xe/demote-temporal-assurance arian:Xe/store-s3 arian:json/requireED25519 arian:fix/multibot arian:json/docs arian:Xe/redirect-domain-wildcard arian:Xe/fix-force-language arian:Xe/anti-assistant arian:Xe/fix-main arian:Xe/enhanced-temporal-reassurance arian:Xe/docker-buildx-bake2 arian:Xe-patch-1 arian:Xe/proof-of-react arian:Xe/decimal-nonce-post arian:Xe/fix-decimal-nonce arian:json/fixspelling arian:copilot/fix-bac27955-bb79-4b41-8954-7463ba8a52db arian:Xe/block-alibaba arian:Xe/block-huawei arian:Xe/1002-challenge-spent-field arian:Xe/funding-update-august-2025 arian:Xe/remove-hack arian:revert-952-dependabot/github_actions/github-actions-246dc3e5c9 arian:Xe/embed-challenge-id-in-generated-pages arian:Xe/silence-http-pipelining-error arian:Xe/remove-json-docs arian:Xe/fix-purejs-and-make-faster arian:Xe/purge-slow arian:Xe/allow-opengraph-response-urls arian:Xe/anubis-custom-logger arian:Xe/default-rules/customasynchttpclient arian:Xe/store-challenge-method-with-challenge arian:Xe/checks-v2 arian:Xe/cel-segments arian:Xe/chore-expose-thoth arian:Xe/test-xff-no-double-comma arian:Xe/nerf-try-again-button arian:Xe/test-palemoon arian:Xe/xss-fix-2 arian:Xe/xss-fix arian:release/v1.21.1 arian:Xe/v1.21.1-blogpost arian:Xe/russian-translation-with-fixes arian:Xe/fix-unknown-challenge-throw-new-challenge arian:Xe/web-event-loop-thrashing arian:Xe/promise-leak arian:revert-873-dependabot/go_modules/gomod-adef35df73 arian:Xe/osiris arian:dependabot/go_modules/gomod-adef35df73 arian:Xe/missing-header-function arian:Xe/smoke-test/caddy-and-unix-socket arian:Xe/ssh-ci/deflake arian:Xe/smoke-test/translations arian:release/v1.21.0 arian:Xe/health-ready-endpoints arian:Xe/ja4h arian:Xe/test-cookie-fix arian:Xe/docs-image-per-commit arian:Xe/smoke-test/git-push arian:Xe/git-server-test arian:Xe/disable-system-load-by-default arian:release/v1.21.0-pre2 arian:Xe/double-slash-try-2 arian:Xe/status-page arian:Xe/double-slash arian:Xe/changelog-mention-migration-breakage arian:Xe/nginx-micro arian:Xe/TI-20250709-0001 arian:Xe/thoth-client-dont-block-on-healthchecks arian:Xe/load-average arian:Xe/docs-remove-proof-of-work-branding arian:Xe/bbolt-cleanup-every-hour arian:Xe/optimize-bbolt arian:Xe/ogtags-use-store arian:Xe/devcontainer-playwright arian:Xe/store-interface arian:Xe/allow-commoncrawl arian:Xe/docs-botstopper arian:Xe/fix-anubis-systemd-runtimedir-instances arian:Xe/checker-registry arian:vic/set-cookies-to-secure arian:json/dup arian:Xe/docker-buildx-bake arian:Xe/valkey-2 arian:Xe/thr1 arian:Xe/v1.19.0-pre1 arian:Xe/thoth arian:Xe/valkey arian:wasm arian:Xe/expressions arian:Xe/go-tool-yeet arian:Xe/pkgserver arian:Xe/yeet-as-tool arian:release/v1.15.x arian:Xe/minimize-logging arian:revert-134-revert-120-Xe/cookie-settings arian:Xe/allow-internet-archive arian:Xe/hyper-galaxy-brain
arian:v1.25.0 arian:v1.24.0 arian:v1.24.0-pre1 arian:v1.23.1 arian:v1.23.0 arian:v1.23.0-pre2 arian:v1.23.0-pre1 arian:v1.22.0 arian:v1.22.0-pre2 arian:v1.22.0-pre1 arian:v1.21.3 arian:v1.21.2 arian:v1.21.1 arian:v1.21.0 arian:v1.21.0-pre3 arian:v1.21.0-pre2 arian:v1.21.0-pre1 arian:v1.20.0 arian:v1.20.0-pre2 arian:v1.20.0-pre1 arian:v1.19.1 arian:v1.19.0 arian:v1.19.0-pre1 arian:v1.18.0 arian:v1.18.0-pre1 arian:v1.17.1 arian:v1.17.0 arian:v1.17.0.signed arian:v1.17.0-beta4 arian:1.17.0-beta2 arian:v1.17.0-beta3 arian:v1.17.0-beta1 arian:v1.16.0 arian:v1.15.2 arian:v1.15.1 arian:v1.15.0 arian:v1.14.2 arian:v1.14.1 arian:v1.14.0 arian:v1.13.0 arian:v1.12.1
..
compare: arian:Xe/demote-explicit-deny-logs
Branches Tags
arian:main arian:dependabot/github_actions/github-actions-899c058108 arian:dependabot/go_modules/gomod-93cd730d29 arian:dependabot/npm_and_yarn/npm-34965409cd arian:Xe/feat-main-challenge-uses-preact arian:Xe/faq-min-browser-version arian:Xe/ddwrt-logo arian:Xe/toggle-source arian:Xe/pprof-2 arian:Xe/ci-multiple-go-versions arian:Xe/experimental-windows-binary arian:Xe/go-sh-for-build-scripts arian:Xe/doc-disabling-jit arian:add-claude-github-actions-1773949601522 arian:json/fix-pow-deref arian:Xe/no-govulncheck arian:Xe/docs-systemd-logging-to-file arian:json/gofix arian:json/add-cel-iterator arian:Xe/haproxy-smoke-test arian:Xe/sponsor-logo-sync arian:Xe/agent-hints arian:Xe/contributing-commitlint-etc arian:json/add-back-comments arian:Xe/fix-preact-static-path arian:Xe/document-meta-default-config arian:Xe/bump-go arian:revert-1370-dependabot/go_modules/gomod-76b51a1623 arian:Xe/iplist2rule arian:Xe/fix-nginx-gha arian:fix/nginxsmoke arian:Xe/expose-pprof-in-metrics arian:Xe/serialize-memory arian:Xe/nginx-config-test arian:Xe/no-more-kindness arian:Xe/adjust-accept-rule arian:Xe/honeypot arian:Xe/demote-explicit-deny-logs arian:fix/pin-versions arian:Xe/deprecate-report_as arian:Xe/dependabot-cooldown arian:Xe/logrotate arian:Xe/go-mod-tidy-check arian:Xe/redis-sentinel arian:docs/fix-1080 arian:fix/ogtags-sni arian:fix/ci-go-mod arian:chore/gomodupdates arian:fix/CVE2025_24369-flakyness arian:fix/upgrade-playwright arian:fix/nilpointerpanic arian:Xe/metrics-for-weigh-matches arian:Xe/fix-docs-deploy arian:Xe/dont-cookie-host-implicitly arian:Xe/ensure-embed-folder-matches-embed-fs arian:Xe/more-docker-client-programs arian:Xe/add-asset-build-verification-workflow arian:Xe/gh-1252/docker-registry-client-fix arian:Xe/chrome-version-number-deweighing arian:Xe/blog/abuse-reports arian:Xe/unblock-tencent-cloud arian:Xe/fix-serve-robots-txt arian:Xe/analytics-so-i-can-get-grants arian:Xe/fix-open-redirect-subrequest arian:Xe/remove-copilot-instructions arian:Xe/checker.List-and-like arian:Xe/block-tencent-cloud arian:Xe/fix-bbolt-errors arian:Xe/get-started-environments arian:Xe/show-error-state arian:Xe/fix-webcrypto-detection arian:Xe/even-less-paranoid arian:Xe/unflake-lib-package arian:Xe/default-config-macro arian:Xe/preact-deprecate arian:Xe/less-paranoid arian:Xe/wasm3 arian:Xe/double-slash-xess arian:Xe/double-slash-try-3 arian:Xe/fix-cookie-prefix-stutter arian:Xe/metarefresh-randomly-refresh-header arian:Xe/contentLength-in-expressions arian:Xe/ssh-ci-no-uname-av arian:Xe/ssh-ci-arm64 arian:Xe/actorify arian:Xe/log-filters arian:Xe/decaymap-sync-map arian:Xe/use-typescript arian:Xe/containerbuild-support-commas arian:Xe/npmjs-secvuln-fix arian:json/signingnudge arian:Xe/embed-services-folder arian:Xe/demote-temporal-assurance arian:Xe/store-s3 arian:json/requireED25519 arian:fix/multibot arian:json/docs arian:Xe/redirect-domain-wildcard arian:Xe/fix-force-language arian:Xe/anti-assistant arian:Xe/fix-main arian:Xe/enhanced-temporal-reassurance arian:Xe/docker-buildx-bake2 arian:Xe-patch-1 arian:Xe/proof-of-react arian:Xe/decimal-nonce-post arian:Xe/fix-decimal-nonce arian:json/fixspelling arian:copilot/fix-bac27955-bb79-4b41-8954-7463ba8a52db arian:Xe/block-alibaba arian:Xe/block-huawei arian:Xe/1002-challenge-spent-field arian:Xe/funding-update-august-2025 arian:Xe/remove-hack arian:revert-952-dependabot/github_actions/github-actions-246dc3e5c9 arian:Xe/embed-challenge-id-in-generated-pages arian:Xe/silence-http-pipelining-error arian:Xe/remove-json-docs arian:Xe/fix-purejs-and-make-faster arian:Xe/purge-slow arian:Xe/allow-opengraph-response-urls arian:Xe/anubis-custom-logger arian:Xe/default-rules/customasynchttpclient arian:Xe/store-challenge-method-with-challenge arian:Xe/checks-v2 arian:Xe/cel-segments arian:Xe/chore-expose-thoth arian:Xe/test-xff-no-double-comma arian:Xe/nerf-try-again-button arian:Xe/test-palemoon arian:Xe/xss-fix-2 arian:Xe/xss-fix arian:release/v1.21.1 arian:Xe/v1.21.1-blogpost arian:Xe/russian-translation-with-fixes arian:Xe/fix-unknown-challenge-throw-new-challenge arian:Xe/web-event-loop-thrashing arian:Xe/promise-leak arian:revert-873-dependabot/go_modules/gomod-adef35df73 arian:Xe/osiris arian:dependabot/go_modules/gomod-adef35df73 arian:Xe/missing-header-function arian:Xe/smoke-test/caddy-and-unix-socket arian:Xe/ssh-ci/deflake arian:Xe/smoke-test/translations arian:release/v1.21.0 arian:Xe/health-ready-endpoints arian:Xe/ja4h arian:Xe/test-cookie-fix arian:Xe/docs-image-per-commit arian:Xe/smoke-test/git-push arian:Xe/git-server-test arian:Xe/disable-system-load-by-default arian:release/v1.21.0-pre2 arian:Xe/double-slash-try-2 arian:Xe/status-page arian:Xe/double-slash arian:Xe/changelog-mention-migration-breakage arian:Xe/nginx-micro arian:Xe/TI-20250709-0001 arian:Xe/thoth-client-dont-block-on-healthchecks arian:Xe/load-average arian:Xe/docs-remove-proof-of-work-branding arian:Xe/bbolt-cleanup-every-hour arian:Xe/optimize-bbolt arian:Xe/ogtags-use-store arian:Xe/devcontainer-playwright arian:Xe/store-interface arian:Xe/allow-commoncrawl arian:Xe/docs-botstopper arian:Xe/fix-anubis-systemd-runtimedir-instances arian:Xe/checker-registry arian:vic/set-cookies-to-secure arian:json/dup arian:Xe/docker-buildx-bake arian:Xe/valkey-2 arian:Xe/thr1 arian:Xe/v1.19.0-pre1 arian:Xe/thoth arian:Xe/valkey arian:wasm arian:Xe/expressions arian:Xe/go-tool-yeet arian:Xe/pkgserver arian:Xe/yeet-as-tool arian:release/v1.15.x arian:Xe/minimize-logging arian:revert-134-revert-120-Xe/cookie-settings arian:Xe/allow-internet-archive arian:Xe/hyper-galaxy-brain
arian:v1.25.0 arian:v1.24.0 arian:v1.24.0-pre1 arian:v1.23.1 arian:v1.23.0 arian:v1.23.0-pre2 arian:v1.23.0-pre1 arian:v1.22.0 arian:v1.22.0-pre2 arian:v1.22.0-pre1 arian:v1.21.3 arian:v1.21.2 arian:v1.21.1 arian:v1.21.0 arian:v1.21.0-pre3 arian:v1.21.0-pre2 arian:v1.21.0-pre1 arian:v1.20.0 arian:v1.20.0-pre2 arian:v1.20.0-pre1 arian:v1.19.1 arian:v1.19.0 arian:v1.19.0-pre1 arian:v1.18.0 arian:v1.18.0-pre1 arian:v1.17.1 arian:v1.17.0 arian:v1.17.0.signed arian:v1.17.0-beta4 arian:1.17.0-beta2 arian:v1.17.0-beta3 arian:v1.17.0-beta1 arian:v1.16.0 arian:v1.15.2 arian:v1.15.1 arian:v1.15.0 arian:v1.14.2 arian:v1.14.1 arian:v1.14.0 arian:v1.13.0 arian:v1.12.1

1 Commits
Xe/contrib ... Xe/demote-

Author SHA1 Message Date
Xe Iaso
8f45998022 chore(lib): demote explicit deny logs from Info to Info-1 
Closes: #1322
 2025-12-03 23:35:03 -05:00
242 changed files with 2810 additions and 5704 deletions
Expand all files Collapse all files

6
.devcontainer/devcontainer.json
View File

@@ -2,7 +2,9 @@
// README at: https://github.com/devcontainers/templates/tree/main/src/debian // README at: https://github.com/devcontainers/templates/tree/main/src/debian
{ {
"name": "Dev", "name": "Dev",
"dockerComposeFile": ["./docker-compose.yaml"], "dockerComposeFile": [
"./docker-compose.yaml"
],
"service": "workspace", "service": "workspace",
"workspaceFolder": "/workspace/anubis", "workspaceFolder": "/workspace/anubis",
"postStartCommand": "bash ./.devcontainer/poststart.sh", "postStartCommand": "bash ./.devcontainer/poststart.sh",
@@ -29,4 +31,4 @@
} }
} }
} }
} }

1
.github/ISSUE_TEMPLATE/bug_report.yaml vendored
View File

@@ -58,3 +58,4 @@ body:
attributes: attributes:
label: Additional context label: Additional context
description: Add any other context about the problem here. description: Add any other context about the problem here.

2
.github/ISSUE_TEMPLATE/feature_request.yaml vendored
View File

@@ -1,6 +1,6 @@
name: Feature request name: Feature request
description: Suggest an idea for this project description: Suggest an idea for this project
title: "[Feature request] " title: '[Feature request] '
body: body:
- type: textarea - type: textarea

24
.github/actions/spelling/README.md vendored
View File

@@ -1,17 +1,17 @@
# check-spelling/check-spelling configuration # check-spelling/check-spelling configuration
| File | Purpose | Format | Info | File | Purpose | Format | Info
| -------------------------------------------------- | -------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | -|-|-|-
| [dictionary.txt](dictionary.txt) | Replacement dictionary (creating this file will override the default dictionary) | one word per line | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary) | [dictionary.txt](dictionary.txt) | Replacement dictionary (creating this file will override the default dictionary) | one word per line | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary)
| [allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow) | [allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow)
| [reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject) | [reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject)
| [excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes) | [excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes)
| [only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only) | [only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only)
| [patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) | [patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
| [candidate.patterns](candidate.patterns) | Patterns that might be worth adding to [patterns.txt](patterns.txt) | perl regular expression with optional comment block introductions (all matches will be suggested) | [candidates](https://github.com/check-spelling/check-spelling/wiki/Feature:-Suggest-patterns) | [candidate.patterns](candidate.patterns) | Patterns that might be worth adding to [patterns.txt](patterns.txt) | perl regular expression with optional comment block introductions (all matches will be suggested) | [candidates](https://github.com/check-spelling/check-spelling/wiki/Feature:-Suggest-patterns)
| [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) | [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
| [expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect) | [expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect)
| [advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice) | [advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice)
Note: you can replace any of these files with a directory by the same name (minus the suffix) Note: you can replace any of these files with a directory by the same name (minus the suffix)
and then include multiple files inside that directory (with that suffix) to merge multiple files together. and then include multiple files inside that directory (with that suffix) to merge multiple files together.

19
.github/actions/spelling/advice.md vendored
View File

@@ -2,27 +2,30 @@
<details><summary>If the flagged items are :exploding_head: false positives</summary> <details><summary>If the flagged items are :exploding_head: false positives</summary>
If items relate to a ... If items relate to a ...
* binary file (or some other file you wouldn't want to check at all).
- binary file (or some other file you wouldn't want to check at all).
Please add a file path to the `excludes.txt` file matching the containing file. Please add a file path to the `excludes.txt` file matching the containing file.
File paths are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files. File paths are Perl 5 Regular Expressions - you can [test](
https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files.
`^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](../tree/HEAD/README.md) (on whichever branch you're using). `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](
../tree/HEAD/README.md) (on whichever branch you're using).
- well-formed pattern. * well-formed pattern.
If you can write a [pattern](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns) that would match it, If you can write a [pattern](
https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns
) that would match it,
try adding it to the `patterns.txt` file. try adding it to the `patterns.txt` file.
Patterns are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines. Patterns are Perl 5 Regular Expressions - you can [test](
https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines.
Note that patterns can't match multiline strings. Note that patterns can't match multiline strings.
</details> </details>
<!-- adoption information--> <!-- adoption information-->
:steam_locomotive: If you're seeing this message and your PR is from a branch that doesn't have check-spelling, :steam_locomotive: If you're seeing this message and your PR is from a branch that doesn't have check-spelling,
please merge to your PR's base branch to get the version configured for your repository. please merge to your PR's base branch to get the version configured for your repository.

12
.github/actions/spelling/allow.txt vendored
View File

@@ -12,15 +12,3 @@ maintnotifications
azurediamond azurediamond
cooldown cooldown
verifyfcrdns verifyfcrdns
Spintax
spintax
clampip
pseudoprofound
reimagining
iocaine
admins
fout
iplist
NArg
blocklists
rififi

12
.github/actions/spelling/excludes.txt vendored
View File

@@ -87,14 +87,10 @@
^docs/docs/user/known-instances.md$ ^docs/docs/user/known-instances.md$
^docs/manifest/.*$ ^docs/manifest/.*$
^docs/static/\.nojekyll$ ^docs/static/\.nojekyll$
^internal/glob/glob_test.go$
^internal/honeypot/naive/affirmations\.txt$
^internal/honeypot/naive/spintext\.txt$
^internal/honeypot/naive/titles\.txt$
^lib/config/testdata/bad/unparseable\.json$
^lib/localization/.*_test.go$
^lib/localization/locales/.*\.json$
^lib/policy/config/testdata/bad/unparseable\.json$ ^lib/policy/config/testdata/bad/unparseable\.json$
^test/.*$ ^internal/glob/glob_test.go$
ignore$ ignore$
robots.txt robots.txt
^lib/localization/locales/.*\.json$
^lib/localization/.*_test.go$
^test/.*$

810
.github/actions/spelling/expect.txt vendored
View File

@@ -1,410 +1,400 @@
acs
Actorified acs
actorifiedstore Actorified
actorify actorifiedstore
Aibrew actorify
alibaba Aibrew
alrest alibaba
amazonbot alrest
anthro amazonbot
anubis anthro
anubistest anubis
apnic anubistest
APNICRANDNETAU apnic
Applebot APNICRANDNETAU
archlinux Applebot
arpa archlinux
asnc arpa
asnchecker asnc
asns asnchecker
aspirational asns
atuin aspirational
azuretools atuin
badregexes azuretools
bbolt badregexes
bdba bbolt
berr bdba
bezier berr
bingbot bezier
Bitcoin bingbot
bitrate Bitcoin
Bluesky bitrate
blueskybot Bluesky
boi blueskybot
Bokm boi
botnet Bokm
botstopper botnet
BPort botstopper
Brightbot BPort
broked Brightbot
buildah broked
byteslice buildah
Bytespider byteslice
cachebuster Bytespider
cachediptoasn cachebuster
Caddyfile cachediptoasn
caninetools Caddyfile
Cardyb caninetools
celchecker Cardyb
celphase celchecker
cerr celphase
certresolver cerr
cespare certresolver
CGNAT cespare
cgr CGNAT
chainguard cgr
chall chainguard
challengemozilla chall
challengetest challengemozilla
checkpath challengetest
checkresult checkpath
chibi checkresult
cidranger chibi
ckie cidranger
cloudflare ckie
Codespaces cloudflare
confd Codespaces
containerbuild confd
containerregistry connnection
coreutils containerbuild
Cotoyogi containerregistry
Cromite coreutils
crt Cotoyogi
Cscript Cromite
daemonizing crt
databento Cscript
dayjob daemonizing
dco dayjob
DDOS DDOS
Debian Debian
debrpm debrpm
decaymap decaymap
devcontainers devcontainers
Diffbot Diffbot
discordapp discordapp
discordbot discordbot
distros distros
dnf dnf
dnsbl dnsbl
dnserr dnserr
DNSTTL DNSTTL
domainhere domainhere
dracula dracula
dronebl dronebl
droneblresponse droneblresponse
dropin dropin
dsilence dsilence
duckduckbot duckduckbot
eerror eerror
ellenjoe ellenjoe
emacs emacs
enbyware enbyware
etld etld
everyones everyones
evilbot evilbot
evilsite evilsite
expressionorlist expressionorlist
externalagent externalagent
externalfetcher externalfetcher
extldflags extldflags
facebookgo facebookgo
Factset Factset
fahedouch fahedouch
fastcgi fastcgi
FCr FCr
fcrdns fcrdns
fediverse fediverse
ffprobe ffprobe
financials financials
finfos finfos
Firecrawl Firecrawl
flagenv flagenv
Fordola Fordola
forgejo forgejo
forwardauth forwardauth
fsys fsys
fullchain fullchain
gaissmai gaissmai
Galvus Galvus
geoip geoip
geoipchecker geoipchecker
gha gha
GHSA GHSA
Ghz Ghz
gipc gipc
gitea gitea
GLM godotenv
godotenv goland
goimports gomod
goland goodbot
gomod googlebot
goodbot gopsutil
googlebot govulncheck
gopsutil goyaml
govulncheck GPG
goyaml GPT
GPG gptbot
GPT Graphene
gptbot grpcprom
Graphene grw
grpcprom gzw
grw Hashcash
gzw hashrate
Hashcash headermap
hashrate healthcheck
headermap healthz
healthcheck hec
healthz helpdesk
hec Hetzner
helpdesk hmc
Hetzner homelab
hmc hostable
homelab htmlc
hostable htmx
htmlc httpdebug
htmx huawei
httpdebug hypertext
huawei iaskspider
hypertext iaso
iaskspider iat
iaso ifm
iat Imagesift
ifm imgproxy
Imagesift impressum
imgproxy inbox
impressum ingressed
inbox inp
ingressed internets
inp IPTo
internets iptoasn
IPTo isp
iptoasn iss
isp isset
iss ivh
isset Jenomis
ivh JGit
Jenomis jhjj
JGit joho
jhjj journalctl
joho jshelter
journalctl JWTs
jshelter kagi
JWTs kagibot
kagi Keyfunc
kagibot keypair
Keyfunc KHTML
keypair kinda
KHTML KUBECONFIG
kinda lcj
KUBECONFIG ldflags
lcj letsencrypt
ldflags Lexentale
letsencrypt lfc
Lexentale lgbt
lfc licend
lgbt licstart
licend lightpanda
licstart limsa
lightpanda Linting
limsa listor
Linting LLU
listor loadbalancer
LLU lol
loadbalancer lominsa
lol maintainership
lominsa malware
maintainership mcr
malware memes
mcr metarefresh
memes metrix
metarefresh mimi
metrix Minfilia
mimi mistralai
Minfilia mnt
mistralai Mojeek
mnt mojeekbot
Mojeek mozilla
mojeekbot myclient
mozilla mymaster
myclient mypass
mymaster myuser
mypass nbf
myuser nepeat
nbf netsurf
nepeat nginx
netsurf nicksnyder
nginx nobots
nicksnyder NONINFRINGEMENT
nikandfor nosleep
nobots nullglob
NONINFRINGEMENT oci
nosleep OCOB
nullglob ogtag
oci oklch
OCOB omgili
ogtag omgilibot
oklch openai
omgili opendns
omgilibot opengraph
openai openrc
opendns oswald
opengraph pag
openrc palemoon
oswald Pangu
pag parseable
pagegen passthrough
palemoon Patreon
Pangu pgrep
parseable phrik
passthrough pidfile
Patreon pids
perplexitybot pipefail
pgrep pki
phrik podkova
pidfile podman
pids Postgre
pipefail poststart
pki prebaked
podkova privkey
podman promauto
Postgre promhttp
poststart proofofwork
prebaked publicsuffix
privkey purejs
promauto pwcmd
promhttp pwuser
proofofwork qualys
publicsuffix qwant
purejs qwantbot
pwcmd rac
pwuser rawler
qualys rcvar
qwant redhat
qwantbot redir
rac redirectscheme
rawler refactors
rcvar remoteip
redhat reputational
redir risc
redirectscheme ruleset
refactors runlevels
remoteip RUnlock
reputational runtimedir
Rhul runtimedirectory
risc Ryzen
ruleset sas
runlevels sasl
RUnlock screenshots
runtimedir searchbot
runtimedirectory searx
Ryzen sebest
sas secretplans
sasl Semrush
screenshots Seo
searchbot setsebool
searx shellcheck
sebest shirou
secretplans shopt
Semrush Sidetrade
Seo simprint
setsebool sitemap
shellcheck sls
shirou sni
shoneypot snipster
shopt Spambot
Sidetrade sparkline
simprint spyderbot
sitemap srv
sls stackoverflow
sni startprecmd
snipster stoppostcmd
Spambot storetest
spammer subgrid
sparkline subr
spyderbot subrequest
srv SVCNAME
stackoverflow tagline
startprecmd tarballs
stoppostcmd tarrif
storetest taviso
subgrid tbn
subr tbr
subrequest techaro
SVCNAME techarohq
tagline telegrambot
tarballs templ
tarrif templruntime
taviso testarea
tbn Thancred
tbr thoth
techaro thothmock
techarohq Tik
telegrambot Timpibot
templ TLog
templruntime traefik
testarea trunc
Thancred uberspace
thoth Unbreak
thothmock unbreakdocker
Tik unifiedjs
Timpibot unmarshal
TLog unparseable
traefik uvx
trunc UXP
uberspace valkey
Unbreak Varis
unbreakdocker Velen
unifiedjs vendored
unmarshal verify
unparseable vhosts
uvx vkbot
UXP VKE
valkey vnd
Varis VPS
Velen Vultr
vendored weblate
vhosts webmaster
vkbot webpage
VKE websecure
vnd websites
VPS Webzio
Vultr whois
WAIFU wildbase
weblate withthothmock
webmaster wolfbeast
webpage wordpress
websecure workaround
websites workdir
Webzio wpbot
whois XCircle
wildbase xeiaso
withthothmock xeserv
wolfbeast xesite
wordpress xess
workaround xff
workdir XForwarded
wpbot XNG
XCircle XOB
xeiaso XOriginal
xeserv XReal
xesite yae
xess YAMLTo
xff Yda
XForwarded yeet
XNG yeetfile
XOB yourdomain
XOriginal yyz
XReal Zenos
Y'shtola zizmor
yae zombocom
YAMLTo zos
Yda
yeet
yeetfile
yourdomain
yyz
Zenos
zizmor
zombocom
zos
zst

10
.github/workflows/asset-verification.yml vendored
View File

@@ -13,7 +13,7 @@ jobs:
asset_verification: asset_verification:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
persist-credentials: false persist-credentials: false
@@ -22,12 +22,12 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: install node deps - name: install node deps
run: | run: |

9
.github/workflows/dco-check.yaml vendored
View File

@@ -1,9 +0,0 @@
name: DCO Check
on: [pull_request]
jobs:
dco_check:
runs-on: ubuntu-latest
steps:
- uses: tisonkun/actions-dco@f1024cd563550b5632e754df11b7d30b73be54a5 # v1.1

12
.github/workflows/docker-pr.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -26,18 +26,18 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
with: with:
images: ghcr.io/${{ github.repository }} images: ghcr.io/${{ github.repository }}

14
.github/workflows/docker.yml vendored
View File

@@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -36,12 +36,12 @@ jobs:
run: | run: |
echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
@@ -54,7 +54,7 @@ jobs:
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
with: with:
images: ${{ env.IMAGE }} images: ${{ env.IMAGE }}
@@ -68,7 +68,7 @@ jobs:
SLOG_LEVEL: debug SLOG_LEVEL: debug
- name: Generate artifact attestation - name: Generate artifact attestation
uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0 uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
with: with:
subject-name: ${{ env.IMAGE }} subject-name: ${{ env.IMAGE }}
subject-digest: ${{ steps.build.outputs.digest }} subject-digest: ${{ steps.build.outputs.digest }}

10
.github/workflows/docs-deploy.yml vendored
View File

@@ -17,12 +17,12 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
persist-credentials: false persist-credentials: false
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Log into registry - name: Log into registry
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
@@ -33,7 +33,7 @@ jobs:
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
with: with:
images: ghcr.io/techarohq/anubis/docs images: ghcr.io/techarohq/anubis/docs
tags: | tags: |
@@ -53,14 +53,14 @@ jobs:
push: true push: true
- name: Apply k8s manifests to limsa lominsa - name: Apply k8s manifests to limsa lominsa
uses: actions-hub/kubectl@f6d776bd78f4523e36d6c74d34f9941c242b2213 # v1.35.0 uses: actions-hub/kubectl@1d2c1e96fe0ae23b0c95ee8240ae151b1e638c23 # v1.34.2
env: env:
KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }}
with: with:
args: apply -k docs/manifest args: apply -k docs/manifest
- name: Apply k8s manifests to limsa lominsa - name: Apply k8s manifests to limsa lominsa
uses: actions-hub/kubectl@f6d776bd78f4523e36d6c74d34f9941c242b2213 # v1.35.0 uses: actions-hub/kubectl@1d2c1e96fe0ae23b0c95ee8240ae151b1e638c23 # v1.34.2
env: env:
KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }}
with: with:

6
.github/workflows/docs-test.yml vendored
View File

@@ -13,16 +13,16 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
persist-credentials: false persist-credentials: false
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
with: with:
images: ghcr.io/techarohq/anubis/docs images: ghcr.io/techarohq/anubis/docs
tags: | tags: |

6
.github/workflows/go-mod-tidy-check.yml vendored
View File

@@ -13,13 +13,13 @@ jobs:
go_mod_tidy_check: go_mod_tidy_check:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
persist-credentials: false persist-credentials: false
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: Check go.mod and go.sum in main directory - name: Check go.mod and go.sum in main directory
run: | run: |

12
.github/workflows/go.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
#runs-on: alrest-techarohq #runs-on: alrest-techarohq
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
persist-credentials: false persist-credentials: false
@@ -24,15 +24,15 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: Cache playwright binaries - name: Cache playwright binaries
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
id: playwright-cache id: playwright-cache
with: with:
path: | path: |

19
.github/workflows/lint-pr-title.yaml vendored
View File

@@ -1,19 +0,0 @@
name: "Lint PR"
on:
pull_request_target:
types:
- opened
- edited
- synchronize
jobs:
lint_pr_title:
name: Validate PR title
runs-on: ubuntu-latest
permissions:
pull-requests: read
steps:
- uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

10
.github/workflows/package-builds-stable.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
#runs-on: alrest-techarohq #runs-on: alrest-techarohq
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
persist-credentials: false persist-credentials: false
fetch-tags: true fetch-tags: true
@@ -25,12 +25,12 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: install node deps - name: install node deps
run: | run: |

12
.github/workflows/package-builds-unstable.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
#runs-on: alrest-techarohq #runs-on: alrest-techarohq
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
persist-credentials: false persist-credentials: false
fetch-tags: true fetch-tags: true
@@ -26,12 +26,12 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: install node deps - name: install node deps
run: | run: |
@@ -41,7 +41,7 @@ jobs:
run: | run: |
go tool yeet go tool yeet
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with: with:
name: packages name: packages
path: var/* path: var/*

13
.github/workflows/smoke-tests.yml vendored
View File

@@ -23,23 +23,22 @@ jobs:
- healthcheck - healthcheck
- i18n - i18n
- log-file - log-file
- nginx
- palemoon/amd64 - palemoon/amd64
#- palemoon/i386 #- palemoon/i386
- robots_txt - robots_txt
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
persist-credentials: false persist-credentials: false
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
@@ -57,7 +56,7 @@ jobs:
run: echo "ARTIFACT_NAME=${{ matrix.test }}" | sed 's|/|-|g' >> $GITHUB_ENV run: echo "ARTIFACT_NAME=${{ matrix.test }}" | sed 's|/|-|g' >> $GITHUB_ENV
- name: Upload artifact - name: Upload artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
if: always() if: always()
with: with:
name: ${{ env.ARTIFACT_NAME }} name: ${{ env.ARTIFACT_NAME }}

12
.github/workflows/spelling.yml vendored
View File

@@ -59,16 +59,16 @@ name: Check Spelling
on: on:
push: push:
branches: branches:
- "**" - '**'
tags-ignore: tags-ignore:
- "**" - '**'
pull_request: pull_request:
branches: branches:
- "**" - '**'
types: types:
- "opened" - 'opened'
- "reopened" - 'reopened'
- "synchronize" - 'synchronize'
jobs: jobs:
spelling: spelling:

4
.github/workflows/ssh-ci-runner-cron.yml vendored
View File

@@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -30,7 +30,7 @@ jobs:
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Build and push - name: Build and push
run: | run: |
cd ./test/ssh-ci cd ./test/ssh-ci

6
.github/workflows/ssh-ci.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
- aarch64-16k - aarch64-16k
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -35,9 +35,9 @@ jobs:
name: id_rsa name: id_rsa
known_hosts: ${{ secrets.CI_SSH_KNOWN_HOSTS }} known_hosts: ${{ secrets.CI_SSH_KNOWN_HOSTS }}
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: Run CI - name: Run CI
run: go run ./utils/cmd/backoff-retry bash test/ssh-ci/rigging.sh ${{ matrix.host }} run: go run ./utils/cmd/backoff-retry bash test/ssh-ci/rigging.sh ${{ matrix.host }}

22
.github/workflows/zizmor.yml vendored
View File

@@ -1,12 +1,12 @@
name: zizmor name: zizmor
on: on:
push: push:
paths: paths:
- ".github/workflows/*.ya?ml" - '.github/workflows/*.ya?ml'
pull_request: pull_request:
paths: paths:
- ".github/workflows/*.ya?ml" - '.github/workflows/*.ya?ml'
jobs: jobs:
zizmor: zizmor:
@@ -16,20 +16,20 @@ jobs:
security-events: write security-events: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with: with:
persist-credentials: false persist-credentials: false
- name: Install the latest version of uv - name: Install the latest version of uv
uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
- name: Run zizmor 🌈 - name: Run zizmor 🌈
run: uvx zizmor --format sarif . > results.sarif run: uvx zizmor --format sarif . > results.sarif
env: env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF file - name: Upload SARIF file
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
with: with:
sarif_file: results.sarif sarif_file: results.sarif
category: zizmor category: zizmor

8
.husky/commit-msg
View File

@@ -1,8 +0,0 @@
npx --no-install commitlint --edit "$1"
# Check if commit message contains Signed-off-by line
if ! grep -q "^Signed-off-by:" "$1"; then
echo "Commit message must contain a 'Signed-off-by:' line."
echo "Please use 'git commit --signoff' or add a Signed-off-by line to your commit message."
exit 1
fi

2
.husky/pre-commit
View File

@@ -1,2 +0,0 @@
npm run lint
npm run test

18
.ko.yaml
View File

@@ -1,13 +1,13 @@
defaultBaseImage: cgr.dev/chainguard/static defaultBaseImage: cgr.dev/chainguard/static
defaultPlatforms: defaultPlatforms:
- linux/arm64 - linux/arm64
- linux/amd64 - linux/amd64
- linux/arm/v7 - linux/arm/v7
builds: builds:
- id: anubis - id: anubis
main: ./cmd/anubis main: ./cmd/anubis
ldflags: ldflags:
- -s -w - -s -w
- -extldflags "-static" - -extldflags "-static"
- -X github.com/TecharoHQ/anubis.Version={{.Env.VERSION}} - -X github.com/TecharoHQ/anubis.Version={{.Env.VERSION}}

2
.prettierignore
View File

@@ -1,2 +0,0 @@
lib/config/testdata/bad/*
*.inc

2
.vscode/extensions.json vendored
View File

@@ -8,4 +8,4 @@
"redhat.vscode-yaml", "redhat.vscode-yaml",
"streetsidesoftware.code-spell-checker" "streetsidesoftware.code-spell-checker"
] ]
} }

2
.vscode/launch.json vendored
View File

@@ -24,4 +24,4 @@
"type": "node-terminal" "type": "node-terminal"
} }
] ]
} }

144
CONTRIBUTING.md
View File

@@ -1,144 +0,0 @@
# Contributing to Anubis
Anubis is a Web AI Firewall Utility (WAIFU) written in Go. It uses sha256 proof-of-work challenges to protect upstream HTTP resources from scraper bots. This is security software -- correctness matters.
## Build & Run
Prerequisites: Go 1.24+, Node.js (any supported version), esbuild, gzip, zstd, brotli. Install all with `brew bundle` if you are using Homebrew.
```shell
npm ci # install node dependencies
npm run assets # build JS/CSS (required before any Go build/test)
npm run build # assets + go build -> ./var/anubis
npm run dev # assets + run locally with --use-remote-address
```
## Testing
```shell
# Run all unit tests (assets must be built first)
npm run test # or: make test
# Run a single test by name
go test -run TestClampIP ./internal/
# Run a single test file's package
go test ./lib/config/
# Run tests with verbose output
go test -v -run TestBotValid ./lib/config/
```
### Smoke tests
The `tests` folder contains "smoke tests" that are intended to set up Anubis in production-adjacent settings and testing it against real infrastructure tools. A smoke test is a folder with `test.sh` that sets up infrastructure, validates the behaviour, and then tears it down. Smoke tests are run in GitHub actions with `.github/workflows/smoke-tests.yaml`.
## Linting
```shell
go vet ./...
go tool staticcheck ./...
go tool govulncheck ./...
```
## Code Generation
The project uses `go generate` for templ templates and stringer. Always run `npm run generate` (or `make assets`) before building or testing. Generated files include:
- `web/*.templ` -> templ-generated Go code
- `web/static/` -> bundled/minified JS and CSS (with .gz, .zst, .br variants)
## Project Layout
Important folders:
- `cmd/anubis`: Main entrypoint for the project. This is the program that runs on servers.
- `lib/*`: The core library for Anubis and all of its features. This is internal code that is made public for ease of downstream consumption. No API stability is guaranteed. Use at your own risk.
- `internal/*`: Actual internal code that is private to the implementation of Anubis. If you need to use a package in this, please copy it out and manually vendor it in your own project.
- `test/*` Smoke tests (see dedicated section for details).
- `web`: Frontend HTML templates.
- `xess`: Frontend CSS framework and build logic.
## Code Style
### Go
This project follows the idioms of the Go standard library. Generally follow the patterns that upstream Go uses, including:
- Prefer packages from the standard library unless there is no other option.
- Use package import aliases only when package names collide.
- Use `goimports` to format code. Run with `npm run format`.
- Use sentinel errors as package-level variables prefixed with `Err` (such as `ErrBotMustHaveName`). Wrap with `fmt.Errorf("package: small message giving context: %w", err)`.
- Use `log/slog` for structured logging. Pass loggers as arguments to functions. Use `lg.With` to preload with context. Prefer using `slog.Debug` unless you absolutely need to report messages to users, some users have magical thinking about log verbosity.
- Name PublicFunctionsAndTypes in PascalCase. Name privateFunctionsAndTypes in camelCase.
- Acronyms stay uppercase (`URL`, `HTTP`, `IP`, `DNS`, etc.)
- Enumerations should use strong types with validation logic for parsing remote input.
- Be conservative in what you send but liberal in what you accept.
- Anything reading configuration values should use both `json` and `yaml` struct tags. Use pointer values for optional configuration values.
- Use [table-driven tests](https://go.dev/wiki/TableDrivenTests) when writing test code.
- Use [`t.Helper()`](https://pkg.go.dev/testing#T.Helper) in helper code (setup/teardown scaffolding).
- Use [`t.Cleanup()`](https://pkg.go.dev/testing#T.Cleanup) to tear down per-test or per-suite scaffolding.
- Use [`errors.Is`](https://pkg.go.dev/errors#Is) for validating function results against sentinel errors.
- Prefer same-package tests over black-box tests (`_test` packages).
### JavaScript / TypeScript
- Source lives in `web/js/`. Built with esbuild, bundled and minified.
- Uses Preact (not React).
- No linter config. Keep functions small. Use `const` by default.
### Templ Templates
Anubis uses [Templ](https://templ.guide) for generating HTML on the server.
- `.templ` files in `web/` generate Go code. Run `go generate ./...` (or `npm run assets`) after modifying them.
- Templates receive typed Go parameters. Keep logic in Go, not templates.
## Commit Messages
Commit messages follow the [**Conventional Commits**](https://www.conventionalcommits.org/en/v1.0.0/) format:
```text
<type>[optional scope]: <description>
[optional body]
[optional footer(s)]
```
**Types**: `feat`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `build`, `ci`, `chore`, `revert`
- Add `!` after type/scope for breaking changes or include `BREAKING CHANGE:` in the footer.
- Keep descriptions concise, imperative, lowercase, and without a trailing period.
- Reference issues/PRs in the footer when applicable.
- **ALL git commits MUST be made with `--signoff`.** This is mandatory.
### Attribution Requirements
AI agents must disclose what tool and model they are using in the "Assisted-by" commit footer:
```text
Assisted-by: [Model Name] via [Tool Name]
```
Example:
```text
Assisted-by: GLM 4.6 via Claude Code
```
## PR Checklist
- Add description of changes to `[Unreleased]` in `docs/docs/CHANGELOG.md`.
- Add test cases for bug fixes and behavior changes.
- Run integration tests: `npm run test:integration`.
- All commits must have verified (signed) signatures.
## Key Conventions
- **Security-first**: This is security software. Code reviews are strict. Always add tests for bug fixes. Consider adversarial inputs.
- **Configuration**: YAML-based policy files. Config structs validate via `Valid() error` methods returning sentinel errors.
- **Store interface**: `lib/store.Interface` abstracts key-value storage.
- **Environment variables**: Parsed from flags via `flagenv`. Use `.env` files locally (loaded by `godotenv/autoload`). Never commit `.env` files.
- **Assets must be built first**: JS/CSS assets are embedded into the Go binary. Always run `npm run assets` before `go test` or `go build`.
- **CEL expressions**: Policy rules support CEL (Common Expression Language) expressions for advanced matching. See `lib/policy/expressions/`.

3
README.md
View File

@@ -20,9 +20,6 @@ Anubis is brought to you by sponsors and donors like:
<a href="https://www.raptorcs.com/content/base/products.html"> <a href="https://www.raptorcs.com/content/base/products.html">
<img src="./docs/static/img/sponsors/raptor-computing-logo.webp" alt="Raptor Computing Systems" height=64 /> <img src="./docs/static/img/sponsors/raptor-computing-logo.webp" alt="Raptor Computing Systems" height=64 />
</a> </a>
<a href="https://databento.com/?utm_source=anubis&utm_medium=sponsor&utm_campaign=anubis">
<img src="./docs/static/img/sponsors/databento-logo.webp" alt="Databento" height="64" />
</a>
### Gold Tier ### Gold Tier

2
VERSION
View File

@@ -1 +1 @@
1.24.0 1.24.0-pre1

4
cmd/robots2policy/testdata/blacklist.yaml vendored
View File

@@ -25,6 +25,6 @@
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("Googlebot") - userAgent.contains("Googlebot")
- path.startsWith("/search") - path.startsWith("/search")
name: robots-txt-policy-disallow-7 name: robots-txt-policy-disallow-7

24
cmd/robots2policy/testdata/complex.yaml vendored
View File

@@ -20,8 +20,8 @@
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("Googlebot") - userAgent.contains("Googlebot")
- path.startsWith("/search/") - path.startsWith("/search/")
name: robots-txt-policy-disallow-6 name: robots-txt-policy-disallow-6
- action: WEIGH - action: WEIGH
expression: userAgent.contains("Bingbot") expression: userAgent.contains("Bingbot")
@@ -31,14 +31,14 @@
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("Bingbot") - userAgent.contains("Bingbot")
- path.startsWith("/search/") - path.startsWith("/search/")
name: robots-txt-policy-disallow-8 name: robots-txt-policy-disallow-8
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("Bingbot") - userAgent.contains("Bingbot")
- path.startsWith("/admin/") - path.startsWith("/admin/")
name: robots-txt-policy-disallow-9 name: robots-txt-policy-disallow-9
- action: DENY - action: DENY
expression: userAgent.contains("BadBot") expression: userAgent.contains("BadBot")
@@ -54,18 +54,18 @@
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("TestBot") - userAgent.contains("TestBot")
- path.matches("^/.*/admin") - path.matches("^/.*/admin")
name: robots-txt-policy-disallow-13 name: robots-txt-policy-disallow-13
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("TestBot") - userAgent.contains("TestBot")
- path.matches("^/temp.*\\.html") - path.matches("^/temp.*\\.html")
name: robots-txt-policy-disallow-14 name: robots-txt-policy-disallow-14
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("TestBot") - userAgent.contains("TestBot")
- path.matches("^/file.\\.log") - path.matches("^/file.\\.log")
name: robots-txt-policy-disallow-15 name: robots-txt-policy-disallow-15

26
cmd/robots2policy/testdata/consecutive.yaml vendored
View File

@@ -9,39 +9,39 @@
- action: DENY - action: DENY
expression: expression:
any: any:
- userAgent.contains("BadBot") - userAgent.contains("BadBot")
- userAgent.contains("SpamBot") - userAgent.contains("SpamBot")
- userAgent.contains("EvilBot") - userAgent.contains("EvilBot")
name: robots-txt-policy-blacklist-3 name: robots-txt-policy-blacklist-3
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("GoodBot") - userAgent.contains("GoodBot")
- path.startsWith("/private") - path.startsWith("/private")
name: robots-txt-policy-disallow-4 name: robots-txt-policy-disallow-4
- action: WEIGH - action: WEIGH
expression: expression:
any: any:
- userAgent.contains("SlowBot1") - userAgent.contains("SlowBot1")
- userAgent.contains("SlowBot2") - userAgent.contains("SlowBot2")
name: robots-txt-policy-crawl-delay-5 name: robots-txt-policy-crawl-delay-5
weight: weight:
adjust: 3 adjust: 3
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("SearchBot1") - userAgent.contains("SearchBot1")
- path.startsWith("/search") - path.startsWith("/search")
name: robots-txt-policy-disallow-7 name: robots-txt-policy-disallow-7
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("SearchBot2") - userAgent.contains("SearchBot2")
- path.startsWith("/search") - path.startsWith("/search")
name: robots-txt-policy-disallow-8 name: robots-txt-policy-disallow-8
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("SearchBot3") - userAgent.contains("SearchBot3")
- path.startsWith("/search") - path.startsWith("/search")
name: robots-txt-policy-disallow-9 name: robots-txt-policy-disallow-9

2
cmd/robots2policy/testdata/empty.yaml vendored
View File

@@ -1 +1 @@
[] []

2
cmd/robots2policy/testdata/simple.json vendored
View File

@@ -9,4 +9,4 @@
"name": "robots-txt-policy-disallow-2", "name": "robots-txt-policy-disallow-2",
"action": "CHALLENGE" "action": "CHALLENGE"
} }
] ]

4
data/apps/allow-api-routes.yaml
View File

@@ -2,5 +2,5 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- '!(method == "HEAD" || method == "GET")' - '!(method == "HEAD" || method == "GET")'
- path.startsWith("/api/") - path.startsWith("/api/")

2
data/apps/gitea-rss-feeds.yaml
View File

@@ -4,4 +4,4 @@
path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.atom$ path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.atom$
- name: gitea-feed-rss - name: gitea-feed-rss
action: ALLOW action: ALLOW
path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.rss$ path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.rss$

5
data/apps/qualys-ssl-labs.yml
View File

@@ -3,6 +3,5 @@
- name: qualys-ssl-labs - name: qualys-ssl-labs
action: ALLOW action: ALLOW
remote_addresses: remote_addresses:
- 69.67.183.0/24 - 64.41.200.0/24
- 2600:C02:1020:4202::/64 - 2600:C02:1020:4202::/64
- 2602:fdaa:c6:2::/64

4
data/apps/searx-checker.yml
View File

@@ -5,5 +5,5 @@
- name: searx-checker - name: searx-checker
action: ALLOW action: ALLOW
remote_addresses: remote_addresses:
- 167.235.158.251/32 - 167.235.158.251/32
- 2a01:4f8:1c1c:8fc2::1/128 - 2a01:4f8:1c1c:8fc2::1/128

44
data/botPolicies.yaml
View File

@@ -95,6 +95,50 @@ bots:
# weight: # weight:
# adjust: -10 # adjust: -10
# Assert behaviour that only genuine browsers display. This ensures that Chrome
# or Firefox versions
- name: realistic-browser-catchall
expression:
all:
- '"User-Agent" in headers'
- '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
- '"Accept" in headers'
- '"Sec-Fetch-Dest" in headers'
- '"Sec-Fetch-Mode" in headers'
- '"Sec-Fetch-Site" in headers'
- '"Accept-Encoding" in headers'
- '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
- '"Accept-Language" in headers'
action: WEIGH
weight:
adjust: -10
# The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
- name: upgrade-insecure-requests
expression: '"Upgrade-Insecure-Requests" in headers'
action: WEIGH
weight:
adjust: -2
# Chrome should behave like Chrome
- name: chrome-is-proper
expression:
all:
- userAgent.contains("Chrome")
- '"Sec-Ch-Ua" in headers'
- 'headers["Sec-Ch-Ua"].contains("Chromium")'
- '"Sec-Ch-Ua-Mobile" in headers'
- '"Sec-Ch-Ua-Platform" in headers'
action: WEIGH
weight:
adjust: -5
- name: should-have-accept
expression: '!("Accept" in headers)'
action: WEIGH
weight:
adjust: 5
# Generic catchall rule # Generic catchall rule
- name: generic-browser - name: generic-browser
user_agent_regex: >- user_agent_regex: >-

2
data/bots/headless-browsers.yaml
View File

@@ -6,4 +6,4 @@
action: DENY action: DENY
- name: headless-chromium - name: headless-chromium
user_agent_regex: HeadlessChromium user_agent_regex: HeadlessChromium
action: DENY action: DENY

8
data/bots/irc-bots/archlinux-phrik.yaml
View File

@@ -3,7 +3,7 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- remoteAddress == "159.69.213.214" || remoteAddress == "2a01:4f8:c2c:7bf4::1" - remoteAddress == "159.69.213.214" || remoteAddress == "2a01:4f8:c2c:7bf4::1"
- userAgent == "Mozilla/5.0 (compatible; utils.web Limnoria module)" - userAgent == "Mozilla/5.0 (compatible; utils.web Limnoria module)"
- '"X-Http-Version" in headers' - '"X-Http-Version" in headers'
- headers["X-Http-Version"] == "HTTP/1.1" - headers["X-Http-Version"] == "HTTP/1.1"

8
data/bots/irc-bots/gentoo-chat.yaml
View File

@@ -3,7 +3,7 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- remoteAddress == "45.76.166.57" - remoteAddress == "45.76.166.57"
- userAgent == "Mozilla/5.0 (Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0" - userAgent == "Mozilla/5.0 (Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0"
- '"X-Http-Version" in headers' - '"X-Http-Version" in headers'
- headers["X-Http-Version"] == "HTTP/1.1" - headers["X-Http-Version"] == "HTTP/1.1"

2
data/bots/us-ai-scraper.yaml
View File

@@ -1,3 +1,3 @@
- name: us-artificial-intelligence-scraper - name: us-artificial-intelligence-scraper
user_agent_regex: \+https\://github\.com/US-Artificial-Intelligence/scraper user_agent_regex: \+https\://github\.com/US-Artificial-Intelligence/scraper
action: DENY action: DENY

2
data/clients/ai.yaml
View File

@@ -4,5 +4,5 @@
# - Claude-User: No published IP allowlist # - Claude-User: No published IP allowlist
- name: "ai-clients" - name: "ai-clients"
user_agent_regex: >- user_agent_regex: >-
ChatGPT-User|Claude-User|MistralAI-User|Perplexity-User ChatGPT-User|Claude-User|MistralAI-User
action: DENY action: DENY

6
data/clients/go-get.yaml
View File

@@ -2,6 +2,6 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- userAgent.startsWith("Go-http-client/") - userAgent.startsWith("Go-http-client/")
- '"go-get" in query' - '"go-get" in query'
- query["go-get"] == "1" - query["go-get"] == "1"

5
data/clients/mistral-mistralai-user.yaml
View File

@@ -4,4 +4,7 @@
user_agent_regex: MistralAI-User/.+; \+https\://docs\.mistral\.ai/robots user_agent_regex: MistralAI-User/.+; \+https\://docs\.mistral\.ai/robots
action: ALLOW action: ALLOW
# https://mistral.ai/mistralai-user-ips.json # https://mistral.ai/mistralai-user-ips.json
remote_addresses: ["20.240.160.161/32", "20.240.160.1/32"] remote_addresses: [
"20.240.160.161/32",
"20.240.160.1/32",
]

173
data/clients/openai-chatgpt-user.yaml
View File

@@ -5,90 +5,89 @@
action: ALLOW action: ALLOW
# https://openai.com/chatgpt-user.json # https://openai.com/chatgpt-user.json
# curl 'https://openai.com/chatgpt-user.json' | jq '.prefixes.[].ipv4Prefix' | sed 's/$/,/' # curl 'https://openai.com/chatgpt-user.json' | jq '.prefixes.[].ipv4Prefix' | sed 's/$/,/'
remote_addresses: remote_addresses: [
[ "13.65.138.112/28",
"13.65.138.112/28", "23.98.179.16/28",
"23.98.179.16/28", "13.65.138.96/28",
"13.65.138.96/28", "172.183.222.128/28",
"172.183.222.128/28", "20.102.212.144/28",
"20.102.212.144/28", "40.116.73.208/28",
"40.116.73.208/28", "172.183.143.224/28",
"172.183.143.224/28", "52.190.190.16/28",
"52.190.190.16/28", "13.83.237.176/28",
"13.83.237.176/28", "51.8.155.64/28",
"51.8.155.64/28", "74.249.86.176/28",
"74.249.86.176/28", "51.8.155.48/28",
"51.8.155.48/28", "20.55.229.144/28",
"20.55.229.144/28", "135.237.131.208/28",
"135.237.131.208/28", "135.237.133.48/28",
"135.237.133.48/28", "51.8.155.112/28",
"51.8.155.112/28", "135.237.133.112/28",
"135.237.133.112/28", "52.159.249.96/28",
"52.159.249.96/28", "52.190.137.16/28",
"52.190.137.16/28", "52.255.111.112/28",
"52.255.111.112/28", "40.84.181.32/28",
"40.84.181.32/28", "172.178.141.112/28",
"172.178.141.112/28", "52.190.142.64/28",
"52.190.142.64/28", "172.178.140.144/28",
"172.178.140.144/28", "52.190.137.144/28",
"52.190.137.144/28", "172.178.141.128/28",
"172.178.141.128/28", "57.154.187.32/28",
"57.154.187.32/28", "4.196.118.112/28",
"4.196.118.112/28", "20.193.50.32/28",
"20.193.50.32/28", "20.215.188.192/28",
"20.215.188.192/28", "20.215.214.16/28",
"20.215.214.16/28", "4.197.22.112/28",
"4.197.22.112/28", "4.197.115.112/28",
"4.197.115.112/28", "172.213.21.16/28",
"172.213.21.16/28", "172.213.11.144/28",
"172.213.11.144/28", "172.213.12.112/28",
"172.213.12.112/28", "172.213.21.144/28",
"172.213.21.144/28", "20.90.7.144/28",
"20.90.7.144/28", "57.154.175.0/28",
"57.154.175.0/28", "57.154.174.112/28",
"57.154.174.112/28", "52.236.94.144/28",
"52.236.94.144/28", "137.135.191.176/28",
"137.135.191.176/28", "23.98.186.192/28",
"23.98.186.192/28", "23.98.186.96/28",
"23.98.186.96/28", "23.98.186.176/28",
"23.98.186.176/28", "23.98.186.64/28",
"23.98.186.64/28", "68.221.67.192/28",
"68.221.67.192/28", "68.221.67.160/28",
"68.221.67.160/28", "13.83.167.128/28",
"13.83.167.128/28", "20.228.106.176/28",
"20.228.106.176/28", "52.159.227.32/28",
"52.159.227.32/28", "68.220.57.64/28",
"68.220.57.64/28", "172.213.21.112/28",
"172.213.21.112/28", "68.221.67.224/28",
"68.221.67.224/28", "68.221.75.16/28",
"68.221.75.16/28", "20.97.189.96/28",
"20.97.189.96/28", "52.252.113.240/28",
"52.252.113.240/28", "52.230.163.32/28",
"52.230.163.32/28", "172.212.159.64/28",
"172.212.159.64/28", "52.255.111.80/28",
"52.255.111.80/28", "52.255.111.0/28",
"52.255.111.0/28", "4.151.241.240/28",
"4.151.241.240/28", "52.255.111.32/28",
"52.255.111.32/28", "52.255.111.48/28",
"52.255.111.48/28", "52.255.111.16/28",
"52.255.111.16/28", "52.230.164.176/28",
"52.230.164.176/28", "52.176.139.176/28",
"52.176.139.176/28", "52.173.234.16/28",
"52.173.234.16/28", "4.151.71.176/28",
"4.151.71.176/28", "4.151.119.48/28",
"4.151.119.48/28", "52.255.109.112/28",
"52.255.109.112/28", "52.255.109.80/28",
"52.255.109.80/28", "20.161.75.208/28",
"20.161.75.208/28", "68.154.28.96/28",
"68.154.28.96/28", "52.255.109.128/28",
"52.255.109.128/28", "52.225.75.208/28",
"52.225.75.208/28", "52.190.139.48/28",
"52.190.139.48/28", "68.221.67.240/28",
"68.221.67.240/28", "52.156.77.144/28",
"52.156.77.144/28", "52.148.129.32/28",
"52.148.129.32/28", "40.84.221.208/28",
"40.84.221.208/28", "104.210.139.224/28",
"104.210.139.224/28", "40.84.221.224/28",
"40.84.221.224/28", "104.210.139.192/28",
"104.210.139.192/28", ]
]

8
data/clients/perplexity-user.yaml
View File

@@ -1,8 +0,0 @@
# Acts on behalf of user requests
# https://docs.perplexity.ai/guides/bots
- name: perplexity-user
user_agent_regex: Perplexity-User/.+; \+https\://perplexity\.ai/perplexity-user
action: ALLOW
# https://www.perplexity.com/perplexity-user.json
remote_addresses:
["44.208.221.197/32", "34.193.163.52/32", "18.97.21.0/30", "18.97.43.80/29"]

12
data/clients/telegram-preview.yaml
View File

@@ -1,6 +1,6 @@
- name: telegrambot - name: telegrambot
action: ALLOW action: ALLOW
expression: expression:
all: all:
- userAgent.matches("TelegramBot") - userAgent.matches("TelegramBot")
- verifyFCrDNS(remoteAddress, "ptr\\.telegram\\.org$") - verifyFCrDNS(remoteAddress, "ptr\\.telegram\\.org$")

12
data/clients/vk-preview.yaml
View File

@@ -1,6 +1,6 @@
- name: vkbot - name: vkbot
action: ALLOW action: ALLOW
expression: expression:
all: all:
- userAgent.matches("vkShare[^+]+\\+http\\://vk\\.com/dev/Share") - userAgent.matches("vkShare[^+]+\\+http\\://vk\\.com/dev/Share")
- verifyFCrDNS(remoteAddress, "^snipster\\d+\\.go\\.mail\\.ru$") - verifyFCrDNS(remoteAddress, "^snipster\\d+\\.go\\.mail\\.ru$")

55
data/common/acts-like-browser.yaml
View File

@@ -1,55 +0,0 @@
# Assert behaviour that only genuine browsers display. This ensures that modern Chrome
# or Firefox versions will get through without a challenge.
#
# These rules have been known to be bypassed by some of the worst automated scrapers.
# Use at your own risk.
- name: realistic-browser-catchall
expression:
all:
- '"User-Agent" in headers'
- '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
- '"Accept" in headers'
- '"Sec-Fetch-Dest" in headers'
- '"Sec-Fetch-Mode" in headers'
- '"Sec-Fetch-Site" in headers'
- '"Accept-Encoding" in headers'
- '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
- '"Accept-Language" in headers'
action: WEIGH
weight:
adjust: -10
# The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
- name: upgrade-insecure-requests
expression: '"Upgrade-Insecure-Requests" in headers'
action: WEIGH
weight:
adjust: -2
# Chrome should behave like Chrome
- name: chrome-is-proper
expression:
all:
- userAgent.contains("Chrome")
- '"Sec-Ch-Ua" in headers'
- 'headers["Sec-Ch-Ua"].contains("Chromium")'
- '"Sec-Ch-Ua-Mobile" in headers'
- '"Sec-Ch-Ua-Platform" in headers'
action: WEIGH
weight:
adjust: -5
- name: should-have-accept
expression: '!("Accept" in headers)'
action: WEIGH
weight:
adjust: 5
# Generic catchall rule
- name: generic-browser
user_agent_regex: >-
Mozilla|Opera
action: WEIGH
weight:
adjust: 10

4
data/common/allow-api-like.yaml
View File

@@ -2,5 +2,5 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- '!(method == "HEAD" || method == "GET")' - '!(method == "HEAD" || method == "GET")'
- path.startsWith("/api/") - path.startsWith("/api/")

2
data/common/json-api.yaml
View File

@@ -4,4 +4,4 @@
all: all:
- '"Accept" in headers' - '"Accept" in headers'
- 'headers["Accept"] == "application/json"' - 'headers["Accept"] == "application/json"'
- 'path.startsWith("/api/")' - 'path.startsWith("/api/")'

2
data/common/rfc-violations.yaml
View File

@@ -1,3 +1,3 @@
- name: no-user-agent-string - name: no-user-agent-string
action: DENY action: DENY
expression: userAgent == "" expression: userAgent == ""

2
data/crawlers/ai-search.yaml
View File

@@ -4,5 +4,5 @@
# - Claude-SearchBot: No published IP allowlist # - Claude-SearchBot: No published IP allowlist
- name: "ai-crawlers-search" - name: "ai-crawlers-search"
user_agent_regex: >- user_agent_regex: >-
OAI-SearchBot|Claude-SearchBot|PerplexityBot OAI-SearchBot|Claude-SearchBot
action: DENY action: DENY

29
data/crawlers/applebot.yaml
View File

@@ -4,18 +4,17 @@
user_agent_regex: Applebot user_agent_regex: Applebot
action: ALLOW action: ALLOW
# https://search.developer.apple.com/applebot.json # https://search.developer.apple.com/applebot.json
remote_addresses: remote_addresses: [
[ "17.241.208.160/27",
"17.241.208.160/27", "17.241.193.160/27",
"17.241.193.160/27", "17.241.200.160/27",
"17.241.200.160/27", "17.22.237.0/24",
"17.22.237.0/24", "17.22.245.0/24",
"17.22.245.0/24", "17.22.253.0/24",
"17.22.253.0/24", "17.241.75.0/24",
"17.241.75.0/24", "17.241.219.0/24",
"17.241.219.0/24", "17.241.227.0/24",
"17.241.227.0/24", "17.246.15.0/24",
"17.246.15.0/24", "17.246.19.0/24",
"17.246.19.0/24", "17.246.23.0/24",
"17.246.23.0/24", ]
]

61
data/crawlers/bingbot.yaml
View File

@@ -2,34 +2,33 @@
user_agent_regex: \+http\://www\.bing\.com/bingbot\.htm user_agent_regex: \+http\://www\.bing\.com/bingbot\.htm
action: ALLOW action: ALLOW
# https://www.bing.com/toolbox/bingbot.json # https://www.bing.com/toolbox/bingbot.json
remote_addresses: remote_addresses: [
[ "157.55.39.0/24",
"157.55.39.0/24", "207.46.13.0/24",
"207.46.13.0/24", "40.77.167.0/24",
"40.77.167.0/24", "13.66.139.0/24",
"13.66.139.0/24", "13.66.144.0/24",
"13.66.144.0/24", "52.167.144.0/24",
"52.167.144.0/24", "13.67.10.16/28",
"13.67.10.16/28", "13.69.66.240/28",
"13.69.66.240/28", "13.71.172.224/28",
"13.71.172.224/28", "139.217.52.0/28",
"139.217.52.0/28", "191.233.204.224/28",
"191.233.204.224/28", "20.36.108.32/28",
"20.36.108.32/28", "20.43.120.16/28",
"20.43.120.16/28", "40.79.131.208/28",
"40.79.131.208/28", "40.79.186.176/28",
"40.79.186.176/28", "52.231.148.0/28",
"52.231.148.0/28", "20.79.107.240/28",
"20.79.107.240/28", "51.105.67.0/28",
"51.105.67.0/28", "20.125.163.80/28",
"20.125.163.80/28", "40.77.188.0/22",
"40.77.188.0/22", "65.55.210.0/24",
"65.55.210.0/24", "199.30.24.0/23",
"199.30.24.0/23", "40.77.202.0/24",
"40.77.202.0/24", "40.77.139.0/25",
"40.77.139.0/25", "20.74.197.0/28",
"20.74.197.0/28", "20.15.133.160/27",
"20.15.133.160/27", "40.77.177.0/24",
"40.77.177.0/24", "40.77.178.0/23"
"40.77.178.0/23", ]
]

543
data/crawlers/duckduckbot.yaml
View File

@@ -2,275 +2,274 @@
user_agent_regex: DuckDuckBot/1\.1; \(\+http\://duckduckgo\.com/duckduckbot\.html\) user_agent_regex: DuckDuckBot/1\.1; \(\+http\://duckduckgo\.com/duckduckbot\.html\)
action: ALLOW action: ALLOW
# https://duckduckgo.com/duckduckgo-help-pages/results/duckduckbot # https://duckduckgo.com/duckduckgo-help-pages/results/duckduckbot
remote_addresses: remote_addresses: [
[ "57.152.72.128/32",
"57.152.72.128/32", "51.8.253.152/32",
"51.8.253.152/32", "40.80.242.63/32",
"40.80.242.63/32", "20.12.141.99/32",
"20.12.141.99/32", "20.49.136.28/32",
"20.49.136.28/32", "51.116.131.221/32",
"51.116.131.221/32", "51.107.40.209/32",
"51.107.40.209/32", "20.40.133.240/32",
"20.40.133.240/32", "20.50.168.91/32",
"20.50.168.91/32", "51.120.48.122/32",
"51.120.48.122/32", "20.193.45.113/32",
"20.193.45.113/32", "40.76.173.151/32",
"40.76.173.151/32", "40.76.163.7/32",
"40.76.163.7/32", "20.185.79.47/32",
"20.185.79.47/32", "52.142.26.175/32",
"52.142.26.175/32", "20.185.79.15/32",
"20.185.79.15/32", "52.142.24.149/32",
"52.142.24.149/32", "40.76.162.208/32",
"40.76.162.208/32", "40.76.163.23/32",
"40.76.163.23/32", "40.76.162.191/32",
"40.76.162.191/32", "40.76.162.247/32",
"40.76.162.247/32", "40.88.21.235/32",
"40.88.21.235/32", "20.191.45.212/32",
"20.191.45.212/32", "52.146.59.12/32",
"52.146.59.12/32", "52.146.59.156/32",
"52.146.59.156/32", "52.146.59.154/32",
"52.146.59.154/32", "52.146.58.236/32",
"52.146.58.236/32", "20.62.224.44/32",
"20.62.224.44/32", "51.104.180.53/32",
"51.104.180.53/32", "51.104.180.47/32",
"51.104.180.47/32", "51.104.180.26/32",
"51.104.180.26/32", "51.104.146.225/32",
"51.104.146.225/32", "51.104.146.235/32",
"51.104.146.235/32", "20.73.202.147/32",
"20.73.202.147/32", "20.73.132.240/32",
"20.73.132.240/32", "20.71.12.143/32",
"20.71.12.143/32", "20.56.197.58/32",
"20.56.197.58/32", "20.56.197.63/32",
"20.56.197.63/32", "20.43.150.93/32",
"20.43.150.93/32", "20.43.150.85/32",
"20.43.150.85/32", "20.44.222.1/32",
"20.44.222.1/32", "40.89.243.175/32",
"40.89.243.175/32", "13.89.106.77/32",
"13.89.106.77/32", "52.143.242.6/32",
"52.143.242.6/32", "52.143.241.111/32",
"52.143.241.111/32", "52.154.60.82/32",
"52.154.60.82/32", "20.197.209.11/32",
"20.197.209.11/32", "20.197.209.27/32",
"20.197.209.27/32", "20.226.133.105/32",
"20.226.133.105/32", "191.234.216.4/32",
"191.234.216.4/32", "191.234.216.178/32",
"191.234.216.178/32", "20.53.92.211/32",
"20.53.92.211/32", "20.53.91.2/32",
"20.53.91.2/32", "20.207.99.197/32",
"20.207.99.197/32", "20.207.97.190/32",
"20.207.97.190/32", "40.81.250.205/32",
"40.81.250.205/32", "40.64.106.11/32",
"40.64.106.11/32", "40.64.105.247/32",
"40.64.105.247/32", "20.72.242.93/32",
"20.72.242.93/32", "20.99.255.235/32",
"20.99.255.235/32", "20.113.3.121/32",
"20.113.3.121/32", "52.224.16.221/32",
"52.224.16.221/32", "52.224.21.53/32",
"52.224.21.53/32", "52.224.20.204/32",
"52.224.20.204/32", "52.224.21.19/32",
"52.224.21.19/32", "52.224.20.249/32",
"52.224.20.249/32", "52.224.20.203/32",
"52.224.20.203/32", "52.224.20.190/32",
"52.224.20.190/32", "52.224.16.229/32",
"52.224.16.229/32", "52.224.21.20/32",
"52.224.21.20/32", "52.146.63.80/32",
"52.146.63.80/32", "52.224.20.227/32",
"52.224.20.227/32", "52.224.20.193/32",
"52.224.20.193/32", "52.190.37.160/32",
"52.190.37.160/32", "52.224.21.23/32",
"52.224.21.23/32", "52.224.20.223/32",
"52.224.20.223/32", "52.224.20.181/32",
"52.224.20.181/32", "52.224.21.49/32",
"52.224.21.49/32", "52.224.21.55/32",
"52.224.21.55/32", "52.224.21.61/32",
"52.224.21.61/32", "52.224.19.152/32",
"52.224.19.152/32", "52.224.20.186/32",
"52.224.20.186/32", "52.224.21.27/32",
"52.224.21.27/32", "52.224.21.51/32",
"52.224.21.51/32", "52.224.20.174/32",
"52.224.20.174/32", "52.224.21.4/32",
"52.224.21.4/32", "51.104.164.109/32",
"51.104.164.109/32", "51.104.167.71/32",
"51.104.167.71/32", "51.104.160.177/32",
"51.104.160.177/32", "51.104.162.149/32",
"51.104.162.149/32", "51.104.167.95/32",
"51.104.167.95/32", "51.104.167.54/32",
"51.104.167.54/32", "51.104.166.111/32",
"51.104.166.111/32", "51.104.167.88/32",
"51.104.167.88/32", "51.104.161.32/32",
"51.104.161.32/32", "51.104.163.250/32",
"51.104.163.250/32", "51.104.164.189/32",
"51.104.164.189/32", "51.104.167.19/32",
"51.104.167.19/32", "51.104.160.167/32",
"51.104.160.167/32", "51.104.167.110/32",
"51.104.167.110/32", "20.191.44.119/32",
"20.191.44.119/32", "51.104.167.104/32",
"51.104.167.104/32", "20.191.44.234/32",
"20.191.44.234/32", "51.104.164.215/32",
"51.104.164.215/32", "51.104.167.52/32",
"51.104.167.52/32", "20.191.44.22/32",
"20.191.44.22/32", "51.104.167.87/32",
"51.104.167.87/32", "51.104.167.96/32",
"51.104.167.96/32", "20.191.44.16/32",
"20.191.44.16/32", "51.104.167.61/32",
"51.104.167.61/32", "51.104.164.147/32",
"51.104.164.147/32", "20.50.48.159/32",
"20.50.48.159/32", "40.114.182.172/32",
"40.114.182.172/32", "20.50.50.130/32",
"20.50.50.130/32", "20.50.50.163/32",
"20.50.50.163/32", "20.50.50.46/32",
"20.50.50.46/32", "40.114.182.153/32",
"40.114.182.153/32", "20.50.50.118/32",
"20.50.50.118/32", "20.50.49.55/32",
"20.50.49.55/32", "20.50.49.25/32",
"20.50.49.25/32", "40.114.183.251/32",
"40.114.183.251/32", "20.50.50.123/32",
"20.50.50.123/32", "20.50.49.237/32",
"20.50.49.237/32", "20.50.48.192/32",
"20.50.48.192/32", "20.50.50.134/32",
"20.50.50.134/32", "51.138.90.233/32",
"51.138.90.233/32", "40.114.183.196/32",
"40.114.183.196/32", "20.50.50.146/32",
"20.50.50.146/32", "40.114.183.88/32",
"40.114.183.88/32", "20.50.50.145/32",
"20.50.50.145/32", "20.50.50.121/32",
"20.50.50.121/32", "20.50.49.40/32",
"20.50.49.40/32", "51.138.90.206/32",
"51.138.90.206/32", "40.114.182.45/32",
"40.114.182.45/32", "51.138.90.161/32",
"51.138.90.161/32", "20.50.49.0/32",
"20.50.49.0/32", "40.119.232.215/32",
"40.119.232.215/32", "104.43.55.167/32",
"104.43.55.167/32", "40.119.232.251/32",
"40.119.232.251/32", "40.119.232.50/32",
"40.119.232.50/32", "40.119.232.146/32",
"40.119.232.146/32", "40.119.232.218/32",
"40.119.232.218/32", "104.43.54.127/32",
"104.43.54.127/32", "104.43.55.117/32",
"104.43.55.117/32", "104.43.55.116/32",
"104.43.55.116/32", "104.43.55.166/32",
"104.43.55.166/32", "52.154.169.50/32",
"52.154.169.50/32", "52.154.171.70/32",
"52.154.171.70/32", "52.154.170.229/32",
"52.154.170.229/32", "52.154.170.113/32",
"52.154.170.113/32", "52.154.171.44/32",
"52.154.171.44/32", "52.154.172.2/32",
"52.154.172.2/32", "52.143.244.81/32",
"52.143.244.81/32", "52.154.171.87/32",
"52.154.171.87/32", "52.154.171.250/32",
"52.154.171.250/32", "52.154.170.28/32",
"52.154.170.28/32", "52.154.170.122/32",
"52.154.170.122/32", "52.143.243.117/32",
"52.143.243.117/32", "52.143.247.235/32",
"52.143.247.235/32", "52.154.171.235/32",
"52.154.171.235/32", "52.154.171.196/32",
"52.154.171.196/32", "52.154.171.0/32",
"52.154.171.0/32", "52.154.170.243/32",
"52.154.170.243/32", "52.154.170.26/32",
"52.154.170.26/32", "52.154.169.200/32",
"52.154.169.200/32", "52.154.170.96/32",
"52.154.170.96/32", "52.154.170.88/32",
"52.154.170.88/32", "52.154.171.150/32",
"52.154.171.150/32", "52.154.171.205/32",
"52.154.171.205/32", "52.154.170.117/32",
"52.154.170.117/32", "52.154.170.209/32",
"52.154.170.209/32", "191.235.202.48/32",
"191.235.202.48/32", "191.233.3.202/32",
"191.233.3.202/32", "191.235.201.214/32",
"191.235.201.214/32", "191.233.3.197/32",
"191.233.3.197/32", "191.235.202.38/32",
"191.235.202.38/32", "20.53.78.144/32",
"20.53.78.144/32", "20.193.24.10/32",
"20.193.24.10/32", "20.53.78.236/32",
"20.53.78.236/32", "20.53.78.138/32",
"20.53.78.138/32", "20.53.78.123/32",
"20.53.78.123/32", "20.53.78.106/32",
"20.53.78.106/32", "20.193.27.215/32",
"20.193.27.215/32", "20.193.25.197/32",
"20.193.25.197/32", "20.193.12.126/32",
"20.193.12.126/32", "20.193.24.251/32",
"20.193.24.251/32", "20.204.242.101/32",
"20.204.242.101/32", "20.207.72.113/32",
"20.207.72.113/32", "20.204.242.19/32",
"20.204.242.19/32", "20.219.45.67/32",
"20.219.45.67/32", "20.207.72.11/32",
"20.207.72.11/32", "20.219.45.190/32",
"20.219.45.190/32", "20.204.243.55/32",
"20.204.243.55/32", "20.204.241.148/32",
"20.204.241.148/32", "20.207.72.110/32",
"20.207.72.110/32", "20.204.240.172/32",
"20.204.240.172/32", "20.207.72.21/32",
"20.207.72.21/32", "20.204.246.81/32",
"20.204.246.81/32", "20.207.107.181/32",
"20.207.107.181/32", "20.204.246.254/32",
"20.204.246.254/32", "20.219.43.246/32",
"20.219.43.246/32", "52.149.25.43/32",
"52.149.25.43/32", "52.149.61.51/32",
"52.149.61.51/32", "52.149.58.139/32",
"52.149.58.139/32", "52.149.60.38/32",
"52.149.60.38/32", "52.148.165.38/32",
"52.148.165.38/32", "52.143.95.162/32",
"52.143.95.162/32", "52.149.56.151/32",
"52.149.56.151/32", "52.149.30.45/32",
"52.149.30.45/32", "52.149.58.173/32",
"52.149.58.173/32", "52.143.95.204/32",
"52.143.95.204/32", "52.149.28.83/32",
"52.149.28.83/32", "52.149.58.69/32",
"52.149.58.69/32", "52.148.161.87/32",
"52.148.161.87/32", "52.149.58.27/32",
"52.149.58.27/32", "52.149.28.18/32",
"52.149.28.18/32", "20.79.226.26/32",
"20.79.226.26/32", "20.79.239.66/32",
"20.79.239.66/32", "20.79.238.198/32",
"20.79.238.198/32", "20.113.14.159/32",
"20.113.14.159/32", "20.75.144.152/32",
"20.75.144.152/32", "20.43.172.120/32",
"20.43.172.120/32", "20.53.134.160/32",
"20.53.134.160/32", "20.201.15.208/32",
"20.201.15.208/32", "20.93.28.24/32",
"20.93.28.24/32", "20.61.34.40/32",
"20.61.34.40/32", "52.242.224.168/32",
"52.242.224.168/32", "20.80.129.80/32",
"20.80.129.80/32", "20.195.108.47/32",
"20.195.108.47/32", "4.195.133.120/32",
"4.195.133.120/32", "4.228.76.163/32",
"4.228.76.163/32", "4.182.131.108/32",
"4.182.131.108/32", "4.209.224.56/32",
"4.209.224.56/32", "108.141.83.74/32",
"108.141.83.74/32", "4.213.46.14/32",
"4.213.46.14/32", "172.169.17.165/32",
"172.169.17.165/32", "51.8.71.117/32",
"51.8.71.117/32", "20.3.1.178/32",
"20.3.1.178/32", "52.149.56.151/32",
"52.149.56.151/32", "52.149.30.45/32",
"52.149.30.45/32", "52.149.58.173/32",
"52.149.58.173/32", "52.143.95.204/32",
"52.143.95.204/32", "52.149.28.83/32",
"52.149.28.83/32", "52.149.58.69/32",
"52.149.58.69/32", "52.148.161.87/32",
"52.148.161.87/32", "52.149.58.27/32",
"52.149.58.27/32", "52.149.28.18/32",
"52.149.28.18/32", "20.79.226.26/32",
"20.79.226.26/32", "20.79.239.66/32",
"20.79.239.66/32", "20.79.238.198/32",
"20.79.238.198/32", "20.113.14.159/32",
"20.113.14.159/32", "20.75.144.152/32",
"20.75.144.152/32", "20.43.172.120/32",
"20.43.172.120/32", "20.53.134.160/32",
"20.53.134.160/32", "20.201.15.208/32",
"20.201.15.208/32", "20.93.28.24/32",
"20.93.28.24/32", "20.61.34.40/32",
"20.61.34.40/32", "52.242.224.168/32",
"52.242.224.168/32", "20.80.129.80/32",
"20.80.129.80/32", "20.195.108.47/32",
"20.195.108.47/32", "4.195.133.120/32",
"4.195.133.120/32", "4.228.76.163/32",
"4.228.76.163/32", "4.182.131.108/32",
"4.182.131.108/32", "4.209.224.56/32",
"4.209.224.56/32", "108.141.83.74/32",
"108.141.83.74/32", "4.213.46.14/32",
"4.213.46.14/32", "172.169.17.165/32",
"172.169.17.165/32", "51.8.71.117/32",
"51.8.71.117/32", "20.3.1.178/32"
"20.3.1.178/32", ]
]

519
data/crawlers/googlebot.yaml
View File

@@ -2,263 +2,262 @@
user_agent_regex: \+http\://www\.google\.com/bot\.html user_agent_regex: \+http\://www\.google\.com/bot\.html
action: ALLOW action: ALLOW
# https://developers.google.com/static/search/apis/ipranges/googlebot.json # https://developers.google.com/static/search/apis/ipranges/googlebot.json
remote_addresses: remote_addresses: [
[ "2001:4860:4801:10::/64",
"2001:4860:4801:10::/64", "2001:4860:4801:11::/64",
"2001:4860:4801:11::/64", "2001:4860:4801:12::/64",
"2001:4860:4801:12::/64", "2001:4860:4801:13::/64",
"2001:4860:4801:13::/64", "2001:4860:4801:14::/64",
"2001:4860:4801:14::/64", "2001:4860:4801:15::/64",
"2001:4860:4801:15::/64", "2001:4860:4801:16::/64",
"2001:4860:4801:16::/64", "2001:4860:4801:17::/64",
"2001:4860:4801:17::/64", "2001:4860:4801:18::/64",
"2001:4860:4801:18::/64", "2001:4860:4801:19::/64",
"2001:4860:4801:19::/64", "2001:4860:4801:1a::/64",
"2001:4860:4801:1a::/64", "2001:4860:4801:1b::/64",
"2001:4860:4801:1b::/64", "2001:4860:4801:1c::/64",
"2001:4860:4801:1c::/64", "2001:4860:4801:1d::/64",
"2001:4860:4801:1d::/64", "2001:4860:4801:1e::/64",
"2001:4860:4801:1e::/64", "2001:4860:4801:1f::/64",
"2001:4860:4801:1f::/64", "2001:4860:4801:20::/64",
"2001:4860:4801:20::/64", "2001:4860:4801:21::/64",
"2001:4860:4801:21::/64", "2001:4860:4801:22::/64",
"2001:4860:4801:22::/64", "2001:4860:4801:23::/64",
"2001:4860:4801:23::/64", "2001:4860:4801:24::/64",
"2001:4860:4801:24::/64", "2001:4860:4801:25::/64",
"2001:4860:4801:25::/64", "2001:4860:4801:26::/64",
"2001:4860:4801:26::/64", "2001:4860:4801:27::/64",
"2001:4860:4801:27::/64", "2001:4860:4801:28::/64",
"2001:4860:4801:28::/64", "2001:4860:4801:29::/64",
"2001:4860:4801:29::/64", "2001:4860:4801:2::/64",
"2001:4860:4801:2::/64", "2001:4860:4801:2a::/64",
"2001:4860:4801:2a::/64", "2001:4860:4801:2b::/64",
"2001:4860:4801:2b::/64", "2001:4860:4801:2c::/64",
"2001:4860:4801:2c::/64", "2001:4860:4801:2d::/64",
"2001:4860:4801:2d::/64", "2001:4860:4801:2e::/64",
"2001:4860:4801:2e::/64", "2001:4860:4801:2f::/64",
"2001:4860:4801:2f::/64", "2001:4860:4801:31::/64",
"2001:4860:4801:31::/64", "2001:4860:4801:32::/64",
"2001:4860:4801:32::/64", "2001:4860:4801:33::/64",
"2001:4860:4801:33::/64", "2001:4860:4801:34::/64",
"2001:4860:4801:34::/64", "2001:4860:4801:35::/64",
"2001:4860:4801:35::/64", "2001:4860:4801:36::/64",
"2001:4860:4801:36::/64", "2001:4860:4801:37::/64",
"2001:4860:4801:37::/64", "2001:4860:4801:38::/64",
"2001:4860:4801:38::/64", "2001:4860:4801:39::/64",
"2001:4860:4801:39::/64", "2001:4860:4801:3a::/64",
"2001:4860:4801:3a::/64", "2001:4860:4801:3b::/64",
"2001:4860:4801:3b::/64", "2001:4860:4801:3c::/64",
"2001:4860:4801:3c::/64", "2001:4860:4801:3d::/64",
"2001:4860:4801:3d::/64", "2001:4860:4801:3e::/64",
"2001:4860:4801:3e::/64", "2001:4860:4801:40::/64",
"2001:4860:4801:40::/64", "2001:4860:4801:41::/64",
"2001:4860:4801:41::/64", "2001:4860:4801:42::/64",
"2001:4860:4801:42::/64", "2001:4860:4801:43::/64",
"2001:4860:4801:43::/64", "2001:4860:4801:44::/64",
"2001:4860:4801:44::/64", "2001:4860:4801:45::/64",
"2001:4860:4801:45::/64", "2001:4860:4801:46::/64",
"2001:4860:4801:46::/64", "2001:4860:4801:47::/64",
"2001:4860:4801:47::/64", "2001:4860:4801:48::/64",
"2001:4860:4801:48::/64", "2001:4860:4801:49::/64",
"2001:4860:4801:49::/64", "2001:4860:4801:4a::/64",
"2001:4860:4801:4a::/64", "2001:4860:4801:4b::/64",
"2001:4860:4801:4b::/64", "2001:4860:4801:4c::/64",
"2001:4860:4801:4c::/64", "2001:4860:4801:50::/64",
"2001:4860:4801:50::/64", "2001:4860:4801:51::/64",
"2001:4860:4801:51::/64", "2001:4860:4801:52::/64",
"2001:4860:4801:52::/64", "2001:4860:4801:53::/64",
"2001:4860:4801:53::/64", "2001:4860:4801:54::/64",
"2001:4860:4801:54::/64", "2001:4860:4801:55::/64",
"2001:4860:4801:55::/64", "2001:4860:4801:56::/64",
"2001:4860:4801:56::/64", "2001:4860:4801:60::/64",
"2001:4860:4801:60::/64", "2001:4860:4801:61::/64",
"2001:4860:4801:61::/64", "2001:4860:4801:62::/64",
"2001:4860:4801:62::/64", "2001:4860:4801:63::/64",
"2001:4860:4801:63::/64", "2001:4860:4801:64::/64",
"2001:4860:4801:64::/64", "2001:4860:4801:65::/64",
"2001:4860:4801:65::/64", "2001:4860:4801:66::/64",
"2001:4860:4801:66::/64", "2001:4860:4801:67::/64",
"2001:4860:4801:67::/64", "2001:4860:4801:68::/64",
"2001:4860:4801:68::/64", "2001:4860:4801:69::/64",
"2001:4860:4801:69::/64", "2001:4860:4801:6a::/64",
"2001:4860:4801:6a::/64", "2001:4860:4801:6b::/64",
"2001:4860:4801:6b::/64", "2001:4860:4801:6c::/64",
"2001:4860:4801:6c::/64", "2001:4860:4801:6d::/64",
"2001:4860:4801:6d::/64", "2001:4860:4801:6e::/64",
"2001:4860:4801:6e::/64", "2001:4860:4801:6f::/64",
"2001:4860:4801:6f::/64", "2001:4860:4801:70::/64",
"2001:4860:4801:70::/64", "2001:4860:4801:71::/64",
"2001:4860:4801:71::/64", "2001:4860:4801:72::/64",
"2001:4860:4801:72::/64", "2001:4860:4801:73::/64",
"2001:4860:4801:73::/64", "2001:4860:4801:74::/64",
"2001:4860:4801:74::/64", "2001:4860:4801:75::/64",
"2001:4860:4801:75::/64", "2001:4860:4801:76::/64",
"2001:4860:4801:76::/64", "2001:4860:4801:77::/64",
"2001:4860:4801:77::/64", "2001:4860:4801:78::/64",
"2001:4860:4801:78::/64", "2001:4860:4801:79::/64",
"2001:4860:4801:79::/64", "2001:4860:4801:80::/64",
"2001:4860:4801:80::/64", "2001:4860:4801:81::/64",
"2001:4860:4801:81::/64", "2001:4860:4801:82::/64",
"2001:4860:4801:82::/64", "2001:4860:4801:83::/64",
"2001:4860:4801:83::/64", "2001:4860:4801:84::/64",
"2001:4860:4801:84::/64", "2001:4860:4801:85::/64",
"2001:4860:4801:85::/64", "2001:4860:4801:86::/64",
"2001:4860:4801:86::/64", "2001:4860:4801:87::/64",
"2001:4860:4801:87::/64", "2001:4860:4801:88::/64",
"2001:4860:4801:88::/64", "2001:4860:4801:90::/64",
"2001:4860:4801:90::/64", "2001:4860:4801:91::/64",
"2001:4860:4801:91::/64", "2001:4860:4801:92::/64",
"2001:4860:4801:92::/64", "2001:4860:4801:93::/64",
"2001:4860:4801:93::/64", "2001:4860:4801:94::/64",
"2001:4860:4801:94::/64", "2001:4860:4801:95::/64",
"2001:4860:4801:95::/64", "2001:4860:4801:96::/64",
"2001:4860:4801:96::/64", "2001:4860:4801:a0::/64",
"2001:4860:4801:a0::/64", "2001:4860:4801:a1::/64",
"2001:4860:4801:a1::/64", "2001:4860:4801:a2::/64",
"2001:4860:4801:a2::/64", "2001:4860:4801:a3::/64",
"2001:4860:4801:a3::/64", "2001:4860:4801:a4::/64",
"2001:4860:4801:a4::/64", "2001:4860:4801:a5::/64",
"2001:4860:4801:a5::/64", "2001:4860:4801:c::/64",
"2001:4860:4801:c::/64", "2001:4860:4801:f::/64",
"2001:4860:4801:f::/64", "192.178.5.0/27",
"192.178.5.0/27", "192.178.6.0/27",
"192.178.6.0/27", "192.178.6.128/27",
"192.178.6.128/27", "192.178.6.160/27",
"192.178.6.160/27", "192.178.6.192/27",
"192.178.6.192/27", "192.178.6.32/27",
"192.178.6.32/27", "192.178.6.64/27",
"192.178.6.64/27", "192.178.6.96/27",
"192.178.6.96/27", "34.100.182.96/28",
"34.100.182.96/28", "34.101.50.144/28",
"34.101.50.144/28", "34.118.254.0/28",
"34.118.254.0/28", "34.118.66.0/28",
"34.118.66.0/28", "34.126.178.96/28",
"34.126.178.96/28", "34.146.150.144/28",
"34.146.150.144/28", "34.147.110.144/28",
"34.147.110.144/28", "34.151.74.144/28",
"34.151.74.144/28", "34.152.50.64/28",
"34.152.50.64/28", "34.154.114.144/28",
"34.154.114.144/28", "34.155.98.32/28",
"34.155.98.32/28", "34.165.18.176/28",
"34.165.18.176/28", "34.175.160.64/28",
"34.175.160.64/28", "34.176.130.16/28",
"34.176.130.16/28", "34.22.85.0/27",
"34.22.85.0/27", "34.64.82.64/28",
"34.64.82.64/28", "34.65.242.112/28",
"34.65.242.112/28", "34.80.50.80/28",
"34.80.50.80/28", "34.88.194.0/28",
"34.88.194.0/28", "34.89.10.80/28",
"34.89.10.80/28", "34.89.198.80/28",
"34.89.198.80/28", "34.96.162.48/28",
"34.96.162.48/28", "35.247.243.240/28",
"35.247.243.240/28", "66.249.64.0/27",
"66.249.64.0/27", "66.249.64.128/27",
"66.249.64.128/27", "66.249.64.160/27",
"66.249.64.160/27", "66.249.64.224/27",
"66.249.64.224/27", "66.249.64.32/27",
"66.249.64.32/27", "66.249.64.64/27",
"66.249.64.64/27", "66.249.64.96/27",
"66.249.64.96/27", "66.249.65.0/27",
"66.249.65.0/27", "66.249.65.128/27",
"66.249.65.128/27", "66.249.65.160/27",
"66.249.65.160/27", "66.249.65.192/27",
"66.249.65.192/27", "66.249.65.224/27",
"66.249.65.224/27", "66.249.65.32/27",
"66.249.65.32/27", "66.249.65.64/27",
"66.249.65.64/27", "66.249.65.96/27",
"66.249.65.96/27", "66.249.66.0/27",
"66.249.66.0/27", "66.249.66.128/27",
"66.249.66.128/27", "66.249.66.160/27",
"66.249.66.160/27", "66.249.66.192/27",
"66.249.66.192/27", "66.249.66.224/27",
"66.249.66.224/27", "66.249.66.32/27",
"66.249.66.32/27", "66.249.66.64/27",
"66.249.66.64/27", "66.249.66.96/27",
"66.249.66.96/27", "66.249.68.0/27",
"66.249.68.0/27", "66.249.68.128/27",
"66.249.68.128/27", "66.249.68.32/27",
"66.249.68.32/27", "66.249.68.64/27",
"66.249.68.64/27", "66.249.68.96/27",
"66.249.68.96/27", "66.249.69.0/27",
"66.249.69.0/27", "66.249.69.128/27",
"66.249.69.128/27", "66.249.69.160/27",
"66.249.69.160/27", "66.249.69.192/27",
"66.249.69.192/27", "66.249.69.224/27",
"66.249.69.224/27", "66.249.69.32/27",
"66.249.69.32/27", "66.249.69.64/27",
"66.249.69.64/27", "66.249.69.96/27",
"66.249.69.96/27", "66.249.70.0/27",
"66.249.70.0/27", "66.249.70.128/27",
"66.249.70.128/27", "66.249.70.160/27",
"66.249.70.160/27", "66.249.70.192/27",
"66.249.70.192/27", "66.249.70.224/27",
"66.249.70.224/27", "66.249.70.32/27",
"66.249.70.32/27", "66.249.70.64/27",
"66.249.70.64/27", "66.249.70.96/27",
"66.249.70.96/27", "66.249.71.0/27",
"66.249.71.0/27", "66.249.71.128/27",
"66.249.71.128/27", "66.249.71.160/27",
"66.249.71.160/27", "66.249.71.192/27",
"66.249.71.192/27", "66.249.71.224/27",
"66.249.71.224/27", "66.249.71.32/27",
"66.249.71.32/27", "66.249.71.64/27",
"66.249.71.64/27", "66.249.71.96/27",
"66.249.71.96/27", "66.249.72.0/27",
"66.249.72.0/27", "66.249.72.128/27",
"66.249.72.128/27", "66.249.72.160/27",
"66.249.72.160/27", "66.249.72.192/27",
"66.249.72.192/27", "66.249.72.224/27",
"66.249.72.224/27", "66.249.72.32/27",
"66.249.72.32/27", "66.249.72.64/27",
"66.249.72.64/27", "66.249.72.96/27",
"66.249.72.96/27", "66.249.73.0/27",
"66.249.73.0/27", "66.249.73.128/27",
"66.249.73.128/27", "66.249.73.160/27",
"66.249.73.160/27", "66.249.73.192/27",
"66.249.73.192/27", "66.249.73.224/27",
"66.249.73.224/27", "66.249.73.32/27",
"66.249.73.32/27", "66.249.73.64/27",
"66.249.73.64/27", "66.249.73.96/27",
"66.249.73.96/27", "66.249.74.0/27",
"66.249.74.0/27", "66.249.74.128/27",
"66.249.74.128/27", "66.249.74.160/27",
"66.249.74.160/27", "66.249.74.192/27",
"66.249.74.192/27", "66.249.74.32/27",
"66.249.74.32/27", "66.249.74.64/27",
"66.249.74.64/27", "66.249.74.96/27",
"66.249.74.96/27", "66.249.75.0/27",
"66.249.75.0/27", "66.249.75.128/27",
"66.249.75.128/27", "66.249.75.160/27",
"66.249.75.160/27", "66.249.75.192/27",
"66.249.75.192/27", "66.249.75.224/27",
"66.249.75.224/27", "66.249.75.32/27",
"66.249.75.32/27", "66.249.75.64/27",
"66.249.75.64/27", "66.249.75.96/27",
"66.249.75.96/27", "66.249.76.0/27",
"66.249.76.0/27", "66.249.76.128/27",
"66.249.76.128/27", "66.249.76.160/27",
"66.249.76.160/27", "66.249.76.192/27",
"66.249.76.192/27", "66.249.76.224/27",
"66.249.76.224/27", "66.249.76.32/27",
"66.249.76.32/27", "66.249.76.64/27",
"66.249.76.64/27", "66.249.76.96/27",
"66.249.76.96/27", "66.249.77.0/27",
"66.249.77.0/27", "66.249.77.128/27",
"66.249.77.128/27", "66.249.77.160/27",
"66.249.77.160/27", "66.249.77.192/27",
"66.249.77.192/27", "66.249.77.224/27",
"66.249.77.224/27", "66.249.77.32/27",
"66.249.77.32/27", "66.249.77.64/27",
"66.249.77.64/27", "66.249.77.96/27",
"66.249.77.96/27", "66.249.78.0/27",
"66.249.78.0/27", "66.249.78.32/27",
"66.249.78.32/27", "66.249.79.0/27",
"66.249.79.0/27", "66.249.79.128/27",
"66.249.79.128/27", "66.249.79.160/27",
"66.249.79.160/27", "66.249.79.192/27",
"66.249.79.192/27", "66.249.79.224/27",
"66.249.79.224/27", "66.249.79.32/27",
"66.249.79.32/27", "66.249.79.64/27",
"66.249.79.64/27", "66.249.79.96/27"
"66.249.79.96/27", ]
]

6
data/crawlers/internet-archive.yaml
View File

@@ -1,4 +1,8 @@
- name: internet-archive - name: internet-archive
action: ALLOW action: ALLOW
# https://ipinfo.io/AS7941 # https://ipinfo.io/AS7941
remote_addresses: ["207.241.224.0/20", "208.70.24.0/21", "2620:0:9c0::/48"] remote_addresses: [
"207.241.224.0/20",
"208.70.24.0/21",
"2620:0:9c0::/48"
]

13
data/crawlers/kagibot.yaml
View File

@@ -2,10 +2,9 @@
user_agent_regex: \+https\://kagi\.com/bot user_agent_regex: \+https\://kagi\.com/bot
action: ALLOW action: ALLOW
# https://kagi.com/bot # https://kagi.com/bot
remote_addresses: remote_addresses: [
[ "216.18.205.234/32",
"216.18.205.234/32", "35.212.27.76/32",
"35.212.27.76/32", "104.254.65.50/32",
"104.254.65.50/32", "209.151.156.194/32"
"209.151.156.194/32", ]
]

15
data/crawlers/marginalia.yaml
View File

@@ -2,11 +2,10 @@
user_agent_regex: search\.marginalia\.nu user_agent_regex: search\.marginalia\.nu
action: ALLOW action: ALLOW
# Received directly over email # Received directly over email
remote_addresses: remote_addresses: [
[ "193.183.0.162/31",
"193.183.0.162/31", "193.183.0.164/30",
"193.183.0.164/30", "193.183.0.168/30",
"193.183.0.168/30", "193.183.0.172/31",
"193.183.0.172/31", "193.183.0.174/32"
"193.183.0.174/32", ]
]

2
data/crawlers/mojeekbot.yaml
View File

@@ -2,4 +2,4 @@
user_agent_regex: \+https\://www\.mojeek\.com/bot\.html user_agent_regex: \+https\://www\.mojeek\.com/bot\.html
action: ALLOW action: ALLOW
# https://www.mojeek.com/bot.html # https://www.mojeek.com/bot.html
remote_addresses: ["5.102.173.71/32"] remote_addresses: [ "5.102.173.71/32" ]

21
data/crawlers/openai-gptbot.yaml
View File

@@ -4,14 +4,13 @@
user_agent_regex: GPTBot/1\.1; \+https\://openai\.com/gptbot user_agent_regex: GPTBot/1\.1; \+https\://openai\.com/gptbot
action: ALLOW action: ALLOW
# https://openai.com/gptbot.json # https://openai.com/gptbot.json
remote_addresses: remote_addresses: [
[ "52.230.152.0/24",
"52.230.152.0/24", "20.171.206.0/24",
"20.171.206.0/24", "20.171.207.0/24",
"20.171.207.0/24", "4.227.36.0/25",
"4.227.36.0/25", "20.125.66.80/28",
"20.125.66.80/28", "172.182.204.0/24",
"172.182.204.0/24", "172.182.214.0/24",
"172.182.214.0/24", "172.182.215.0/24",
"172.182.215.0/24", ]
]

15
data/crawlers/openai-searchbot.yaml
View File

@@ -4,11 +4,10 @@
user_agent_regex: OAI-SearchBot/1\.0; \+https\://openai\.com/searchbot user_agent_regex: OAI-SearchBot/1\.0; \+https\://openai\.com/searchbot
action: ALLOW action: ALLOW
# https://openai.com/searchbot.json # https://openai.com/searchbot.json
remote_addresses: remote_addresses: [
[ "20.42.10.176/28",
"20.42.10.176/28", "172.203.190.128/28",
"172.203.190.128/28", "104.210.140.128/28",
"104.210.140.128/28", "51.8.102.0/24",
"51.8.102.0/24", "135.234.64.0/24"
"135.234.64.0/24", ]
]

17
data/crawlers/perplexitybot.yaml
View File

@@ -1,17 +0,0 @@
# Indexing for search, does not collect training data
# https://docs.perplexity.ai/guides/bots
- name: perplexitybot
user_agent_regex: PerplexityBot/.+; \+https\://perplexity\.ai/perplexitybot
action: ALLOW
# https://www.perplexity.com/perplexitybot.json
remote_addresses:
[
"107.20.236.150/32",
"3.224.62.45/32",
"18.210.92.235/32",
"3.222.232.239/32",
"3.211.124.183/32",
"3.231.139.107/32",
"18.97.1.228/30",
"18.97.9.96/29",
]

2
data/crawlers/qwantbot.yaml
View File

@@ -2,4 +2,4 @@
user_agent_regex: \+https\://help\.qwant\.com/bot/ user_agent_regex: \+https\://help\.qwant\.com/bot/
action: ALLOW action: ALLOW
# https://help.qwant.com/wp-content/uploads/sites/2/2025/01/qwantbot.json # https://help.qwant.com/wp-content/uploads/sites/2/2025/01/qwantbot.json
remote_addresses: ["91.242.162.0/24"] remote_addresses: [ "91.242.162.0/24" ]

12
data/crawlers/yandexbot.yaml
View File

@@ -1,6 +1,6 @@
- name: yandexbot - name: yandexbot
action: ALLOW action: ALLOW
expression: expression:
all: all:
- userAgent.matches("\\+http\\://yandex\\.com/bots") - userAgent.matches("\\+http\\://yandex\\.com/bots")
- verifyFCrDNS(remoteAddress, "^.*\\.yandex\\.(ru|com|net)$") - verifyFCrDNS(remoteAddress, "^.*\\.yandex\\.(ru|com|net)$")

2
data/meta/README.md
View File

@@ -2,4 +2,4 @@
Contains policies that exclusively reference policies in _multiple_ other data folders. Contains policies that exclusively reference policies in _multiple_ other data folders.
Akin to "stances" that the administrator can take, with reference to various topics, such as AI/LLM systems. Akin to "stances" that the administrator can take, with reference to various topics, such as AI/LLM systems.

2
data/meta/ai-block-aggressive.yaml
View File

@@ -3,4 +3,4 @@
- import: (data)/bots/ai-catchall.yaml - import: (data)/bots/ai-catchall.yaml
- import: (data)/clients/ai.yaml - import: (data)/clients/ai.yaml
- import: (data)/crawlers/ai-search.yaml - import: (data)/crawlers/ai-search.yaml
- import: (data)/crawlers/ai-training.yaml - import: (data)/crawlers/ai-training.yaml

4
data/meta/ai-block-moderate.yaml
View File

@@ -3,7 +3,5 @@
- import: (data)/bots/ai-catchall.yaml - import: (data)/bots/ai-catchall.yaml
- import: (data)/crawlers/ai-training.yaml - import: (data)/crawlers/ai-training.yaml
- import: (data)/crawlers/openai-searchbot.yaml - import: (data)/crawlers/openai-searchbot.yaml
- import: (data)/crawlers/perplexitybot.yaml
- import: (data)/clients/openai-chatgpt-user.yaml - import: (data)/clients/openai-chatgpt-user.yaml
- import: (data)/clients/mistral-mistralai-user.yaml - import: (data)/clients/mistral-mistralai-user.yaml
- import: (data)/clients/perplexity-user.yaml

4
data/meta/ai-block-permissive.yaml
View File

@@ -2,7 +2,5 @@
- import: (data)/bots/ai-catchall.yaml - import: (data)/bots/ai-catchall.yaml
- import: (data)/crawlers/openai-searchbot.yaml - import: (data)/crawlers/openai-searchbot.yaml
- import: (data)/crawlers/openai-gptbot.yaml - import: (data)/crawlers/openai-gptbot.yaml
- import: (data)/crawlers/perplexitybot.yaml
- import: (data)/clients/openai-chatgpt-user.yaml - import: (data)/clients/openai-chatgpt-user.yaml
- import: (data)/clients/mistral-mistralai-user.yaml - import: (data)/clients/mistral-mistralai-user.yaml
- import: (data)/clients/perplexity-user.yaml

44
data/meta/default-config.yaml
View File

@@ -79,6 +79,50 @@
# weight: # weight:
# adjust: -10 # adjust: -10
# Assert behaviour that only genuine browsers display. This ensures that Chrome
# or Firefox versions
- name: realistic-browser-catchall
expression:
all:
- '"User-Agent" in headers'
- '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
- '"Accept" in headers'
- '"Sec-Fetch-Dest" in headers'
- '"Sec-Fetch-Mode" in headers'
- '"Sec-Fetch-Site" in headers'
- '"Accept-Encoding" in headers'
- '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
- '"Accept-Language" in headers'
action: WEIGH
weight:
adjust: -10
# The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
- name: upgrade-insecure-requests
expression: '"Upgrade-Insecure-Requests" in headers'
action: WEIGH
weight:
adjust: -2
# Chrome should behave like Chrome
- name: chrome-is-proper
expression:
all:
- userAgent.contains("Chrome")
- '"Sec-Ch-Ua" in headers'
- 'headers["Sec-Ch-Ua"].contains("Chromium")'
- '"Sec-Ch-Ua-Mobile" in headers'
- '"Sec-Ch-Ua-Platform" in headers'
action: WEIGH
weight:
adjust: -5
- name: should-have-accept
expression: '!("Accept" in headers)'
action: WEIGH
weight:
adjust: 5
# Generic catchall rule # Generic catchall rule
- name: generic-browser - name: generic-browser
user_agent_regex: >- user_agent_regex: >-

4
data/meta/messengers-preview.yaml
View File

@@ -1,2 +1,2 @@
- import: (data)/clients/telegram-preview.yaml - import: (data)/clients/telegram-preview.yaml
- import: (data)/clients/vk-preview.yaml - import: (data)/clients/vk-preview.yaml

439
data/services/uptime-robot.yaml
View File

@@ -2,223 +2,222 @@
user_agent_regex: UptimeRobot user_agent_regex: UptimeRobot
action: ALLOW action: ALLOW
# https://api.uptimerobot.com/meta/ips # https://api.uptimerobot.com/meta/ips
remote_addresses: remote_addresses: [
[ "3.12.251.153/32",
"3.12.251.153/32", "3.20.63.178/32",
"3.20.63.178/32", "3.77.67.4/32",
"3.77.67.4/32", "3.79.134.69/32",
"3.79.134.69/32", "3.105.133.239/32",
"3.105.133.239/32", "3.105.190.221/32",
"3.105.190.221/32", "3.133.226.214/32",
"3.133.226.214/32", "3.149.57.90/32",
"3.149.57.90/32", "3.212.128.62/32",
"3.212.128.62/32", "5.161.61.238/32",
"5.161.61.238/32", "5.161.73.160/32",
"5.161.73.160/32", "5.161.75.7/32",
"5.161.75.7/32", "5.161.113.195/32",
"5.161.113.195/32", "5.161.117.52/32",
"5.161.117.52/32", "5.161.177.47/32",
"5.161.177.47/32", "5.161.194.92/32",
"5.161.194.92/32", "5.161.215.244/32",
"5.161.215.244/32", "5.223.43.32/32",
"5.223.43.32/32", "5.223.53.147/32",
"5.223.53.147/32", "5.223.57.22/32",
"5.223.57.22/32", "18.116.205.62/32",
"18.116.205.62/32", "18.180.208.214/32",
"18.180.208.214/32", "18.192.166.72/32",
"18.192.166.72/32", "18.193.252.127/32",
"18.193.252.127/32", "24.144.78.39/32",
"24.144.78.39/32", "24.144.78.185/32",
"24.144.78.185/32", "34.198.201.66/32",
"34.198.201.66/32", "45.55.123.175/32",
"45.55.123.175/32", "45.55.127.146/32",
"45.55.127.146/32", "49.13.24.81/32",
"49.13.24.81/32", "49.13.130.29/32",
"49.13.130.29/32", "49.13.134.145/32",
"49.13.134.145/32", "49.13.164.148/32",
"49.13.164.148/32", "49.13.167.123/32",
"49.13.167.123/32", "52.15.147.27/32",
"52.15.147.27/32", "52.22.236.30/32",
"52.22.236.30/32", "52.28.162.93/32",
"52.28.162.93/32", "52.59.43.236/32",
"52.59.43.236/32", "52.87.72.16/32",
"52.87.72.16/32", "54.64.67.106/32",
"54.64.67.106/32", "54.79.28.129/32",
"54.79.28.129/32", "54.87.112.51/32",
"54.87.112.51/32", "54.167.223.174/32",
"54.167.223.174/32", "54.249.170.27/32",
"54.249.170.27/32", "63.178.84.147/32",
"63.178.84.147/32", "64.225.81.248/32",
"64.225.81.248/32", "64.225.82.147/32",
"64.225.82.147/32", "69.162.124.227/32",
"69.162.124.227/32", "69.162.124.235/32",
"69.162.124.235/32", "69.162.124.238/32",
"69.162.124.238/32", "78.46.190.63/32",
"78.46.190.63/32", "78.46.215.1/32",
"78.46.215.1/32", "78.47.98.55/32",
"78.47.98.55/32", "78.47.173.76/32",
"78.47.173.76/32", "88.99.80.227/32",
"88.99.80.227/32", "91.99.101.207/32",
"91.99.101.207/32", "128.140.41.193/32",
"128.140.41.193/32", "128.140.106.114/32",
"128.140.106.114/32", "129.212.132.140/32",
"129.212.132.140/32", "134.199.240.137/32",
"134.199.240.137/32", "138.197.53.117/32",
"138.197.53.117/32", "138.197.53.138/32",
"138.197.53.138/32", "138.197.54.143/32",
"138.197.54.143/32", "138.197.54.247/32",
"138.197.54.247/32", "138.197.63.92/32",
"138.197.63.92/32", "139.59.50.44/32",
"139.59.50.44/32", "142.132.180.39/32",
"142.132.180.39/32", "143.198.249.237/32",
"143.198.249.237/32", "143.198.250.89/32",
"143.198.250.89/32", "143.244.196.21/32",
"143.244.196.21/32", "143.244.196.211/32",
"143.244.196.211/32", "143.244.221.177/32",
"143.244.221.177/32", "144.126.251.21/32",
"144.126.251.21/32", "146.190.9.187/32",
"146.190.9.187/32", "152.42.149.135/32",
"152.42.149.135/32", "157.90.155.240/32",
"157.90.155.240/32", "157.90.156.63/32",
"157.90.156.63/32", "159.69.158.189/32",
"159.69.158.189/32", "159.223.243.219/32",
"159.223.243.219/32", "161.35.247.201/32",
"161.35.247.201/32", "167.99.18.52/32",
"167.99.18.52/32", "167.235.143.113/32",
"167.235.143.113/32", "168.119.53.160/32",
"168.119.53.160/32", "168.119.96.239/32",
"168.119.96.239/32", "168.119.123.75/32",
"168.119.123.75/32", "170.64.250.64/32",
"170.64.250.64/32", "170.64.250.132/32",
"170.64.250.132/32", "170.64.250.235/32",
"170.64.250.235/32", "178.156.181.172/32",
"178.156.181.172/32", "178.156.184.20/32",
"178.156.184.20/32", "178.156.185.127/32",
"178.156.185.127/32", "178.156.185.231/32",
"178.156.185.231/32", "178.156.187.238/32",
"178.156.187.238/32", "178.156.189.113/32",
"178.156.189.113/32", "178.156.189.249/32",
"178.156.189.249/32", "188.166.201.79/32",
"188.166.201.79/32", "206.189.241.133/32",
"206.189.241.133/32", "209.38.49.1/32",
"209.38.49.1/32", "209.38.49.206/32",
"209.38.49.206/32", "209.38.49.226/32",
"209.38.49.226/32", "209.38.51.43/32",
"209.38.51.43/32", "209.38.53.7/32",
"209.38.53.7/32", "209.38.124.252/32",
"209.38.124.252/32", "216.144.248.18/31",
"216.144.248.18/31", "216.144.248.21/32",
"216.144.248.21/32", "216.144.248.22/31",
"216.144.248.22/31", "216.144.248.24/30",
"216.144.248.24/30", "216.144.248.28/31",
"216.144.248.28/31", "216.144.248.30/32",
"216.144.248.30/32", "216.245.221.83/32",
"216.245.221.83/32", "2400:6180:10:200::56a0:b000/128",
"2400:6180:10:200::56a0:b000/128", "2400:6180:10:200::56a0:c000/128",
"2400:6180:10:200::56a0:c000/128", "2400:6180:10:200::56a0:e000/128",
"2400:6180:10:200::56a0:e000/128", "2400:6180:100:d0::94b6:4001/128",
"2400:6180:100:d0::94b6:4001/128", "2400:6180:100:d0::94b6:5001/128",
"2400:6180:100:d0::94b6:5001/128", "2400:6180:100:d0::94b6:7001/128",
"2400:6180:100:d0::94b6:7001/128", "2406:da14:94d:8601:9d0d:7754:bedf:e4f5/128",
"2406:da14:94d:8601:9d0d:7754:bedf:e4f5/128", "2406:da14:94d:8601:b325:ff58:2bba:7934/128",
"2406:da14:94d:8601:b325:ff58:2bba:7934/128", "2406:da14:94d:8601:db4b:c5ac:2cbe:9a79/128",
"2406:da14:94d:8601:db4b:c5ac:2cbe:9a79/128", "2406:da1c:9c8:dc02:7ae1:f2ea:ab91:2fde/128",
"2406:da1c:9c8:dc02:7ae1:f2ea:ab91:2fde/128", "2406:da1c:9c8:dc02:7db9:f38b:7b9f:402e/128",
"2406:da1c:9c8:dc02:7db9:f38b:7b9f:402e/128", "2406:da1c:9c8:dc02:82b2:f0fd:ee96:579/128",
"2406:da1c:9c8:dc02:82b2:f0fd:ee96:579/128", "2600:1f16:775:3a00:ac3:c5eb:7081:942e/128",
"2600:1f16:775:3a00:ac3:c5eb:7081:942e/128", "2600:1f16:775:3a00:37bf:6026:e54a:f03a/128",
"2600:1f16:775:3a00:37bf:6026:e54a:f03a/128", "2600:1f16:775:3a00:3f24:5bb0:95d7:5a6b/128",
"2600:1f16:775:3a00:3f24:5bb0:95d7:5a6b/128", "2600:1f16:775:3a00:8c2c:2ba6:778f:5be5/128",
"2600:1f16:775:3a00:8c2c:2ba6:778f:5be5/128", "2600:1f16:775:3a00:91ac:3120:ff38:92b5/128",
"2600:1f16:775:3a00:91ac:3120:ff38:92b5/128", "2600:1f16:775:3a00:dbbe:36b0:3c45:da32/128",
"2600:1f16:775:3a00:dbbe:36b0:3c45:da32/128", "2600:1f18:179:f900:71:af9a:ade7:d772/128",
"2600:1f18:179:f900:71:af9a:ade7:d772/128", "2600:1f18:179:f900:2406:9399:4ae6:c5d3/128",
"2600:1f18:179:f900:2406:9399:4ae6:c5d3/128", "2600:1f18:179:f900:4696:7729:7bb3:f52f/128",
"2600:1f18:179:f900:4696:7729:7bb3:f52f/128", "2600:1f18:179:f900:4b7d:d1cc:2d10:211/128",
"2600:1f18:179:f900:4b7d:d1cc:2d10:211/128", "2600:1f18:179:f900:5c68:91b6:5d75:5d7/128",
"2600:1f18:179:f900:5c68:91b6:5d75:5d7/128", "2600:1f18:179:f900:e8dd:eed1:a6c:183b/128",
"2600:1f18:179:f900:e8dd:eed1:a6c:183b/128", "2604:a880:800:14:0:1:68ba:d000/128",
"2604:a880:800:14:0:1:68ba:d000/128", "2604:a880:800:14:0:1:68ba:e000/128",
"2604:a880:800:14:0:1:68ba:e000/128", "2604:a880:800:14:0:1:68bb:0/128",
"2604:a880:800:14:0:1:68bb:0/128", "2604:a880:800:14:0:1:68bb:1000/128",
"2604:a880:800:14:0:1:68bb:1000/128", "2604:a880:800:14:0:1:68bb:3000/128",
"2604:a880:800:14:0:1:68bb:3000/128", "2604:a880:800:14:0:1:68bb:4000/128",
"2604:a880:800:14:0:1:68bb:4000/128", "2604:a880:800:14:0:1:68bb:5000/128",
"2604:a880:800:14:0:1:68bb:5000/128", "2604:a880:800:14:0:1:68bb:6000/128",
"2604:a880:800:14:0:1:68bb:6000/128", "2604:a880:800:14:0:1:68bb:7000/128",
"2604:a880:800:14:0:1:68bb:7000/128", "2604:a880:800:14:0:1:68bb:a000/128",
"2604:a880:800:14:0:1:68bb:a000/128", "2604:a880:800:14:0:1:68bb:b000/128",
"2604:a880:800:14:0:1:68bb:b000/128", "2604:a880:800:14:0:1:68bb:c000/128",
"2604:a880:800:14:0:1:68bb:c000/128", "2604:a880:800:14:0:1:68bb:d000/128",
"2604:a880:800:14:0:1:68bb:d000/128", "2604:a880:800:14:0:1:68bb:e000/128",
"2604:a880:800:14:0:1:68bb:e000/128", "2604:a880:800:14:0:1:68bb:f000/128",
"2604:a880:800:14:0:1:68bb:f000/128", "2607:ff68:107::4/128",
"2607:ff68:107::4/128", "2607:ff68:107::14/128",
"2607:ff68:107::14/128", "2607:ff68:107::33/128",
"2607:ff68:107::33/128", "2607:ff68:107::48/127",
"2607:ff68:107::48/127", "2607:ff68:107::50/125",
"2607:ff68:107::50/125", "2607:ff68:107::58/127",
"2607:ff68:107::58/127", "2607:ff68:107::60/128",
"2607:ff68:107::60/128", "2a01:4f8:c0c:83fa::1/128",
"2a01:4f8:c0c:83fa::1/128", "2a01:4f8:c17:42e4::1/128",
"2a01:4f8:c17:42e4::1/128", "2a01:4f8:c2c:9fc6::1/128",
"2a01:4f8:c2c:9fc6::1/128", "2a01:4f8:c2c:beae::1/128",
"2a01:4f8:c2c:beae::1/128", "2a01:4f8:1c1a:3d53::1/128",
"2a01:4f8:1c1a:3d53::1/128", "2a01:4f8:1c1b:4ef4::1/128",
"2a01:4f8:1c1b:4ef4::1/128", "2a01:4f8:1c1b:5b5a::1/128",
"2a01:4f8:1c1b:5b5a::1/128", "2a01:4f8:1c1b:7ecc::1/128",
"2a01:4f8:1c1b:7ecc::1/128", "2a01:4f8:1c1c:11aa::1/128",
"2a01:4f8:1c1c:11aa::1/128", "2a01:4f8:1c1c:5353::1/128",
"2a01:4f8:1c1c:5353::1/128", "2a01:4f8:1c1c:7240::1/128",
"2a01:4f8:1c1c:7240::1/128", "2a01:4f8:1c1c:a98a::1/128",
"2a01:4f8:1c1c:a98a::1/128", "2a01:4f8:c012:c60e::1/128",
"2a01:4f8:c012:c60e::1/128", "2a01:4f8:c013:c18::1/128",
"2a01:4f8:c013:c18::1/128", "2a01:4f8:c013:34c0::1/128",
"2a01:4f8:c013:34c0::1/128", "2a01:4f8:c013:3b0f::1/128",
"2a01:4f8:c013:3b0f::1/128", "2a01:4f8:c013:3c52::1/128",
"2a01:4f8:c013:3c52::1/128", "2a01:4f8:c013:3c53::1/128",
"2a01:4f8:c013:3c53::1/128", "2a01:4f8:c013:3c54::1/128",
"2a01:4f8:c013:3c54::1/128", "2a01:4f8:c013:3c55::1/128",
"2a01:4f8:c013:3c55::1/128", "2a01:4f8:c013:3c56::1/128",
"2a01:4f8:c013:3c56::1/128", "2a01:4ff:f0:bfd::1/128",
"2a01:4ff:f0:bfd::1/128", "2a01:4ff:f0:2219::1/128",
"2a01:4ff:f0:2219::1/128", "2a01:4ff:f0:3e03::1/128",
"2a01:4ff:f0:3e03::1/128", "2a01:4ff:f0:5f80::1/128",
"2a01:4ff:f0:5f80::1/128", "2a01:4ff:f0:7fad::1/128",
"2a01:4ff:f0:7fad::1/128", "2a01:4ff:f0:9c5f::1/128",
"2a01:4ff:f0:9c5f::1/128", "2a01:4ff:f0:b2f2::1/128",
"2a01:4ff:f0:b2f2::1/128", "2a01:4ff:f0:b6f1::1/128",
"2a01:4ff:f0:b6f1::1/128", "2a01:4ff:f0:d283::1/128",
"2a01:4ff:f0:d283::1/128", "2a01:4ff:f0:d3cd::1/128",
"2a01:4ff:f0:d3cd::1/128", "2a01:4ff:f0:e516::1/128",
"2a01:4ff:f0:e516::1/128", "2a01:4ff:f0:e9cf::1/128",
"2a01:4ff:f0:e9cf::1/128", "2a01:4ff:f0:eccb::1/128",
"2a01:4ff:f0:eccb::1/128", "2a01:4ff:f0:efd1::1/128",
"2a01:4ff:f0:efd1::1/128", "2a01:4ff:f0:fdc7::1/128",
"2a01:4ff:f0:fdc7::1/128", "2a01:4ff:2f0:193c::1/128",
"2a01:4ff:2f0:193c::1/128", "2a01:4ff:2f0:27de::1/128",
"2a01:4ff:2f0:27de::1/128", "2a01:4ff:2f0:3b3a::1/128",
"2a01:4ff:2f0:3b3a::1/128", "2a03:b0c0:2:f0::bd91:f001/128",
"2a03:b0c0:2:f0::bd91:f001/128", "2a03:b0c0:2:f0::bd92:1/128",
"2a03:b0c0:2:f0::bd92:1/128", "2a03:b0c0:2:f0::bd92:1001/128",
"2a03:b0c0:2:f0::bd92:1001/128", "2a03:b0c0:2:f0::bd92:2001/128",
"2a03:b0c0:2:f0::bd92:2001/128", "2a03:b0c0:2:f0::bd92:4001/128",
"2a03:b0c0:2:f0::bd92:4001/128", "2a03:b0c0:2:f0::bd92:5001/128",
"2a03:b0c0:2:f0::bd92:5001/128", "2a03:b0c0:2:f0::bd92:6001/128",
"2a03:b0c0:2:f0::bd92:6001/128", "2a03:b0c0:2:f0::bd92:7001/128",
"2a03:b0c0:2:f0::bd92:7001/128", "2a03:b0c0:2:f0::bd92:8001/128",
"2a03:b0c0:2:f0::bd92:8001/128", "2a03:b0c0:2:f0::bd92:9001/128",
"2a03:b0c0:2:f0::bd92:9001/128", "2a03:b0c0:2:f0::bd92:a001/128",
"2a03:b0c0:2:f0::bd92:a001/128", "2a03:b0c0:2:f0::bd92:b001/128",
"2a03:b0c0:2:f0::bd92:b001/128", "2a03:b0c0:2:f0::bd92:c001/128",
"2a03:b0c0:2:f0::bd92:c001/128", "2a03:b0c0:2:f0::bd92:e001/128",
"2a03:b0c0:2:f0::bd92:e001/128", "2a03:b0c0:2:f0::bd92:f001/128",
"2a03:b0c0:2:f0::bd92:f001/128", "2a05:d014:1815:3400:6d:9235:c1c0:96ad/128",
"2a05:d014:1815:3400:6d:9235:c1c0:96ad/128", "2a05:d014:1815:3400:654f:bd37:724c:212b/128",
"2a05:d014:1815:3400:654f:bd37:724c:212b/128", "2a05:d014:1815:3400:90b4:4ef9:5631:b170/128",
"2a05:d014:1815:3400:90b4:4ef9:5631:b170/128", "2a05:d014:1815:3400:9779:d8e9:100a:9642/128",
"2a05:d014:1815:3400:9779:d8e9:100a:9642/128", "2a05:d014:1815:3400:af29:e95e:64ff:df81/128",
"2a05:d014:1815:3400:af29:e95e:64ff:df81/128", "2a05:d014:1815:3400:c7d6:f7f3:6cc1:30d1/128",
"2a05:d014:1815:3400:c7d6:f7f3:6cc1:30d1/128", "2a05:d014:1815:3400:d784:e5dd:8e0:67cb/128",
"2a05:d014:1815:3400:d784:e5dd:8e0:67cb/128", ]
]

2
decaymap/decaymap.go
View File

@@ -146,7 +146,7 @@ func (m *Impl[K, V]) Close() {
func (m *Impl[K, V]) cleanupWorker() { func (m *Impl[K, V]) cleanupWorker() {
defer m.wg.Done() defer m.wg.Done()
batch := make([]deleteReq[K], 0, 64) batch := make([]deleteReq[K], 0, 64)
ticker := time.NewTicker(500 * time.Millisecond) ticker := time.NewTicker(10 * time.Millisecond)
defer ticker.Stop() defer ticker.Stop()
flush := func() { flush := func() {

2
decaymap/decaymap_test.go
View File

@@ -32,7 +32,7 @@ func TestImpl(t *testing.T) {
// Deletion of expired entries after Get is deferred to a background worker. // Deletion of expired entries after Get is deferred to a background worker.
// Assert it eventually disappears from the map. // Assert it eventually disappears from the map.
deadline := time.Now().Add(700 * time.Millisecond) deadline := time.Now().Add(200 * time.Millisecond)
for time.Now().Before(deadline) { for time.Now().Before(deadline) {
if dm.Len() == 0 { if dm.Len() == 0 {
break break

2
docs/blog/2025-06-27-release-1.20.0/index.mdx
View File

@@ -226,7 +226,7 @@ So far Anubis supports the following languages:
- English (Simplified and Traditional) - English (Simplified and Traditional)
- French - French
- Portuguese (Brazil) - Portugese (Brazil)
- Spanish - Spanish
If you want to contribute translations, please [file an issue](https://github.com/TecharoHQ/anubis/issues/new) with your language of choice or submit a pull request to [the `lib/localization/locales` folder](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). We are about to introduce features to the translation stack, so you may want to hold off a hot minute, but we welcome any and all contributions to making Anubis useful to a global audience. If you want to contribute translations, please [file an issue](https://github.com/TecharoHQ/anubis/issues/new) with your language of choice or submit a pull request to [the `lib/localization/locales` folder](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). We are about to introduce features to the translation stack, so you may want to hold off a hot minute, but we welcome any and all contributions to making Anubis useful to a global audience.

2
docs/blog/2025-07-22-release-1.21.1/index.mdx
View File

@@ -69,7 +69,7 @@ I am waiting to hear back from NLNet on if Anubis was selected for funding or no
Anubis now supports localized responses. Locales can be added in [lib/localization/locales/](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). This release includes support for the following languages: Anubis now supports localized responses. Locales can be added in [lib/localization/locales/](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). This release includes support for the following languages:
- [Brazilian Portuguese](https://github.com/TecharoHQ/anubis/pull/726) - [Brazilian Portugese](https://github.com/TecharoHQ/anubis/pull/726)
- [Chinese (Simplified)](https://github.com/TecharoHQ/anubis/pull/774) - [Chinese (Simplified)](https://github.com/TecharoHQ/anubis/pull/774)
- [Chinese (Traditional)](https://github.com/TecharoHQ/anubis/pull/759) - [Chinese (Traditional)](https://github.com/TecharoHQ/anubis/pull/759)
- [Czech](https://github.com/TecharoHQ/anubis/pull/849) - [Czech](https://github.com/TecharoHQ/anubis/pull/849)

150
docs/blog/2025-08-28-cpu-core-odd/ProofOfWorkDiagram/index.jsx
View File

@@ -1,16 +1,14 @@
import React, { useState, useEffect, useMemo } from "react"; import React, { useState, useEffect, useMemo } from 'react';
import styles from "./styles.module.css"; import styles from './styles.module.css';
// A helper function to perform SHA-256 hashing. // A helper function to perform SHA-256 hashing.
// It takes a string, encodes it, hashes it, and returns a hex string. // It takes a string, encodes it, hashes it, and returns a hex string.
async function sha256(message) { async function sha256(message) {
try { try {
const msgBuffer = new TextEncoder().encode(message); const msgBuffer = new TextEncoder().encode(message);
const hashBuffer = await crypto.subtle.digest("SHA-256", msgBuffer); const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);
const hashArray = Array.from(new Uint8Array(hashBuffer)); const hashArray = Array.from(new Uint8Array(hashBuffer));
const hashHex = hashArray const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
.map((b) => b.toString(16).padStart(2, "0"))
.join("");
return hashHex; return hashHex;
} catch (error) { } catch (error) {
console.error("Hashing failed:", error); console.error("Hashing failed:", error);
@@ -23,42 +21,21 @@ const generateRandomHex = (bytes = 16) => {
const buffer = new Uint8Array(bytes); const buffer = new Uint8Array(bytes);
crypto.getRandomValues(buffer); crypto.getRandomValues(buffer);
return Array.from(buffer) return Array.from(buffer)
.map((byte) => byte.toString(16).padStart(2, "0")) .map(byte => byte.toString(16).padStart(2, '0'))
.join(""); .join('');
}; };
// Icon components for better visual feedback // Icon components for better visual feedback
const CheckIcon = () => ( const CheckIcon = () => (
<svg <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconGreen} fill="none" viewBox="0 0 24 24" stroke="currentColor">
xmlns="http://www.w3.org/2000/svg" <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z" />
className={styles.iconGreen}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z"
/>
</svg> </svg>
); );
const XCircleIcon = () => ( const XCircleIcon = () => (
<svg <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconRed} fill="none" viewBox="0 0 24 24" stroke="currentColor">
xmlns="http://www.w3.org/2000/svg" <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z" />
className={styles.iconRed}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z"
/>
</svg> </svg>
); );
@@ -69,7 +46,7 @@ export default function App() {
// State for the nonce, which is the variable we can change // State for the nonce, which is the variable we can change
const [nonce, setNonce] = useState(0); const [nonce, setNonce] = useState(0);
// State to store the resulting hash // State to store the resulting hash
const [hash, setHash] = useState(""); const [hash, setHash] = useState('');
// A flag to indicate if the current hash is the "winning" one // A flag to indicate if the current hash is the "winning" one
const [isMining, setIsMining] = useState(false); const [isMining, setIsMining] = useState(false);
const [isFound, setIsFound] = useState(false); const [isFound, setIsFound] = useState(false);
@@ -78,10 +55,7 @@ export default function App() {
const difficulty = "00"; const difficulty = "00";
// Memoize the combined data to avoid recalculating on every render // Memoize the combined data to avoid recalculating on every render
const combinedData = useMemo( const combinedData = useMemo(() => `${challenge}${nonce}`, [challenge, nonce]);
() => `${challenge}${nonce}`,
[challenge, nonce],
);
// This effect hook recalculates the hash whenever the combinedData changes. // This effect hook recalculates the hash whenever the combinedData changes.
useEffect(() => { useEffect(() => {
@@ -94,9 +68,7 @@ export default function App() {
} }
}; };
calculateHash(); calculateHash();
return () => { return () => { isMounted = false; };
isMounted = false;
};
}, [combinedData, difficulty]); }, [combinedData, difficulty]);
// This effect handles the automatic mining process // This effect handles the automatic mining process
@@ -121,7 +93,7 @@ export default function App() {
// Update the UI periodically to avoid freezing the browser // Update the UI periodically to avoid freezing the browser
if (miningNonce % 100 === 0) { if (miningNonce % 100 === 0) {
setNonce(miningNonce); setNonce(miningNonce);
await new Promise((resolve) => setTimeout(resolve, 0)); // Yield to the browser await new Promise(resolve => setTimeout(resolve, 0)); // Yield to the browser
} }
} }
}; };
@@ -130,27 +102,28 @@ export default function App() {
return () => { return () => {
continueMining = false; continueMining = false;
}; }
}, [isMining, challenge, nonce, difficulty]); }, [isMining, challenge, nonce, difficulty]);
const handleMineClick = () => { const handleMineClick = () => {
setIsMining(true); setIsMining(true);
}; }
const handleStopClick = () => { const handleStopClick = () => {
setIsMining(false); setIsMining(false);
}; }
const handleResetClick = () => { const handleResetClick = () => {
setIsMining(false); setIsMining(false);
setNonce(0); setNonce(0);
}; }
const handleNewChallengeClick = () => { const handleNewChallengeClick = () => {
setIsMining(false); setIsMining(false);
setChallenge(generateRandomHex(16)); setChallenge(generateRandomHex(16));
setNonce(0); setNonce(0);
}; }
// Helper to render the hash with colored leading characters // Helper to render the hash with colored leading characters
const renderHash = () => { const renderHash = () => {
@@ -180,46 +153,12 @@ export default function App() {
<div className={styles.block}> <div className={styles.block}>
<h2 className={styles.blockTitle}>2. Nonce</h2> <h2 className={styles.blockTitle}>2. Nonce</h2>
<div className={styles.nonceControls}> <div className={styles.nonceControls}>
<button <button onClick={() => setNonce(n => n - 1)} disabled={isMining} className={styles.nonceButton}>
onClick={() => setNonce((n) => n - 1)} <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconSmall} fill="none" viewBox="0 0 24 24" stroke="currentColor"><path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M20 12H4" /></svg>
disabled={isMining}
className={styles.nonceButton}
>
<svg
xmlns="http://www.w3.org/2000/svg"
className={styles.iconSmall}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M20 12H4"
/>
</svg>
</button> </button>
<span className={styles.nonceValue}>{nonce}</span> <span className={styles.nonceValue}>{nonce}</span>
<button <button onClick={() => setNonce(n => n + 1)} disabled={isMining} className={styles.nonceButton}>
onClick={() => setNonce((n) => n + 1)} <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconSmall} fill="none" viewBox="0 0 24 24" stroke="currentColor"><path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 4v16m8-8H4" /></svg>
disabled={isMining}
className={styles.nonceButton}
>
<svg
xmlns="http://www.w3.org/2000/svg"
className={styles.iconSmall}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M12 4v16m8-8H4"
/>
</svg>
</button> </button>
</div> </div>
</div> </div>
@@ -233,26 +172,13 @@ export default function App() {
{/* Arrow pointing down */} {/* Arrow pointing down */}
<div className={styles.arrowContainer}> <div className={styles.arrowContainer}>
<svg <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconGray} fill="none" viewBox="0 0 24 24" stroke="currentColor">
xmlns="http://www.w3.org/2000/svg" <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 14l-7 7m0 0l-7-7m7 7V3" />
className={styles.iconGray}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M19 14l-7 7m0 0l-7-7m7 7V3"
/>
</svg> </svg>
</div> </div>
{/* Hash Output Block */} {/* Hash Output Block */}
<div <div className={`${styles.hashContainer} ${isFound ? styles.hashContainerSuccess : styles.hashContainerError}`}>
className={`${styles.hashContainer} ${isFound ? styles.hashContainerSuccess : styles.hashContainerError}`}
>
<div className={styles.hashContent}> <div className={styles.hashContent}>
<div className={styles.hashText}> <div className={styles.hashText}>
<h2 className={styles.blockTitle}>4. Resulting Hash (SHA-256)</h2> <h2 className={styles.blockTitle}>4. Resulting Hash (SHA-256)</h2>
@@ -267,30 +193,18 @@ export default function App() {
{/* Mining Controls */} {/* Mining Controls */}
<div className={styles.buttonContainer}> <div className={styles.buttonContainer}>
{!isMining ? ( {!isMining ? (
<button <button onClick={handleMineClick} className={`${styles.button} ${styles.buttonCyan}`}>
onClick={handleMineClick}
className={`${styles.button} ${styles.buttonCyan}`}
>
Auto-Mine Auto-Mine
</button> </button>
) : ( ) : (
<button <button onClick={handleStopClick} className={`${styles.button} ${styles.buttonYellow}`}>
onClick={handleStopClick}
className={`${styles.button} ${styles.buttonYellow}`}
>
Stop Mining Stop Mining
</button> </button>
)} )}
<button <button onClick={handleNewChallengeClick} className={`${styles.button} ${styles.buttonIndigo}`}>
onClick={handleNewChallengeClick}
className={`${styles.button} ${styles.buttonIndigo}`}
>
New Challenge New Challenge
</button> </button>
<button <button onClick={handleResetClick} className={`${styles.button} ${styles.buttonGray}`}>
onClick={handleResetClick}
className={`${styles.button} ${styles.buttonGray}`}
>
Reset Nonce Reset Nonce
</button> </button>
</div> </div>

8
docs/blog/2025-08-28-cpu-core-odd/ProofOfWorkDiagram/styles.module.css
View File

@@ -48,9 +48,7 @@
background-color: rgb(31 41 55); background-color: rgb(31 41 55);
padding: 1.5rem; padding: 1.5rem;
border-radius: 0.5rem; border-radius: 0.5rem;
box-shadow: box-shadow: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
0 10px 15px -3px rgb(0 0 0 / 0.1),
0 4px 6px -4px rgb(0 0 0 / 0.1);
height: 100%; height: 100%;
display: flex; display: flex;
flex-direction: column; flex-direction: column;
@@ -160,9 +158,7 @@
.hashContainer { .hashContainer {
padding: 1.5rem; padding: 1.5rem;
border-radius: 0.5rem; border-radius: 0.5rem;
box-shadow: box-shadow: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
0 10px 15px -3px rgb(0 0 0 / 0.1),
0 4px 6px -4px rgb(0 0 0 / 0.1);
transition: all 300ms; transition: all 300ms;
border: 2px solid; border: 2px solid;
} }

15
docs/docs/CHANGELOG.md
View File

@@ -11,14 +11,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
- Add iplist2rule tool that lets admins turn an IP address blocklist into an Anubis ruleset. - Demote "explicit deny" logs from the Info log level to Info minus one. To get those logs back, set `SLOG_LEVEL=INFO-1` in your environment variables.
- Add Polish locale ([#1292](https://github.com/TecharoHQ/anubis/pull/1309))
- Fix honeypot and imprint links missing `BASE_PREFIX` when deployed behind a path prefix ([#1402](https://github.com/TecharoHQ/anubis/issues/1402))
- Improve idle performance in memory storage
<!-- This changes the project to: --> <!-- This changes the project to: -->
## v1.24.0: Y'shtola Rhul ## v1.24.0 [pre1]: Y'shtola Rhul
Anubis is back and better than ever! Lots of minor fixes with some big ones interspersed. Anubis is back and better than ever! Lots of minor fixes with some big ones interspersed.
@@ -32,14 +29,6 @@ Anubis is back and better than ever! Lots of minor fixes with some big ones inte
- Add support to simple Valkey/Redis cluster mode - Add support to simple Valkey/Redis cluster mode
- Open Graph passthrough now reuses the configured target Host/SNI/TLS settings, so metadata fetches succeed when the upstream certificate differs from the public domain. ([1283](https://github.com/TecharoHQ/anubis/pull/1283)) - Open Graph passthrough now reuses the configured target Host/SNI/TLS settings, so metadata fetches succeed when the upstream certificate differs from the public domain. ([1283](https://github.com/TecharoHQ/anubis/pull/1283))
- Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures. - Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures.
- Refine the check that ensures the presence of the Accept header to avoid breaking docker clients.
- Removed rules intended to reward actual browsers due to abuse in the wild.
### Dataset poisoning
Anubis has the ability to engage in [dataset poisoning attacks](https://www.anthropic.com/research/small-samples-poison) using the [dataset poisoning subsystem](./admin/honeypot/overview.mdx). This allows every Anubis instance to be a honeypot to attract and flag abusive scrapers so that no administrator action is required to ban them.
There is much more information about this feature in [the dataset poisoning subsystem documentation](./admin/honeypot/overview.mdx). Administrators that are interested in learning how this feature works should consult that documentation.
### Deprecate `report_as` in challenge configuration ### Deprecate `report_as` in challenge configuration

2
docs/docs/admin/_category_.json
View File

@@ -5,4 +5,4 @@
"type": "generated-index", "type": "generated-index",
"description": "Tradeoffs and considerations you may want to keep in mind when using Anubis." "description": "Tradeoffs and considerations you may want to keep in mind when using Anubis."
} }
} }

7
docs/docs/admin/botstopper.mdx
View File

@@ -51,8 +51,9 @@ If you are using Kubernetes, you will need to create an image pull secret:
kubectl create secret docker-registry \ kubectl create secret docker-registry \
techarohq-botstopper \ techarohq-botstopper \
--docker-server ghcr.io \ --docker-server ghcr.io \
--docker-username any-username \ --docker-username your-username \
--docker-password <your-access-token> \ --docker-password your-access-token \
--docker-email your@email.address
``` ```
Then attach it to your Deployment: Then attach it to your Deployment:
@@ -84,7 +85,7 @@ Follow [the upstream Docker compose directions](https://anubis.techaro.lol/docs/
OG_EXPIRY_TIME: "24h" OG_EXPIRY_TIME: "24h"
+ # botstopper config here + # botstopper config here
+ CHALLENGE_TITLE: "Doing math for your connection!" + CHALLENGE_TITLE: "Doing math for your connnection!"
+ ERROR_TITLE: "Something went wrong!" + ERROR_TITLE: "Something went wrong!"
+ OVERLAY_FOLDER: /assets + OVERLAY_FOLDER: /assets
+ volumes: + volumes:

2
docs/docs/admin/configuration/_category_.json
View File

@@ -5,4 +5,4 @@
"type": "generated-index", "type": "generated-index",
"description": "Detailed information about configuring parts of Anubis." "description": "Detailed information about configuring parts of Anubis."
} }
} }

2
docs/docs/admin/configuration/challenges/_category_.json
View File

@@ -2,4 +2,4 @@
"label": "Challenges", "label": "Challenges",
"position": 10, "position": 10,
"link": null "link": null
} }

26
docs/docs/admin/configuration/expressions.mdx
View File

@@ -243,16 +243,16 @@ function regexSafe(input: string): string;
`regexSafe` takes a string and escapes it for safe use inside of a regular expression. This is useful when you are creating regular expressions from headers or variables such as `remoteAddress`. `regexSafe` takes a string and escapes it for safe use inside of a regular expression. This is useful when you are creating regular expressions from headers or variables such as `remoteAddress`.
| Input | Output | | Input | Output |
| :------------------------- | :-------------- | | :------------------------ | :------------------------------ |
| `regexSafe("1.2.3.4")` | `1\\.2\\.3\\.4` | | `regexSafe("1.2.3.4")` | `1\\.2\\.3\\.4` |
| `regexSafe("techaro.lol")` | `techaro\\.lol` | | `regexSafe("techaro.lol")` | `techaro\\.lol` |
| `regexSafe("star*")` | `star\\*` | | `regexSafe("star*")` | `star\\*` |
| `regexSafe("plus+")` | `plus\\+` | | `regexSafe("plus+")` | `plus\\+` |
| `regexSafe("{braces}")` | `\\{braces\\}` | | `regexSafe("{braces}")` | `\\{braces\\}` |
| `regexSafe("start^")` | `start\\^` | | `regexSafe("start^")` | `start\\^` |
| `regexSafe("back\\slash")` | `back\\\\slash` | | `regexSafe("back\\slash")` | `back\\\\slash` |
| `regexSafe("dash-dash")` | `dash\\-dash` | | `regexSafe("dash-dash")` | `dash\\-dash` |
### `segments` ### `segments`
@@ -301,9 +301,9 @@ function arpaReverseIP(ip: string): string;
`arpaReverseIP` takes an IP address and returns its value in [ARPA notation](https://www.ietf.org/rfc/rfc2317.html). This can be useful when matching PTR record patterns. `arpaReverseIP` takes an IP address and returns its value in [ARPA notation](https://www.ietf.org/rfc/rfc2317.html). This can be useful when matching PTR record patterns.
| Input | Output | | Input | Output |
| :----------------------------- | :---------------------------------------------------------------- | | :----------------------------- | :------------------------------------------------------------------- |
| `arpaReverseIP("1.2.3.4")` | `4.3.2.1` | | `arpaReverseIP("1.2.3.4")` | `4.3.2.1` |
| `arpaReverseIP("2001:db8::1")` | `1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2` | | `arpaReverseIP("2001:db8::1")` | `1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2` |
#### `lookupHost` #### `lookupHost`

29
docs/docs/admin/configuration/import.mdx
View File

@@ -13,8 +13,6 @@ bots:
- # This correlates to data/bots/ai-catchall.yaml in the source tree - # This correlates to data/bots/ai-catchall.yaml in the source tree
import: (data)/bots/ai-catchall.yaml import: (data)/bots/ai-catchall.yaml
- import: (data)/bots/cloudflare-workers.yaml - import: (data)/bots/cloudflare-workers.yaml
# Import all the rules in the default configuration
- import: (data)/meta/default-config.yaml
``` ```
Of note, a bot rule can either have inline bot configuration or import a bot config snippet. You cannot do both in a single bot rule. Of note, a bot rule can either have inline bot configuration or import a bot config snippet. You cannot do both in a single bot rule.
@@ -37,33 +35,6 @@ config.BotOrImport: rule definition is invalid, you must set either bot rules or
Paths can either be prefixed with `(data)` to import from the [the data folder in the Anubis source tree](https://github.com/TecharoHQ/anubis/tree/main/data) or anywhere on the filesystem. If you don't have access to the Anubis source tree, check /usr/share/docs/anubis/data or in the tarball you extracted Anubis from. Paths can either be prefixed with `(data)` to import from the [the data folder in the Anubis source tree](https://github.com/TecharoHQ/anubis/tree/main/data) or anywhere on the filesystem. If you don't have access to the Anubis source tree, check /usr/share/docs/anubis/data or in the tarball you extracted Anubis from.
## Importing the default configuration
If you want to base your configuration off of the default configuration, import `(data)/meta/default-config.yaml`:
```yaml
bots:
- import: (data)/meta/default-config.yaml
# Write your rules here
```
This will keep your configuration up to date as Anubis adapts to emerging threats.
## How do I exempt most modern browsers from Anubis challenges?
If you want to exempt most modern browsers from Anubis challenges, import `(data)/common/acts-like-browser.yaml`:
```yaml
bots:
- import: (data)/meta/default-config.yaml
- import: (data)/common/acts-like-browser.yaml
# Write your rules here
```
These rules will allow traffic that "looks like" it's from a modern copy of Edge, Safari, Chrome, or Firefox. These rules used to be enabled by default, however user reports have suggested that AI scraper bots have adapted to conform to these rules to scrape without regard for the infrastructure they are attacking.
Use these rules at your own risk.
## Importing from imports ## Importing from imports
You can also import from an imported file in case you want to import an entire folder of rules at once. You can also import from an imported file in case you want to import an entire folder of rules at once.

2
docs/docs/admin/default-allow-behavior.mdx
View File

@@ -89,4 +89,4 @@ If you want to deny all traffic except what you explicitly allow, add a catch-al
- The implicit allow rule is always last and cannot be removed. - The implicit allow rule is always last and cannot be removed.
- Use your logs to monitor what traffic is being allowed by default. - Use your logs to monitor what traffic is being allowed by default.
See [Policy Definitions](./policies) for more details on writing rules. See [Policy Definitions](./policies) for more details on writing rules.

2
docs/docs/admin/environments/_category_.json
View File

@@ -5,4 +5,4 @@
"type": "generated-index", "type": "generated-index",
"description": "Detailed information about individual environments (such as HTTP servers, platforms, etc.) Anubis is known to work with." "description": "Detailed information about individual environments (such as HTTP servers, platforms, etc.) Anubis is known to work with."
} }
} }

2
docs/docs/admin/environments/kubernetes.mdx
View File

@@ -94,8 +94,10 @@ containers:
- ALL - ALL
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
``` ```
Then add a Service entry for Anubis: Then add a Service entry for Anubis:
```yaml ```yaml

117
docs/docs/admin/environments/nginx.mdx
View File

@@ -1,7 +1,5 @@
# Nginx # Nginx
import CodeBlock from "@theme/CodeBlock";
Anubis is intended to be a filter proxy. The way to integrate this with nginx is to break your configuration up into two parts: TLS termination and then HTTP routing. Consider this diagram: Anubis is intended to be a filter proxy. The way to integrate this with nginx is to break your configuration up into two parts: TLS termination and then HTTP routing. Consider this diagram:
```mermaid ```mermaid
@@ -38,26 +36,110 @@ These examples assume that you are using a setup where your nginx configuration
Assuming that we are protecting `anubistest.techaro.lol`, here's what the server configuration file would look like: Assuming that we are protecting `anubistest.techaro.lol`, here's what the server configuration file would look like:
import anubisTest from "!!raw-loader!./nginx/server-anubistest-techaro-lol.conf"; ```nginx
# /etc/nginx/conf.d/server-anubistest-techaro-lol.conf
<CodeBlock language="nginx">{anubisTest}</CodeBlock> # HTTP - Redirect all HTTP traffic to HTTPS
server {
listen 80;
listen [::]:80;
server_name anubistest.techaro.lol;
location / {
return 301 https://$host$request_uri;
}
}
# TLS termination server, this will listen over TLS (https) and then
# proxy all traffic to the target via Anubis.
server {
# Listen on TCP port 443 with TLS (https) and HTTP/2
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Http-Version $server_protocol;
proxy_pass http://anubis;
}
server_name anubistest.techaro.lol;
ssl_certificate /path/to/your/certs/anubistest.techaro.lol.crt;
ssl_certificate_key /path/to/your/certs/anubistest.techaro.lol.key;
}
# Backend server, this is where your webapp should actually live.
server {
listen unix:/run/nginx/nginx.sock;
server_name anubistest.techaro.lol;
root "/srv/http/anubistest.techaro.lol";
index index.html;
# Get the visiting IP from the TLS termination server
set_real_ip_from unix:;
real_ip_header X-Real-IP;
# Your normal configuration can go here
# location .php { fastcgi...} etc.
}
```
:::tip :::tip
You can copy the `location /` block into a separate file named something like `conf-anubis.inc` and then include it inline to other `server` blocks: You can copy the `location /` block into a separate file named something like `conf-anubis.inc` and then include it inline to other `server` blocks:
import anubisInclude from "!!raw-loader!./nginx/conf-anubis.inc"; ```nginx
# /etc/nginx/conf.d/conf-anubis.inc
<CodeBlock language="nginx">{anubisInclude}</CodeBlock> # Forward to anubis
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://anubis;
}
```
Then in a server block: Then in a server block:
<details> <details>
<summary>Full nginx config</summary> <summary>Full nginx config</summary>
import mimiTecharoLol from "!!raw-loader!./nginx/server-mimi-techaro-lol.conf"; ```nginx
# /etc/nginx/conf.d/server-mimi-techaro-lol.conf
<CodeBlock language="nginx">{mimiTecharoLol}</CodeBlock> server {
# Listen on 443 with SSL
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
# Slipstream via Anubis
include "conf-anubis.inc";
server_name mimi.techaro.lol;
ssl_certificate /path/to/your/certs/mimi.techaro.lol.crt;
ssl_certificate_key /path/to/your/certs/mimi.techaro.lol.key;
}
server {
listen unix:/run/nginx/nginx.sock;
server_name mimi.techaro.lol;
port_in_redirect off;
root "/srv/http/mimi.techaro.lol";
index index.html;
# Your normal configuration can go here
# location .php { fastcgi...} etc.
}
```
</details> </details>
@@ -65,9 +147,24 @@ import mimiTecharoLol from "!!raw-loader!./nginx/server-mimi-techaro-lol.conf";
Create an upstream for Anubis. Create an upstream for Anubis.
import anubisUpstream from "!!raw-loader!./nginx/upstream-anubis.conf"; ```nginx
# /etc/nginx/conf.d/upstream-anubis.conf
<CodeBlock language="nginx">{anubisUpstream}</CodeBlock> upstream anubis {
# Make sure this matches the values you set for `BIND` and `BIND_NETWORK`.
# If this does not match, your services will not be protected by Anubis.
# Try anubis first over a UNIX socket
server unix:/run/anubis/nginx.sock;
#server 127.0.0.1:8923;
# Optional: fall back to serving the websites directly. This allows your
# websites to be resilient against Anubis failing, at the risk of exposing
# them to the raw internet without protection. This is a tradeoff and can
# be worth it in some edge cases.
#server unix:/run/nginx.sock backup;
}
```
This can be repeated for multiple sites. Anubis does not care about the HTTP `Host` header and will happily cope with multiple websites via the same instance. This can be repeated for multiple sites. Anubis does not care about the HTTP `Host` header and will happily cope with multiple websites via the same instance.

2
docs/docs/admin/environments/nginx/conf-anubis.inc
View File

@@ -1,2 +0,0 @@
# /etc/nginx/conf-anubis.inc # Forward to anubis location / { proxy_set_header
Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://anubis; }

50
docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf
View File

@@ -1,50 +0,0 @@
# /etc/nginx/conf.d/server-anubistest-techaro-lol.conf
# HTTP - Redirect all HTTP traffic to HTTPS
server {
listen 80;
listen [::]:80;
server_name anubistest.techaro.lol;
location / {
return 301 https://$host$request_uri;
}
}
# TLS termination server, this will listen over TLS (https) and then
# proxy all traffic to the target via Anubis.
server {
# Listen on TCP port 443 with TLS (https) and HTTP/2
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Http-Version $server_protocol;
proxy_pass http://anubis;
}
server_name anubistest.techaro.lol;
ssl_certificate /path/to/your/certs/anubistest.techaro.lol.crt;
ssl_certificate_key /path/to/your/certs/anubistest.techaro.lol.key;
}
# Backend server, this is where your webapp should actually live.
server {
listen unix:/run/nginx/nginx.sock;
server_name anubistest.techaro.lol;
root "/srv/http/anubistest.techaro.lol";
index index.html;
# Get the visiting IP from the TLS termination server
set_real_ip_from unix:;
real_ip_header X-Real-IP;
# Your normal configuration can go here
# location .php { fastcgi...} etc.
}

29
docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf
View File

@@ -1,29 +0,0 @@
# /etc/nginx/conf.d/server-mimi-techaro-lol.conf
server {
# Listen on 443 with SSL
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
# Slipstream via Anubis
include "conf-anubis.inc";
server_name mimi.techaro.lol;
ssl_certificate /path/to/your/certs/mimi.techaro.lol.crt;
ssl_certificate_key /path/to/your/certs/mimi.techaro.lol.key;
}
server {
listen unix:/run/nginx/nginx.sock;
server_name mimi.techaro.lol;
port_in_redirect off;
root "/srv/http/mimi.techaro.lol";
index index.html;
# Your normal configuration can go here
# location .php { fastcgi...} etc.
}

16
docs/docs/admin/environments/nginx/upstream-anubis.conf
View File

@@ -1,16 +0,0 @@
# /etc/nginx/conf.d/upstream-anubis.conf
upstream anubis {
# Make sure this matches the values you set for `BIND` and `BIND_NETWORK`.
# If this does not match, your services will not be protected by Anubis.
# Try anubis first over a UNIX socket
server unix:/run/anubis/nginx.sock;
#server 127.0.0.1:8923;
# Optional: fall back to serving the websites directly. This allows your
# websites to be resilient against Anubis failing, at the risk of exposing
# them to the raw internet without protection. This is a tradeoff and can
# be worth it in some edge cases.
#server unix:/run/nginx.sock backup;
}

Some files were not shown because too many files have changed in this diff Show More