arian/anubis-mirror
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2026-04-10 10:38:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: arian:Xe/contributing-commitlint-etc
Branches Tags
arian:main arian:dependabot/github_actions/github-actions-899c058108 arian:dependabot/go_modules/gomod-93cd730d29 arian:dependabot/npm_and_yarn/npm-34965409cd arian:Xe/feat-main-challenge-uses-preact arian:Xe/faq-min-browser-version arian:Xe/ddwrt-logo arian:Xe/toggle-source arian:Xe/pprof-2 arian:Xe/ci-multiple-go-versions arian:Xe/experimental-windows-binary arian:Xe/go-sh-for-build-scripts arian:Xe/doc-disabling-jit arian:add-claude-github-actions-1773949601522 arian:json/fix-pow-deref arian:Xe/no-govulncheck arian:Xe/docs-systemd-logging-to-file arian:json/gofix arian:json/add-cel-iterator arian:Xe/haproxy-smoke-test arian:Xe/sponsor-logo-sync arian:Xe/agent-hints arian:Xe/contributing-commitlint-etc arian:json/add-back-comments arian:Xe/fix-preact-static-path arian:Xe/document-meta-default-config arian:Xe/bump-go arian:revert-1370-dependabot/go_modules/gomod-76b51a1623 arian:Xe/iplist2rule arian:Xe/fix-nginx-gha arian:fix/nginxsmoke arian:Xe/expose-pprof-in-metrics arian:Xe/serialize-memory arian:Xe/nginx-config-test arian:Xe/no-more-kindness arian:Xe/adjust-accept-rule arian:Xe/honeypot arian:Xe/demote-explicit-deny-logs arian:fix/pin-versions arian:Xe/deprecate-report_as arian:Xe/dependabot-cooldown arian:Xe/logrotate arian:Xe/go-mod-tidy-check arian:Xe/redis-sentinel arian:docs/fix-1080 arian:fix/ogtags-sni arian:fix/ci-go-mod arian:chore/gomodupdates arian:fix/CVE2025_24369-flakyness arian:fix/upgrade-playwright arian:fix/nilpointerpanic arian:Xe/metrics-for-weigh-matches arian:Xe/fix-docs-deploy arian:Xe/dont-cookie-host-implicitly arian:Xe/ensure-embed-folder-matches-embed-fs arian:Xe/more-docker-client-programs arian:Xe/add-asset-build-verification-workflow arian:Xe/gh-1252/docker-registry-client-fix arian:Xe/chrome-version-number-deweighing arian:Xe/blog/abuse-reports arian:Xe/unblock-tencent-cloud arian:Xe/fix-serve-robots-txt arian:Xe/analytics-so-i-can-get-grants arian:Xe/fix-open-redirect-subrequest arian:Xe/remove-copilot-instructions arian:Xe/checker.List-and-like arian:Xe/block-tencent-cloud arian:Xe/fix-bbolt-errors arian:Xe/get-started-environments arian:Xe/show-error-state arian:Xe/fix-webcrypto-detection arian:Xe/even-less-paranoid arian:Xe/unflake-lib-package arian:Xe/default-config-macro arian:Xe/preact-deprecate arian:Xe/less-paranoid arian:Xe/wasm3 arian:Xe/double-slash-xess arian:Xe/double-slash-try-3 arian:Xe/fix-cookie-prefix-stutter arian:Xe/metarefresh-randomly-refresh-header arian:Xe/contentLength-in-expressions arian:Xe/ssh-ci-no-uname-av arian:Xe/ssh-ci-arm64 arian:Xe/actorify arian:Xe/log-filters arian:Xe/decaymap-sync-map arian:Xe/use-typescript arian:Xe/containerbuild-support-commas arian:Xe/npmjs-secvuln-fix arian:json/signingnudge arian:Xe/embed-services-folder arian:Xe/demote-temporal-assurance arian:Xe/store-s3 arian:json/requireED25519 arian:fix/multibot arian:json/docs arian:Xe/redirect-domain-wildcard arian:Xe/fix-force-language arian:Xe/anti-assistant arian:Xe/fix-main arian:Xe/enhanced-temporal-reassurance arian:Xe/docker-buildx-bake2 arian:Xe-patch-1 arian:Xe/proof-of-react arian:Xe/decimal-nonce-post arian:Xe/fix-decimal-nonce arian:json/fixspelling arian:copilot/fix-bac27955-bb79-4b41-8954-7463ba8a52db arian:Xe/block-alibaba arian:Xe/block-huawei arian:Xe/1002-challenge-spent-field arian:Xe/funding-update-august-2025 arian:Xe/remove-hack arian:revert-952-dependabot/github_actions/github-actions-246dc3e5c9 arian:Xe/embed-challenge-id-in-generated-pages arian:Xe/silence-http-pipelining-error arian:Xe/remove-json-docs arian:Xe/fix-purejs-and-make-faster arian:Xe/purge-slow arian:Xe/allow-opengraph-response-urls arian:Xe/anubis-custom-logger arian:Xe/default-rules/customasynchttpclient arian:Xe/store-challenge-method-with-challenge arian:Xe/checks-v2 arian:Xe/cel-segments arian:Xe/chore-expose-thoth arian:Xe/test-xff-no-double-comma arian:Xe/nerf-try-again-button arian:Xe/test-palemoon arian:Xe/xss-fix-2 arian:Xe/xss-fix arian:release/v1.21.1 arian:Xe/v1.21.1-blogpost arian:Xe/russian-translation-with-fixes arian:Xe/fix-unknown-challenge-throw-new-challenge arian:Xe/web-event-loop-thrashing arian:Xe/promise-leak arian:revert-873-dependabot/go_modules/gomod-adef35df73 arian:Xe/osiris arian:dependabot/go_modules/gomod-adef35df73 arian:Xe/missing-header-function arian:Xe/smoke-test/caddy-and-unix-socket arian:Xe/ssh-ci/deflake arian:Xe/smoke-test/translations arian:release/v1.21.0 arian:Xe/health-ready-endpoints arian:Xe/ja4h arian:Xe/test-cookie-fix arian:Xe/docs-image-per-commit arian:Xe/smoke-test/git-push arian:Xe/git-server-test arian:Xe/disable-system-load-by-default arian:release/v1.21.0-pre2 arian:Xe/double-slash-try-2 arian:Xe/status-page arian:Xe/double-slash arian:Xe/changelog-mention-migration-breakage arian:Xe/nginx-micro arian:Xe/TI-20250709-0001 arian:Xe/thoth-client-dont-block-on-healthchecks arian:Xe/load-average arian:Xe/docs-remove-proof-of-work-branding arian:Xe/bbolt-cleanup-every-hour arian:Xe/optimize-bbolt arian:Xe/ogtags-use-store arian:Xe/devcontainer-playwright arian:Xe/store-interface arian:Xe/allow-commoncrawl arian:Xe/docs-botstopper arian:Xe/fix-anubis-systemd-runtimedir-instances arian:Xe/checker-registry arian:vic/set-cookies-to-secure arian:json/dup arian:Xe/docker-buildx-bake arian:Xe/valkey-2 arian:Xe/thr1 arian:Xe/v1.19.0-pre1 arian:Xe/thoth arian:Xe/valkey arian:wasm arian:Xe/expressions arian:Xe/go-tool-yeet arian:Xe/pkgserver arian:Xe/yeet-as-tool arian:release/v1.15.x arian:Xe/minimize-logging arian:revert-134-revert-120-Xe/cookie-settings arian:Xe/allow-internet-archive arian:Xe/hyper-galaxy-brain
arian:v1.25.0 arian:v1.24.0 arian:v1.24.0-pre1 arian:v1.23.1 arian:v1.23.0 arian:v1.23.0-pre2 arian:v1.23.0-pre1 arian:v1.22.0 arian:v1.22.0-pre2 arian:v1.22.0-pre1 arian:v1.21.3 arian:v1.21.2 arian:v1.21.1 arian:v1.21.0 arian:v1.21.0-pre3 arian:v1.21.0-pre2 arian:v1.21.0-pre1 arian:v1.20.0 arian:v1.20.0-pre2 arian:v1.20.0-pre1 arian:v1.19.1 arian:v1.19.0 arian:v1.19.0-pre1 arian:v1.18.0 arian:v1.18.0-pre1 arian:v1.17.1 arian:v1.17.0 arian:v1.17.0.signed arian:v1.17.0-beta4 arian:1.17.0-beta2 arian:v1.17.0-beta3 arian:v1.17.0-beta1 arian:v1.16.0 arian:v1.15.2 arian:v1.15.1 arian:v1.15.0 arian:v1.14.2 arian:v1.14.1 arian:v1.14.0 arian:v1.13.0 arian:v1.12.1
..
compare: arian:Xe/honeypot
Branches Tags
arian:dependabot/github_actions/github-actions-899c058108 arian:dependabot/go_modules/gomod-93cd730d29 arian:dependabot/npm_and_yarn/npm-34965409cd arian:Xe/feat-main-challenge-uses-preact arian:main arian:Xe/faq-min-browser-version arian:Xe/ddwrt-logo arian:Xe/toggle-source arian:Xe/pprof-2 arian:Xe/ci-multiple-go-versions arian:Xe/experimental-windows-binary arian:Xe/go-sh-for-build-scripts arian:Xe/doc-disabling-jit arian:add-claude-github-actions-1773949601522 arian:json/fix-pow-deref arian:Xe/no-govulncheck arian:Xe/docs-systemd-logging-to-file arian:json/gofix arian:json/add-cel-iterator arian:Xe/haproxy-smoke-test arian:Xe/sponsor-logo-sync arian:Xe/agent-hints arian:Xe/contributing-commitlint-etc arian:json/add-back-comments arian:Xe/fix-preact-static-path arian:Xe/document-meta-default-config arian:Xe/bump-go arian:revert-1370-dependabot/go_modules/gomod-76b51a1623 arian:Xe/iplist2rule arian:Xe/fix-nginx-gha arian:fix/nginxsmoke arian:Xe/expose-pprof-in-metrics arian:Xe/serialize-memory arian:Xe/nginx-config-test arian:Xe/no-more-kindness arian:Xe/adjust-accept-rule arian:Xe/honeypot arian:Xe/demote-explicit-deny-logs arian:fix/pin-versions arian:Xe/deprecate-report_as arian:Xe/dependabot-cooldown arian:Xe/logrotate arian:Xe/go-mod-tidy-check arian:Xe/redis-sentinel arian:docs/fix-1080 arian:fix/ogtags-sni arian:fix/ci-go-mod arian:chore/gomodupdates arian:fix/CVE2025_24369-flakyness arian:fix/upgrade-playwright arian:fix/nilpointerpanic arian:Xe/metrics-for-weigh-matches arian:Xe/fix-docs-deploy arian:Xe/dont-cookie-host-implicitly arian:Xe/ensure-embed-folder-matches-embed-fs arian:Xe/more-docker-client-programs arian:Xe/add-asset-build-verification-workflow arian:Xe/gh-1252/docker-registry-client-fix arian:Xe/chrome-version-number-deweighing arian:Xe/blog/abuse-reports arian:Xe/unblock-tencent-cloud arian:Xe/fix-serve-robots-txt arian:Xe/analytics-so-i-can-get-grants arian:Xe/fix-open-redirect-subrequest arian:Xe/remove-copilot-instructions arian:Xe/checker.List-and-like arian:Xe/block-tencent-cloud arian:Xe/fix-bbolt-errors arian:Xe/get-started-environments arian:Xe/show-error-state arian:Xe/fix-webcrypto-detection arian:Xe/even-less-paranoid arian:Xe/unflake-lib-package arian:Xe/default-config-macro arian:Xe/preact-deprecate arian:Xe/less-paranoid arian:Xe/wasm3 arian:Xe/double-slash-xess arian:Xe/double-slash-try-3 arian:Xe/fix-cookie-prefix-stutter arian:Xe/metarefresh-randomly-refresh-header arian:Xe/contentLength-in-expressions arian:Xe/ssh-ci-no-uname-av arian:Xe/ssh-ci-arm64 arian:Xe/actorify arian:Xe/log-filters arian:Xe/decaymap-sync-map arian:Xe/use-typescript arian:Xe/containerbuild-support-commas arian:Xe/npmjs-secvuln-fix arian:json/signingnudge arian:Xe/embed-services-folder arian:Xe/demote-temporal-assurance arian:Xe/store-s3 arian:json/requireED25519 arian:fix/multibot arian:json/docs arian:Xe/redirect-domain-wildcard arian:Xe/fix-force-language arian:Xe/anti-assistant arian:Xe/fix-main arian:Xe/enhanced-temporal-reassurance arian:Xe/docker-buildx-bake2 arian:Xe-patch-1 arian:Xe/proof-of-react arian:Xe/decimal-nonce-post arian:Xe/fix-decimal-nonce arian:json/fixspelling arian:copilot/fix-bac27955-bb79-4b41-8954-7463ba8a52db arian:Xe/block-alibaba arian:Xe/block-huawei arian:Xe/1002-challenge-spent-field arian:Xe/funding-update-august-2025 arian:Xe/remove-hack arian:revert-952-dependabot/github_actions/github-actions-246dc3e5c9 arian:Xe/embed-challenge-id-in-generated-pages arian:Xe/silence-http-pipelining-error arian:Xe/remove-json-docs arian:Xe/fix-purejs-and-make-faster arian:Xe/purge-slow arian:Xe/allow-opengraph-response-urls arian:Xe/anubis-custom-logger arian:Xe/default-rules/customasynchttpclient arian:Xe/store-challenge-method-with-challenge arian:Xe/checks-v2 arian:Xe/cel-segments arian:Xe/chore-expose-thoth arian:Xe/test-xff-no-double-comma arian:Xe/nerf-try-again-button arian:Xe/test-palemoon arian:Xe/xss-fix-2 arian:Xe/xss-fix arian:release/v1.21.1 arian:Xe/v1.21.1-blogpost arian:Xe/russian-translation-with-fixes arian:Xe/fix-unknown-challenge-throw-new-challenge arian:Xe/web-event-loop-thrashing arian:Xe/promise-leak arian:revert-873-dependabot/go_modules/gomod-adef35df73 arian:Xe/osiris arian:dependabot/go_modules/gomod-adef35df73 arian:Xe/missing-header-function arian:Xe/smoke-test/caddy-and-unix-socket arian:Xe/ssh-ci/deflake arian:Xe/smoke-test/translations arian:release/v1.21.0 arian:Xe/health-ready-endpoints arian:Xe/ja4h arian:Xe/test-cookie-fix arian:Xe/docs-image-per-commit arian:Xe/smoke-test/git-push arian:Xe/git-server-test arian:Xe/disable-system-load-by-default arian:release/v1.21.0-pre2 arian:Xe/double-slash-try-2 arian:Xe/status-page arian:Xe/double-slash arian:Xe/changelog-mention-migration-breakage arian:Xe/nginx-micro arian:Xe/TI-20250709-0001 arian:Xe/thoth-client-dont-block-on-healthchecks arian:Xe/load-average arian:Xe/docs-remove-proof-of-work-branding arian:Xe/bbolt-cleanup-every-hour arian:Xe/optimize-bbolt arian:Xe/ogtags-use-store arian:Xe/devcontainer-playwright arian:Xe/store-interface arian:Xe/allow-commoncrawl arian:Xe/docs-botstopper arian:Xe/fix-anubis-systemd-runtimedir-instances arian:Xe/checker-registry arian:vic/set-cookies-to-secure arian:json/dup arian:Xe/docker-buildx-bake arian:Xe/valkey-2 arian:Xe/thr1 arian:Xe/v1.19.0-pre1 arian:Xe/thoth arian:Xe/valkey arian:wasm arian:Xe/expressions arian:Xe/go-tool-yeet arian:Xe/pkgserver arian:Xe/yeet-as-tool arian:release/v1.15.x arian:Xe/minimize-logging arian:revert-134-revert-120-Xe/cookie-settings arian:Xe/allow-internet-archive arian:Xe/hyper-galaxy-brain
arian:v1.25.0 arian:v1.24.0 arian:v1.24.0-pre1 arian:v1.23.1 arian:v1.23.0 arian:v1.23.0-pre2 arian:v1.23.0-pre1 arian:v1.22.0 arian:v1.22.0-pre2 arian:v1.22.0-pre1 arian:v1.21.3 arian:v1.21.2 arian:v1.21.1 arian:v1.21.0 arian:v1.21.0-pre3 arian:v1.21.0-pre2 arian:v1.21.0-pre1 arian:v1.20.0 arian:v1.20.0-pre2 arian:v1.20.0-pre1 arian:v1.19.1 arian:v1.19.0 arian:v1.19.0-pre1 arian:v1.18.0 arian:v1.18.0-pre1 arian:v1.17.1 arian:v1.17.0 arian:v1.17.0.signed arian:v1.17.0-beta4 arian:1.17.0-beta2 arian:v1.17.0-beta3 arian:v1.17.0-beta1 arian:v1.16.0 arian:v1.15.2 arian:v1.15.1 arian:v1.15.0 arian:v1.14.2 arian:v1.14.1 arian:v1.14.0 arian:v1.13.0 arian:v1.12.1

8 Commits
Xe/contrib ... Xe/honeypo

Author SHA1 Message Date
Xe Iaso
15b0927c46 chore: spelling 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-12-16 04:08:53 -05:00
Xe Iaso
5e69031c10 chore: fix spelling metadata 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-12-16 04:05:51 -05:00
Xe Iaso
9ccd5db528 chore(test): go mod tidy 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-12-16 04:04:56 -05:00
Xe Iaso
82fca3e714 docs: add honeypot docs 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-12-16 04:03:37 -05:00
Xe Iaso
83c8c3606a fix(lib): use mazeGen instead of bsGen 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-12-16 01:26:00 -05:00
Xe Iaso
958daba4a1 feat(honeypot/naive): attempt to automatically filter out based on crawling 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-12-16 01:22:13 -05:00
Xe Iaso
e0f4468b03 fix(honeypot/naive): optimize hilariously 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-12-15 23:11:21 -05:00
Xe Iaso
ade8505b26 feat: first implementation of honeypot logic 
This is a bit of an experiment, stick with me.

The core idea here is that badly written crawlers are that: badly
written. They look for anything that contains `<a href="whatever" />`
tags and will blindly use those values to recurse. This takes advantage
of that by hiding a link in a `<script>` tag like this:

```html
<script type="ignore"><a href="/bots-only">Don't click</a></script>
```

Browsers will ignore it because they have no handler for the "ignore"
script type.

This current draft is very unoptimized (it takes like 7 seconds to
generate a page on my tower), however switching spintax libraries will
make this much faster.

The hope is to make this pluggable with WebAssembly such that we force
administrators to choose a storage method. First we crawl before we
walk.

The AI involvement in this commit is limited to the spintax in
affirmations.txt, spintext.txt, and titles.txt. This generates a bunch
of "pseudoprofound bullshit" like the following:

> This Restoration to Balance & Alignment
>
> There's a moment when creators are being called to realize that the work
> can't be reduced to results, but about energy. We don't innovate products
> by pushing harder, we do it by holding the vision. Because momentum can't
> be forced, it unfolds over time when culture are moving in the same
> direction. We're being invited into a paradigm shift in how we think
> about innovation. [...]

This is intended to "look" like normal article text. As this is a first
draft, this sucks and will be improved upon.

Assisted-by: GLM 4.6, ChatGPT, GPT-OSS 120b
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-12-15 18:27:42 -05:00
224 changed files with 2525 additions and 4537 deletions
Expand all files Collapse all files

6
.devcontainer/devcontainer.json
View File

@@ -2,7 +2,9 @@
// README at: https://github.com/devcontainers/templates/tree/main/src/debian // README at: https://github.com/devcontainers/templates/tree/main/src/debian
{ {
"name": "Dev", "name": "Dev",
"dockerComposeFile": ["./docker-compose.yaml"], "dockerComposeFile": [
"./docker-compose.yaml"
],
"service": "workspace", "service": "workspace",
"workspaceFolder": "/workspace/anubis", "workspaceFolder": "/workspace/anubis",
"postStartCommand": "bash ./.devcontainer/poststart.sh", "postStartCommand": "bash ./.devcontainer/poststart.sh",
@@ -29,4 +31,4 @@
} }
} }
} }
} }

1
.github/ISSUE_TEMPLATE/bug_report.yaml vendored
View File

@@ -58,3 +58,4 @@ body:
attributes: attributes:
label: Additional context label: Additional context
description: Add any other context about the problem here. description: Add any other context about the problem here.

2
.github/ISSUE_TEMPLATE/feature_request.yaml vendored
View File

@@ -1,6 +1,6 @@
name: Feature request name: Feature request
description: Suggest an idea for this project description: Suggest an idea for this project
title: "[Feature request] " title: '[Feature request] '
body: body:
- type: textarea - type: textarea

24
.github/actions/spelling/README.md vendored
View File

@@ -1,17 +1,17 @@
# check-spelling/check-spelling configuration # check-spelling/check-spelling configuration
| File | Purpose | Format | Info | File | Purpose | Format | Info
| -------------------------------------------------- | -------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | -|-|-|-
| [dictionary.txt](dictionary.txt) | Replacement dictionary (creating this file will override the default dictionary) | one word per line | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary) | [dictionary.txt](dictionary.txt) | Replacement dictionary (creating this file will override the default dictionary) | one word per line | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary)
| [allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow) | [allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow)
| [reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject) | [reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject)
| [excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes) | [excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes)
| [only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only) | [only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only)
| [patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) | [patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
| [candidate.patterns](candidate.patterns) | Patterns that might be worth adding to [patterns.txt](patterns.txt) | perl regular expression with optional comment block introductions (all matches will be suggested) | [candidates](https://github.com/check-spelling/check-spelling/wiki/Feature:-Suggest-patterns) | [candidate.patterns](candidate.patterns) | Patterns that might be worth adding to [patterns.txt](patterns.txt) | perl regular expression with optional comment block introductions (all matches will be suggested) | [candidates](https://github.com/check-spelling/check-spelling/wiki/Feature:-Suggest-patterns)
| [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) | [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
| [expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect) | [expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect)
| [advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice) | [advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice)
Note: you can replace any of these files with a directory by the same name (minus the suffix) Note: you can replace any of these files with a directory by the same name (minus the suffix)
and then include multiple files inside that directory (with that suffix) to merge multiple files together. and then include multiple files inside that directory (with that suffix) to merge multiple files together.

19
.github/actions/spelling/advice.md vendored
View File

@@ -2,27 +2,30 @@
<details><summary>If the flagged items are :exploding_head: false positives</summary> <details><summary>If the flagged items are :exploding_head: false positives</summary>
If items relate to a ... If items relate to a ...
* binary file (or some other file you wouldn't want to check at all).
- binary file (or some other file you wouldn't want to check at all).
Please add a file path to the `excludes.txt` file matching the containing file. Please add a file path to the `excludes.txt` file matching the containing file.
File paths are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files. File paths are Perl 5 Regular Expressions - you can [test](
https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files.
`^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](../tree/HEAD/README.md) (on whichever branch you're using). `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](
../tree/HEAD/README.md) (on whichever branch you're using).
- well-formed pattern. * well-formed pattern.
If you can write a [pattern](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns) that would match it, If you can write a [pattern](
https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns
) that would match it,
try adding it to the `patterns.txt` file. try adding it to the `patterns.txt` file.
Patterns are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines. Patterns are Perl 5 Regular Expressions - you can [test](
https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines.
Note that patterns can't match multiline strings. Note that patterns can't match multiline strings.
</details> </details>
<!-- adoption information--> <!-- adoption information-->
:steam_locomotive: If you're seeing this message and your PR is from a branch that doesn't have check-spelling, :steam_locomotive: If you're seeing this message and your PR is from a branch that doesn't have check-spelling,
please merge to your PR's base branch to get the version configured for your repository. please merge to your PR's base branch to get the version configured for your repository.

6
.github/actions/spelling/allow.txt vendored
View File

@@ -18,9 +18,3 @@ clampip
pseudoprofound pseudoprofound
reimagining reimagining
iocaine iocaine
admins
fout
iplist
NArg
blocklists
rififi

12
.github/actions/spelling/excludes.txt vendored
View File

@@ -87,14 +87,10 @@
^docs/docs/user/known-instances.md$ ^docs/docs/user/known-instances.md$
^docs/manifest/.*$ ^docs/manifest/.*$
^docs/static/\.nojekyll$ ^docs/static/\.nojekyll$
^internal/glob/glob_test.go$
^internal/honeypot/naive/affirmations\.txt$
^internal/honeypot/naive/spintext\.txt$
^internal/honeypot/naive/titles\.txt$
^lib/config/testdata/bad/unparseable\.json$
^lib/localization/.*_test.go$
^lib/localization/locales/.*\.json$
^lib/policy/config/testdata/bad/unparseable\.json$ ^lib/policy/config/testdata/bad/unparseable\.json$
^test/.*$ ^internal/glob/glob_test.go$
ignore$ ignore$
robots.txt robots.txt
^lib/localization/locales/.*\.json$
^lib/localization/.*_test.go$
^test/.*$

819
.github/actions/spelling/expect.txt vendored
View File

@@ -1,410 +1,409 @@
acs acs
Actorified Actorified
actorifiedstore actorifiedstore
actorify actorify
Aibrew Aibrew
alibaba alibaba
alrest alrest
amazonbot amazonbot
anthro anthro
anubis anubis
anubistest anubistest
apnic apnic
APNICRANDNETAU APNICRANDNETAU
Applebot Applebot
archlinux archlinux
arpa arpa
asnc asnc
asnchecker asnchecker
asns asns
aspirational aspirational
atuin atuin
azuretools azuretools
badregexes badregexes
bbolt bbolt
bdba bdba
berr berr
bezier bezier
bingbot bingbot
Bitcoin Bitcoin
bitrate bitrate
Bluesky Bluesky
blueskybot blueskybot
boi boi
Bokm Bokm
botnet botnet
botstopper botstopper
BPort BPort
Brightbot Brightbot
broked broked
buildah buildah
byteslice byteslice
Bytespider Bytespider
cachebuster cachebuster
cachediptoasn cachediptoasn
Caddyfile Caddyfile
caninetools caninetools
Cardyb Cardyb
celchecker celchecker
celphase celphase
cerr cerr
certresolver certresolver
cespare cespare
CGNAT CGNAT
cgr cgr
chainguard chainguard
chall chall
challengemozilla challengemozilla
challengetest challengetest
checkpath checkpath
checkresult checkresult
chibi chibi
cidranger cidranger
ckie ckie
cloudflare cloudflare
Codespaces Codespaces
confd confd
containerbuild connnection
containerregistry containerbuild
coreutils containerregistry
Cotoyogi coreutils
Cromite Cotoyogi
crt Cromite
Cscript crt
daemonizing Cscript
databento daemonizing
dayjob dayjob
dco DDOS
DDOS Debian
Debian debrpm
debrpm decaymap
decaymap devcontainers
devcontainers Diffbot
Diffbot discordapp
discordapp discordbot
discordbot distros
distros dnf
dnf dnsbl
dnsbl dnserr
dnserr DNSTTL
DNSTTL domainhere
domainhere dracula
dracula dronebl
dronebl droneblresponse
droneblresponse dropin
dropin dsilence
dsilence duckduckbot
duckduckbot eerror
eerror ellenjoe
ellenjoe emacs
emacs enbyware
enbyware etld
etld everyones
everyones evilbot
evilbot evilsite
evilsite expressionorlist
expressionorlist externalagent
externalagent externalfetcher
externalfetcher extldflags
extldflags facebookgo
facebookgo Factset
Factset fahedouch
fahedouch fastcgi
fastcgi FCr
FCr fcrdns
fcrdns fediverse
fediverse ffprobe
ffprobe financials
financials finfos
finfos Firecrawl
Firecrawl flagenv
flagenv Fordola
Fordola forgejo
forgejo forwardauth
forwardauth fsys
fsys fullchain
fullchain gaissmai
gaissmai Galvus
Galvus geoip
geoip geoipchecker
geoipchecker gha
gha GHSA
GHSA Ghz
Ghz gipc
gipc gitea
gitea godotenv
GLM goland
godotenv gomod
goimports goodbot
goland googlebot
gomod gopsutil
goodbot govulncheck
googlebot goyaml
gopsutil GPG
govulncheck GPT
goyaml gptbot
GPG Graphene
GPT grpcprom
gptbot grw
Graphene gzw
grpcprom Hashcash
grw hashrate
gzw headermap
Hashcash healthcheck
hashrate healthz
headermap hec
healthcheck helpdesk
healthz Hetzner
hec hmc
helpdesk homelab
Hetzner hostable
hmc htmlc
homelab htmx
hostable httpdebug
htmlc huawei
htmx hypertext
httpdebug iaskspider
huawei iaso
hypertext iat
iaskspider ifm
iaso Imagesift
iat imgproxy
ifm impressum
Imagesift inbox
imgproxy ingressed
impressum inp
inbox internets
ingressed IPTo
inp iptoasn
internets isp
IPTo iss
iptoasn isset
isp ivh
iss Jenomis
isset JGit
ivh jhjj
Jenomis joho
JGit journalctl
jhjj jshelter
joho JWTs
journalctl kagi
jshelter kagibot
JWTs Keyfunc
kagi keypair
kagibot KHTML
Keyfunc kinda
keypair KUBECONFIG
KHTML lcj
kinda ldflags
KUBECONFIG letsencrypt
lcj Lexentale
ldflags lfc
letsencrypt lgbt
Lexentale licend
lfc licstart
lgbt lightpanda
licend limsa
licstart Linting
lightpanda listor
limsa LLU
Linting loadbalancer
listor lol
LLU lominsa
loadbalancer maintainership
lol malware
lominsa mcr
maintainership memes
malware metarefresh
mcr metrix
memes mimi
metarefresh Minfilia
metrix mistralai
mimi mnt
Minfilia Mojeek
mistralai mojeekbot
mnt mozilla
Mojeek myclient
mojeekbot mymaster
mozilla mypass
myclient myuser
mymaster nbf
mypass nepeat
myuser netsurf
nbf nginx
nepeat nicksnyder
netsurf nobots
nginx NONINFRINGEMENT
nicksnyder nosleep
nikandfor nullglob
nobots oci
NONINFRINGEMENT OCOB
nosleep ogtag
nullglob oklch
oci omgili
OCOB omgilibot
ogtag openai
oklch opendns
omgili opengraph
omgilibot openrc
openai oswald
opendns pag
opengraph palemoon
openrc Pangu
oswald parseable
pag passthrough
pagegen Patreon
palemoon pgrep
Pangu phrik
parseable pidfile
passthrough pids
Patreon pipefail
perplexitybot pki
pgrep podkova
phrik podman
pidfile Postgre
pids poststart
pipefail prebaked
pki privkey
podkova promauto
podman promhttp
Postgre proofofwork
poststart publicsuffix
prebaked purejs
privkey pwcmd
promauto pwuser
promhttp qualys
proofofwork qwant
publicsuffix qwantbot
purejs rac
pwcmd rawler
pwuser rcvar
qualys redhat
qwant redir
qwantbot redirectscheme
rac refactors
rawler remoteip
rcvar reputational
redhat risc
redir ruleset
redirectscheme runlevels
refactors RUnlock
remoteip runtimedir
reputational runtimedirectory
Rhul Ryzen
risc sas
ruleset sasl
runlevels screenshots
RUnlock searchbot
runtimedir searx
runtimedirectory sebest
Ryzen secretplans
sas Semrush
sasl Seo
screenshots setsebool
searchbot shellcheck
searx shirou
sebest shopt
secretplans Sidetrade
Semrush simprint
Seo sitemap
setsebool sls
shellcheck sni
shirou snipster
shoneypot Spambot
shopt sparkline
Sidetrade spyderbot
simprint srv
sitemap stackoverflow
sls startprecmd
sni stoppostcmd
snipster storetest
Spambot subgrid
spammer subr
sparkline subrequest
spyderbot SVCNAME
srv tagline
stackoverflow tarballs
startprecmd tarrif
stoppostcmd taviso
storetest tbn
subgrid tbr
subr techaro
subrequest techarohq
SVCNAME telegrambot
tagline templ
tarballs templruntime
tarrif testarea
taviso Thancred
tbn thoth
tbr thothmock
techaro Tik
techarohq Timpibot
telegrambot TLog
templ traefik
templruntime trunc
testarea uberspace
Thancred Unbreak
thoth unbreakdocker
thothmock unifiedjs
Tik unmarshal
Timpibot unparseable
TLog uvx
traefik UXP
trunc valkey
uberspace Varis
Unbreak Velen
unbreakdocker vendored
unifiedjs verify
unmarshal vhosts
unparseable vkbot
uvx VKE
UXP vnd
valkey VPS
Varis Vultr
Velen weblate
vendored webmaster
vhosts webpage
vkbot websecure
VKE websites
vnd Webzio
VPS whois
Vultr wildbase
WAIFU withthothmock
weblate wolfbeast
webmaster wordpress
webpage workaround
websecure workdir
websites wpbot
Webzio XCircle
whois xeiaso
wildbase xeserv
withthothmock xesite
wolfbeast xess
wordpress xff
workaround XForwarded
workdir XNG
wpbot XOB
XCircle XOriginal
xeiaso XReal
xeserv yae
xesite YAMLTo
xess Yda
xff yeet
XForwarded yeetfile
XNG yourdomain
XOB yyz
XOriginal Zenos
XReal zizmor
Y'shtola zombocom
yae zos
YAMLTo GLM
Yda iocaine
yeet nikandfor
yeetfile pagegen
yourdomain pseudoprofound
yyz reimagining
Zenos Rhul
zizmor shoneypot
zombocom spammer
zos Y'shtola
zst

10
.github/workflows/asset-verification.yml vendored
View File

@@ -13,7 +13,7 @@ jobs:
asset_verification: asset_verification:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
persist-credentials: false persist-credentials: false
@@ -22,12 +22,12 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: install node deps - name: install node deps
run: | run: |

9
.github/workflows/dco-check.yaml vendored
View File

@@ -1,9 +0,0 @@
name: DCO Check
on: [pull_request]
jobs:
dco_check:
runs-on: ubuntu-latest
steps:
- uses: tisonkun/actions-dco@f1024cd563550b5632e754df11b7d30b73be54a5 # v1.1

10
.github/workflows/docker-pr.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -26,12 +26,12 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9

12
.github/workflows/docker.yml vendored
View File

@@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -36,12 +36,12 @@ jobs:
run: | run: |
echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
@@ -68,7 +68,7 @@ jobs:
SLOG_LEVEL: debug SLOG_LEVEL: debug
- name: Generate artifact attestation - name: Generate artifact attestation
uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0 uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
with: with:
subject-name: ${{ env.IMAGE }} subject-name: ${{ env.IMAGE }}
subject-digest: ${{ steps.build.outputs.digest }} subject-digest: ${{ steps.build.outputs.digest }}

8
.github/workflows/docs-deploy.yml vendored
View File

@@ -17,12 +17,12 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
persist-credentials: false persist-credentials: false
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Log into registry - name: Log into registry
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
@@ -53,14 +53,14 @@ jobs:
push: true push: true
- name: Apply k8s manifests to limsa lominsa - name: Apply k8s manifests to limsa lominsa
uses: actions-hub/kubectl@f6d776bd78f4523e36d6c74d34f9941c242b2213 # v1.35.0 uses: actions-hub/kubectl@2639090a038d46a3b9b98b220ae0837676ded8b7 # v1.34.3
env: env:
KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }}
with: with:
args: apply -k docs/manifest args: apply -k docs/manifest
- name: Apply k8s manifests to limsa lominsa - name: Apply k8s manifests to limsa lominsa
uses: actions-hub/kubectl@f6d776bd78f4523e36d6c74d34f9941c242b2213 # v1.35.0 uses: actions-hub/kubectl@2639090a038d46a3b9b98b220ae0837676ded8b7 # v1.34.3
env: env:
KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }}
with: with:

4
.github/workflows/docs-test.yml vendored
View File

@@ -13,12 +13,12 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
persist-credentials: false persist-credentials: false
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Docker meta - name: Docker meta
id: meta id: meta

6
.github/workflows/go-mod-tidy-check.yml vendored
View File

@@ -13,13 +13,13 @@ jobs:
go_mod_tidy_check: go_mod_tidy_check:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
persist-credentials: false persist-credentials: false
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: Check go.mod and go.sum in main directory - name: Check go.mod and go.sum in main directory
run: | run: |

12
.github/workflows/go.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
#runs-on: alrest-techarohq #runs-on: alrest-techarohq
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
persist-credentials: false persist-credentials: false
@@ -24,15 +24,15 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: Cache playwright binaries - name: Cache playwright binaries
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
id: playwright-cache id: playwright-cache
with: with:
path: | path: |

19
.github/workflows/lint-pr-title.yaml vendored
View File

@@ -1,19 +0,0 @@
name: "Lint PR"
on:
pull_request_target:
types:
- opened
- edited
- synchronize
jobs:
lint_pr_title:
name: Validate PR title
runs-on: ubuntu-latest
permissions:
pull-requests: read
steps:
- uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

10
.github/workflows/package-builds-stable.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
#runs-on: alrest-techarohq #runs-on: alrest-techarohq
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
persist-credentials: false persist-credentials: false
fetch-tags: true fetch-tags: true
@@ -25,12 +25,12 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: install node deps - name: install node deps
run: | run: |

12
.github/workflows/package-builds-unstable.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
#runs-on: alrest-techarohq #runs-on: alrest-techarohq
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
persist-credentials: false persist-credentials: false
fetch-tags: true fetch-tags: true
@@ -26,12 +26,12 @@ jobs:
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential sudo apt-get install -y build-essential
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: install node deps - name: install node deps
run: | run: |
@@ -41,7 +41,7 @@ jobs:
run: | run: |
go tool yeet go tool yeet
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with: with:
name: packages name: packages
path: var/* path: var/*

13
.github/workflows/smoke-tests.yml vendored
View File

@@ -23,23 +23,22 @@ jobs:
- healthcheck - healthcheck
- i18n - i18n
- log-file - log-file
- nginx
- palemoon/amd64 - palemoon/amd64
#- palemoon/i386 #- palemoon/i386
- robots_txt - robots_txt
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
persist-credentials: false persist-credentials: false
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with: with:
node-version: "24.11.0" node-version: '24.11.0'
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
@@ -57,7 +56,7 @@ jobs:
run: echo "ARTIFACT_NAME=${{ matrix.test }}" | sed 's|/|-|g' >> $GITHUB_ENV run: echo "ARTIFACT_NAME=${{ matrix.test }}" | sed 's|/|-|g' >> $GITHUB_ENV
- name: Upload artifact - name: Upload artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
if: always() if: always()
with: with:
name: ${{ env.ARTIFACT_NAME }} name: ${{ env.ARTIFACT_NAME }}

12
.github/workflows/spelling.yml vendored
View File

@@ -59,16 +59,16 @@ name: Check Spelling
on: on:
push: push:
branches: branches:
- "**" - '**'
tags-ignore: tags-ignore:
- "**" - '**'
pull_request: pull_request:
branches: branches:
- "**" - '**'
types: types:
- "opened" - 'opened'
- "reopened" - 'reopened'
- "synchronize" - 'synchronize'
jobs: jobs:
spelling: spelling:

4
.github/workflows/ssh-ci-runner-cron.yml vendored
View File

@@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -30,7 +30,7 @@ jobs:
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Build and push - name: Build and push
run: | run: |
cd ./test/ssh-ci cd ./test/ssh-ci

6
.github/workflows/ssh-ci.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
- aarch64-16k - aarch64-16k
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -35,9 +35,9 @@ jobs:
name: id_rsa name: id_rsa
known_hosts: ${{ secrets.CI_SSH_KNOWN_HOSTS }} known_hosts: ${{ secrets.CI_SSH_KNOWN_HOSTS }}
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with: with:
go-version: "1.25.4" go-version: '1.25.4'
- name: Run CI - name: Run CI
run: go run ./utils/cmd/backoff-retry bash test/ssh-ci/rigging.sh ${{ matrix.host }} run: go run ./utils/cmd/backoff-retry bash test/ssh-ci/rigging.sh ${{ matrix.host }}

22
.github/workflows/zizmor.yml vendored
View File

@@ -1,12 +1,12 @@
name: zizmor name: zizmor
on: on:
push: push:
paths: paths:
- ".github/workflows/*.ya?ml" - '.github/workflows/*.ya?ml'
pull_request: pull_request:
paths: paths:
- ".github/workflows/*.ya?ml" - '.github/workflows/*.ya?ml'
jobs: jobs:
zizmor: zizmor:
@@ -16,20 +16,20 @@ jobs:
security-events: write security-events: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with: with:
persist-credentials: false persist-credentials: false
- name: Install the latest version of uv - name: Install the latest version of uv
uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
- name: Run zizmor 🌈 - name: Run zizmor 🌈
run: uvx zizmor --format sarif . > results.sarif run: uvx zizmor --format sarif . > results.sarif
env: env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF file - name: Upload SARIF file
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
with: with:
sarif_file: results.sarif sarif_file: results.sarif
category: zizmor category: zizmor

8
.husky/commit-msg
View File

@@ -1,8 +0,0 @@
npx --no-install commitlint --edit "$1"
# Check if commit message contains Signed-off-by line
if ! grep -q "^Signed-off-by:" "$1"; then
echo "Commit message must contain a 'Signed-off-by:' line."
echo "Please use 'git commit --signoff' or add a Signed-off-by line to your commit message."
exit 1
fi

2
.husky/pre-commit
View File

@@ -1,2 +0,0 @@
npm run lint
npm run test

18
.ko.yaml
View File

@@ -1,13 +1,13 @@
defaultBaseImage: cgr.dev/chainguard/static defaultBaseImage: cgr.dev/chainguard/static
defaultPlatforms: defaultPlatforms:
- linux/arm64 - linux/arm64
- linux/amd64 - linux/amd64
- linux/arm/v7 - linux/arm/v7
builds: builds:
- id: anubis - id: anubis
main: ./cmd/anubis main: ./cmd/anubis
ldflags: ldflags:
- -s -w - -s -w
- -extldflags "-static" - -extldflags "-static"
- -X github.com/TecharoHQ/anubis.Version={{.Env.VERSION}} - -X github.com/TecharoHQ/anubis.Version={{.Env.VERSION}}

2
.prettierignore
View File

@@ -1,2 +0,0 @@
lib/config/testdata/bad/*
*.inc

2
.vscode/extensions.json vendored
View File

@@ -8,4 +8,4 @@
"redhat.vscode-yaml", "redhat.vscode-yaml",
"streetsidesoftware.code-spell-checker" "streetsidesoftware.code-spell-checker"
] ]
} }

2
.vscode/launch.json vendored
View File

@@ -24,4 +24,4 @@
"type": "node-terminal" "type": "node-terminal"
} }
] ]
} }

144
CONTRIBUTING.md
View File

@@ -1,144 +0,0 @@
# Contributing to Anubis
Anubis is a Web AI Firewall Utility (WAIFU) written in Go. It uses sha256 proof-of-work challenges to protect upstream HTTP resources from scraper bots. This is security software -- correctness matters.
## Build & Run
Prerequisites: Go 1.24+, Node.js (any supported version), esbuild, gzip, zstd, brotli. Install all with `brew bundle` if you are using Homebrew.
```shell
npm ci # install node dependencies
npm run assets # build JS/CSS (required before any Go build/test)
npm run build # assets + go build -> ./var/anubis
npm run dev # assets + run locally with --use-remote-address
```
## Testing
```shell
# Run all unit tests (assets must be built first)
npm run test # or: make test
# Run a single test by name
go test -run TestClampIP ./internal/
# Run a single test file's package
go test ./lib/config/
# Run tests with verbose output
go test -v -run TestBotValid ./lib/config/
```
### Smoke tests
The `tests` folder contains "smoke tests" that are intended to set up Anubis in production-adjacent settings and testing it against real infrastructure tools. A smoke test is a folder with `test.sh` that sets up infrastructure, validates the behaviour, and then tears it down. Smoke tests are run in GitHub actions with `.github/workflows/smoke-tests.yaml`.
## Linting
```shell
go vet ./...
go tool staticcheck ./...
go tool govulncheck ./...
```
## Code Generation
The project uses `go generate` for templ templates and stringer. Always run `npm run generate` (or `make assets`) before building or testing. Generated files include:
- `web/*.templ` -> templ-generated Go code
- `web/static/` -> bundled/minified JS and CSS (with .gz, .zst, .br variants)
## Project Layout
Important folders:
- `cmd/anubis`: Main entrypoint for the project. This is the program that runs on servers.
- `lib/*`: The core library for Anubis and all of its features. This is internal code that is made public for ease of downstream consumption. No API stability is guaranteed. Use at your own risk.
- `internal/*`: Actual internal code that is private to the implementation of Anubis. If you need to use a package in this, please copy it out and manually vendor it in your own project.
- `test/*` Smoke tests (see dedicated section for details).
- `web`: Frontend HTML templates.
- `xess`: Frontend CSS framework and build logic.
## Code Style
### Go
This project follows the idioms of the Go standard library. Generally follow the patterns that upstream Go uses, including:
- Prefer packages from the standard library unless there is no other option.
- Use package import aliases only when package names collide.
- Use `goimports` to format code. Run with `npm run format`.
- Use sentinel errors as package-level variables prefixed with `Err` (such as `ErrBotMustHaveName`). Wrap with `fmt.Errorf("package: small message giving context: %w", err)`.
- Use `log/slog` for structured logging. Pass loggers as arguments to functions. Use `lg.With` to preload with context. Prefer using `slog.Debug` unless you absolutely need to report messages to users, some users have magical thinking about log verbosity.
- Name PublicFunctionsAndTypes in PascalCase. Name privateFunctionsAndTypes in camelCase.
- Acronyms stay uppercase (`URL`, `HTTP`, `IP`, `DNS`, etc.)
- Enumerations should use strong types with validation logic for parsing remote input.
- Be conservative in what you send but liberal in what you accept.
- Anything reading configuration values should use both `json` and `yaml` struct tags. Use pointer values for optional configuration values.
- Use [table-driven tests](https://go.dev/wiki/TableDrivenTests) when writing test code.
- Use [`t.Helper()`](https://pkg.go.dev/testing#T.Helper) in helper code (setup/teardown scaffolding).
- Use [`t.Cleanup()`](https://pkg.go.dev/testing#T.Cleanup) to tear down per-test or per-suite scaffolding.
- Use [`errors.Is`](https://pkg.go.dev/errors#Is) for validating function results against sentinel errors.
- Prefer same-package tests over black-box tests (`_test` packages).
### JavaScript / TypeScript
- Source lives in `web/js/`. Built with esbuild, bundled and minified.
- Uses Preact (not React).
- No linter config. Keep functions small. Use `const` by default.
### Templ Templates
Anubis uses [Templ](https://templ.guide) for generating HTML on the server.
- `.templ` files in `web/` generate Go code. Run `go generate ./...` (or `npm run assets`) after modifying them.
- Templates receive typed Go parameters. Keep logic in Go, not templates.
## Commit Messages
Commit messages follow the [**Conventional Commits**](https://www.conventionalcommits.org/en/v1.0.0/) format:
```text
<type>[optional scope]: <description>
[optional body]
[optional footer(s)]
```
**Types**: `feat`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `build`, `ci`, `chore`, `revert`
- Add `!` after type/scope for breaking changes or include `BREAKING CHANGE:` in the footer.
- Keep descriptions concise, imperative, lowercase, and without a trailing period.
- Reference issues/PRs in the footer when applicable.
- **ALL git commits MUST be made with `--signoff`.** This is mandatory.
### Attribution Requirements
AI agents must disclose what tool and model they are using in the "Assisted-by" commit footer:
```text
Assisted-by: [Model Name] via [Tool Name]
```
Example:
```text
Assisted-by: GLM 4.6 via Claude Code
```
## PR Checklist
- Add description of changes to `[Unreleased]` in `docs/docs/CHANGELOG.md`.
- Add test cases for bug fixes and behavior changes.
- Run integration tests: `npm run test:integration`.
- All commits must have verified (signed) signatures.
## Key Conventions
- **Security-first**: This is security software. Code reviews are strict. Always add tests for bug fixes. Consider adversarial inputs.
- **Configuration**: YAML-based policy files. Config structs validate via `Valid() error` methods returning sentinel errors.
- **Store interface**: `lib/store.Interface` abstracts key-value storage.
- **Environment variables**: Parsed from flags via `flagenv`. Use `.env` files locally (loaded by `godotenv/autoload`). Never commit `.env` files.
- **Assets must be built first**: JS/CSS assets are embedded into the Go binary. Always run `npm run assets` before `go test` or `go build`.
- **CEL expressions**: Policy rules support CEL (Common Expression Language) expressions for advanced matching. See `lib/policy/expressions/`.

3
README.md
View File

@@ -20,9 +20,6 @@ Anubis is brought to you by sponsors and donors like:
<a href="https://www.raptorcs.com/content/base/products.html"> <a href="https://www.raptorcs.com/content/base/products.html">
<img src="./docs/static/img/sponsors/raptor-computing-logo.webp" alt="Raptor Computing Systems" height=64 /> <img src="./docs/static/img/sponsors/raptor-computing-logo.webp" alt="Raptor Computing Systems" height=64 />
</a> </a>
<a href="https://databento.com/?utm_source=anubis&utm_medium=sponsor&utm_campaign=anubis">
<img src="./docs/static/img/sponsors/databento-logo.webp" alt="Databento" height="64" />
</a>
### Gold Tier ### Gold Tier

2
VERSION
View File

@@ -1 +1 @@
1.24.0 1.24.0-pre1

4
cmd/robots2policy/testdata/blacklist.yaml vendored
View File

@@ -25,6 +25,6 @@
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("Googlebot") - userAgent.contains("Googlebot")
- path.startsWith("/search") - path.startsWith("/search")
name: robots-txt-policy-disallow-7 name: robots-txt-policy-disallow-7

24
cmd/robots2policy/testdata/complex.yaml vendored
View File

@@ -20,8 +20,8 @@
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("Googlebot") - userAgent.contains("Googlebot")
- path.startsWith("/search/") - path.startsWith("/search/")
name: robots-txt-policy-disallow-6 name: robots-txt-policy-disallow-6
- action: WEIGH - action: WEIGH
expression: userAgent.contains("Bingbot") expression: userAgent.contains("Bingbot")
@@ -31,14 +31,14 @@
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("Bingbot") - userAgent.contains("Bingbot")
- path.startsWith("/search/") - path.startsWith("/search/")
name: robots-txt-policy-disallow-8 name: robots-txt-policy-disallow-8
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("Bingbot") - userAgent.contains("Bingbot")
- path.startsWith("/admin/") - path.startsWith("/admin/")
name: robots-txt-policy-disallow-9 name: robots-txt-policy-disallow-9
- action: DENY - action: DENY
expression: userAgent.contains("BadBot") expression: userAgent.contains("BadBot")
@@ -54,18 +54,18 @@
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("TestBot") - userAgent.contains("TestBot")
- path.matches("^/.*/admin") - path.matches("^/.*/admin")
name: robots-txt-policy-disallow-13 name: robots-txt-policy-disallow-13
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("TestBot") - userAgent.contains("TestBot")
- path.matches("^/temp.*\\.html") - path.matches("^/temp.*\\.html")
name: robots-txt-policy-disallow-14 name: robots-txt-policy-disallow-14
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("TestBot") - userAgent.contains("TestBot")
- path.matches("^/file.\\.log") - path.matches("^/file.\\.log")
name: robots-txt-policy-disallow-15 name: robots-txt-policy-disallow-15

26
cmd/robots2policy/testdata/consecutive.yaml vendored
View File

@@ -9,39 +9,39 @@
- action: DENY - action: DENY
expression: expression:
any: any:
- userAgent.contains("BadBot") - userAgent.contains("BadBot")
- userAgent.contains("SpamBot") - userAgent.contains("SpamBot")
- userAgent.contains("EvilBot") - userAgent.contains("EvilBot")
name: robots-txt-policy-blacklist-3 name: robots-txt-policy-blacklist-3
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("GoodBot") - userAgent.contains("GoodBot")
- path.startsWith("/private") - path.startsWith("/private")
name: robots-txt-policy-disallow-4 name: robots-txt-policy-disallow-4
- action: WEIGH - action: WEIGH
expression: expression:
any: any:
- userAgent.contains("SlowBot1") - userAgent.contains("SlowBot1")
- userAgent.contains("SlowBot2") - userAgent.contains("SlowBot2")
name: robots-txt-policy-crawl-delay-5 name: robots-txt-policy-crawl-delay-5
weight: weight:
adjust: 3 adjust: 3
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("SearchBot1") - userAgent.contains("SearchBot1")
- path.startsWith("/search") - path.startsWith("/search")
name: robots-txt-policy-disallow-7 name: robots-txt-policy-disallow-7
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("SearchBot2") - userAgent.contains("SearchBot2")
- path.startsWith("/search") - path.startsWith("/search")
name: robots-txt-policy-disallow-8 name: robots-txt-policy-disallow-8
- action: CHALLENGE - action: CHALLENGE
expression: expression:
all: all:
- userAgent.contains("SearchBot3") - userAgent.contains("SearchBot3")
- path.startsWith("/search") - path.startsWith("/search")
name: robots-txt-policy-disallow-9 name: robots-txt-policy-disallow-9

2
cmd/robots2policy/testdata/empty.yaml vendored
View File

@@ -1 +1 @@
[] []

2
cmd/robots2policy/testdata/simple.json vendored
View File

@@ -9,4 +9,4 @@
"name": "robots-txt-policy-disallow-2", "name": "robots-txt-policy-disallow-2",
"action": "CHALLENGE" "action": "CHALLENGE"
} }
] ]

4
data/apps/allow-api-routes.yaml
View File

@@ -2,5 +2,5 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- '!(method == "HEAD" || method == "GET")' - '!(method == "HEAD" || method == "GET")'
- path.startsWith("/api/") - path.startsWith("/api/")

2
data/apps/gitea-rss-feeds.yaml
View File

@@ -4,4 +4,4 @@
path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.atom$ path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.atom$
- name: gitea-feed-rss - name: gitea-feed-rss
action: ALLOW action: ALLOW
path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.rss$ path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.rss$

5
data/apps/qualys-ssl-labs.yml
View File

@@ -3,6 +3,5 @@
- name: qualys-ssl-labs - name: qualys-ssl-labs
action: ALLOW action: ALLOW
remote_addresses: remote_addresses:
- 69.67.183.0/24 - 64.41.200.0/24
- 2600:C02:1020:4202::/64 - 2600:C02:1020:4202::/64
- 2602:fdaa:c6:2::/64

4
data/apps/searx-checker.yml
View File

@@ -5,5 +5,5 @@
- name: searx-checker - name: searx-checker
action: ALLOW action: ALLOW
remote_addresses: remote_addresses:
- 167.235.158.251/32 - 167.235.158.251/32
- 2a01:4f8:1c1c:8fc2::1/128 - 2a01:4f8:1c1c:8fc2::1/128

44
data/botPolicies.yaml
View File

@@ -95,6 +95,50 @@ bots:
# weight: # weight:
# adjust: -10 # adjust: -10
# Assert behaviour that only genuine browsers display. This ensures that Chrome
# or Firefox versions
- name: realistic-browser-catchall
expression:
all:
- '"User-Agent" in headers'
- '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
- '"Accept" in headers'
- '"Sec-Fetch-Dest" in headers'
- '"Sec-Fetch-Mode" in headers'
- '"Sec-Fetch-Site" in headers'
- '"Accept-Encoding" in headers'
- '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
- '"Accept-Language" in headers'
action: WEIGH
weight:
adjust: -10
# The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
- name: upgrade-insecure-requests
expression: '"Upgrade-Insecure-Requests" in headers'
action: WEIGH
weight:
adjust: -2
# Chrome should behave like Chrome
- name: chrome-is-proper
expression:
all:
- userAgent.contains("Chrome")
- '"Sec-Ch-Ua" in headers'
- 'headers["Sec-Ch-Ua"].contains("Chromium")'
- '"Sec-Ch-Ua-Mobile" in headers'
- '"Sec-Ch-Ua-Platform" in headers'
action: WEIGH
weight:
adjust: -5
- name: should-have-accept
expression: '!("Accept" in headers)'
action: WEIGH
weight:
adjust: 5
# Generic catchall rule # Generic catchall rule
- name: generic-browser - name: generic-browser
user_agent_regex: >- user_agent_regex: >-

2
data/bots/headless-browsers.yaml
View File

@@ -6,4 +6,4 @@
action: DENY action: DENY
- name: headless-chromium - name: headless-chromium
user_agent_regex: HeadlessChromium user_agent_regex: HeadlessChromium
action: DENY action: DENY

8
data/bots/irc-bots/archlinux-phrik.yaml
View File

@@ -3,7 +3,7 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- remoteAddress == "159.69.213.214" || remoteAddress == "2a01:4f8:c2c:7bf4::1" - remoteAddress == "159.69.213.214" || remoteAddress == "2a01:4f8:c2c:7bf4::1"
- userAgent == "Mozilla/5.0 (compatible; utils.web Limnoria module)" - userAgent == "Mozilla/5.0 (compatible; utils.web Limnoria module)"
- '"X-Http-Version" in headers' - '"X-Http-Version" in headers'
- headers["X-Http-Version"] == "HTTP/1.1" - headers["X-Http-Version"] == "HTTP/1.1"

8
data/bots/irc-bots/gentoo-chat.yaml
View File

@@ -3,7 +3,7 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- remoteAddress == "45.76.166.57" - remoteAddress == "45.76.166.57"
- userAgent == "Mozilla/5.0 (Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0" - userAgent == "Mozilla/5.0 (Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0"
- '"X-Http-Version" in headers' - '"X-Http-Version" in headers'
- headers["X-Http-Version"] == "HTTP/1.1" - headers["X-Http-Version"] == "HTTP/1.1"

2
data/bots/us-ai-scraper.yaml
View File

@@ -1,3 +1,3 @@
- name: us-artificial-intelligence-scraper - name: us-artificial-intelligence-scraper
user_agent_regex: \+https\://github\.com/US-Artificial-Intelligence/scraper user_agent_regex: \+https\://github\.com/US-Artificial-Intelligence/scraper
action: DENY action: DENY

2
data/clients/ai.yaml
View File

@@ -4,5 +4,5 @@
# - Claude-User: No published IP allowlist # - Claude-User: No published IP allowlist
- name: "ai-clients" - name: "ai-clients"
user_agent_regex: >- user_agent_regex: >-
ChatGPT-User|Claude-User|MistralAI-User|Perplexity-User ChatGPT-User|Claude-User|MistralAI-User
action: DENY action: DENY

6
data/clients/go-get.yaml
View File

@@ -2,6 +2,6 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- userAgent.startsWith("Go-http-client/") - userAgent.startsWith("Go-http-client/")
- '"go-get" in query' - '"go-get" in query'
- query["go-get"] == "1" - query["go-get"] == "1"

5
data/clients/mistral-mistralai-user.yaml
View File

@@ -4,4 +4,7 @@
user_agent_regex: MistralAI-User/.+; \+https\://docs\.mistral\.ai/robots user_agent_regex: MistralAI-User/.+; \+https\://docs\.mistral\.ai/robots
action: ALLOW action: ALLOW
# https://mistral.ai/mistralai-user-ips.json # https://mistral.ai/mistralai-user-ips.json
remote_addresses: ["20.240.160.161/32", "20.240.160.1/32"] remote_addresses: [
"20.240.160.161/32",
"20.240.160.1/32",
]

173
data/clients/openai-chatgpt-user.yaml
View File

@@ -5,90 +5,89 @@
action: ALLOW action: ALLOW
# https://openai.com/chatgpt-user.json # https://openai.com/chatgpt-user.json
# curl 'https://openai.com/chatgpt-user.json' | jq '.prefixes.[].ipv4Prefix' | sed 's/$/,/' # curl 'https://openai.com/chatgpt-user.json' | jq '.prefixes.[].ipv4Prefix' | sed 's/$/,/'
remote_addresses: remote_addresses: [
[ "13.65.138.112/28",
"13.65.138.112/28", "23.98.179.16/28",
"23.98.179.16/28", "13.65.138.96/28",
"13.65.138.96/28", "172.183.222.128/28",
"172.183.222.128/28", "20.102.212.144/28",
"20.102.212.144/28", "40.116.73.208/28",
"40.116.73.208/28", "172.183.143.224/28",
"172.183.143.224/28", "52.190.190.16/28",
"52.190.190.16/28", "13.83.237.176/28",
"13.83.237.176/28", "51.8.155.64/28",
"51.8.155.64/28", "74.249.86.176/28",
"74.249.86.176/28", "51.8.155.48/28",
"51.8.155.48/28", "20.55.229.144/28",
"20.55.229.144/28", "135.237.131.208/28",
"135.237.131.208/28", "135.237.133.48/28",
"135.237.133.48/28", "51.8.155.112/28",
"51.8.155.112/28", "135.237.133.112/28",
"135.237.133.112/28", "52.159.249.96/28",
"52.159.249.96/28", "52.190.137.16/28",
"52.190.137.16/28", "52.255.111.112/28",
"52.255.111.112/28", "40.84.181.32/28",
"40.84.181.32/28", "172.178.141.112/28",
"172.178.141.112/28", "52.190.142.64/28",
"52.190.142.64/28", "172.178.140.144/28",
"172.178.140.144/28", "52.190.137.144/28",
"52.190.137.144/28", "172.178.141.128/28",
"172.178.141.128/28", "57.154.187.32/28",
"57.154.187.32/28", "4.196.118.112/28",
"4.196.118.112/28", "20.193.50.32/28",
"20.193.50.32/28", "20.215.188.192/28",
"20.215.188.192/28", "20.215.214.16/28",
"20.215.214.16/28", "4.197.22.112/28",
"4.197.22.112/28", "4.197.115.112/28",
"4.197.115.112/28", "172.213.21.16/28",
"172.213.21.16/28", "172.213.11.144/28",
"172.213.11.144/28", "172.213.12.112/28",
"172.213.12.112/28", "172.213.21.144/28",
"172.213.21.144/28", "20.90.7.144/28",
"20.90.7.144/28", "57.154.175.0/28",
"57.154.175.0/28", "57.154.174.112/28",
"57.154.174.112/28", "52.236.94.144/28",
"52.236.94.144/28", "137.135.191.176/28",
"137.135.191.176/28", "23.98.186.192/28",
"23.98.186.192/28", "23.98.186.96/28",
"23.98.186.96/28", "23.98.186.176/28",
"23.98.186.176/28", "23.98.186.64/28",
"23.98.186.64/28", "68.221.67.192/28",
"68.221.67.192/28", "68.221.67.160/28",
"68.221.67.160/28", "13.83.167.128/28",
"13.83.167.128/28", "20.228.106.176/28",
"20.228.106.176/28", "52.159.227.32/28",
"52.159.227.32/28", "68.220.57.64/28",
"68.220.57.64/28", "172.213.21.112/28",
"172.213.21.112/28", "68.221.67.224/28",
"68.221.67.224/28", "68.221.75.16/28",
"68.221.75.16/28", "20.97.189.96/28",
"20.97.189.96/28", "52.252.113.240/28",
"52.252.113.240/28", "52.230.163.32/28",
"52.230.163.32/28", "172.212.159.64/28",
"172.212.159.64/28", "52.255.111.80/28",
"52.255.111.80/28", "52.255.111.0/28",
"52.255.111.0/28", "4.151.241.240/28",
"4.151.241.240/28", "52.255.111.32/28",
"52.255.111.32/28", "52.255.111.48/28",
"52.255.111.48/28", "52.255.111.16/28",
"52.255.111.16/28", "52.230.164.176/28",
"52.230.164.176/28", "52.176.139.176/28",
"52.176.139.176/28", "52.173.234.16/28",
"52.173.234.16/28", "4.151.71.176/28",
"4.151.71.176/28", "4.151.119.48/28",
"4.151.119.48/28", "52.255.109.112/28",
"52.255.109.112/28", "52.255.109.80/28",
"52.255.109.80/28", "20.161.75.208/28",
"20.161.75.208/28", "68.154.28.96/28",
"68.154.28.96/28", "52.255.109.128/28",
"52.255.109.128/28", "52.225.75.208/28",
"52.225.75.208/28", "52.190.139.48/28",
"52.190.139.48/28", "68.221.67.240/28",
"68.221.67.240/28", "52.156.77.144/28",
"52.156.77.144/28", "52.148.129.32/28",
"52.148.129.32/28", "40.84.221.208/28",
"40.84.221.208/28", "104.210.139.224/28",
"104.210.139.224/28", "40.84.221.224/28",
"40.84.221.224/28", "104.210.139.192/28",
"104.210.139.192/28", ]
]

8
data/clients/perplexity-user.yaml
View File

@@ -1,8 +0,0 @@
# Acts on behalf of user requests
# https://docs.perplexity.ai/guides/bots
- name: perplexity-user
user_agent_regex: Perplexity-User/.+; \+https\://perplexity\.ai/perplexity-user
action: ALLOW
# https://www.perplexity.com/perplexity-user.json
remote_addresses:
["44.208.221.197/32", "34.193.163.52/32", "18.97.21.0/30", "18.97.43.80/29"]

12
data/clients/telegram-preview.yaml
View File

@@ -1,6 +1,6 @@
- name: telegrambot - name: telegrambot
action: ALLOW action: ALLOW
expression: expression:
all: all:
- userAgent.matches("TelegramBot") - userAgent.matches("TelegramBot")
- verifyFCrDNS(remoteAddress, "ptr\\.telegram\\.org$") - verifyFCrDNS(remoteAddress, "ptr\\.telegram\\.org$")

12
data/clients/vk-preview.yaml
View File

@@ -1,6 +1,6 @@
- name: vkbot - name: vkbot
action: ALLOW action: ALLOW
expression: expression:
all: all:
- userAgent.matches("vkShare[^+]+\\+http\\://vk\\.com/dev/Share") - userAgent.matches("vkShare[^+]+\\+http\\://vk\\.com/dev/Share")
- verifyFCrDNS(remoteAddress, "^snipster\\d+\\.go\\.mail\\.ru$") - verifyFCrDNS(remoteAddress, "^snipster\\d+\\.go\\.mail\\.ru$")

55
data/common/acts-like-browser.yaml
View File

@@ -1,55 +0,0 @@
# Assert behaviour that only genuine browsers display. This ensures that modern Chrome
# or Firefox versions will get through without a challenge.
#
# These rules have been known to be bypassed by some of the worst automated scrapers.
# Use at your own risk.
- name: realistic-browser-catchall
expression:
all:
- '"User-Agent" in headers'
- '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
- '"Accept" in headers'
- '"Sec-Fetch-Dest" in headers'
- '"Sec-Fetch-Mode" in headers'
- '"Sec-Fetch-Site" in headers'
- '"Accept-Encoding" in headers'
- '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
- '"Accept-Language" in headers'
action: WEIGH
weight:
adjust: -10
# The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
- name: upgrade-insecure-requests
expression: '"Upgrade-Insecure-Requests" in headers'
action: WEIGH
weight:
adjust: -2
# Chrome should behave like Chrome
- name: chrome-is-proper
expression:
all:
- userAgent.contains("Chrome")
- '"Sec-Ch-Ua" in headers'
- 'headers["Sec-Ch-Ua"].contains("Chromium")'
- '"Sec-Ch-Ua-Mobile" in headers'
- '"Sec-Ch-Ua-Platform" in headers'
action: WEIGH
weight:
adjust: -5
- name: should-have-accept
expression: '!("Accept" in headers)'
action: WEIGH
weight:
adjust: 5
# Generic catchall rule
- name: generic-browser
user_agent_regex: >-
Mozilla|Opera
action: WEIGH
weight:
adjust: 10

4
data/common/allow-api-like.yaml
View File

@@ -2,5 +2,5 @@
action: ALLOW action: ALLOW
expression: expression:
all: all:
- '!(method == "HEAD" || method == "GET")' - '!(method == "HEAD" || method == "GET")'
- path.startsWith("/api/") - path.startsWith("/api/")

2
data/common/json-api.yaml
View File

@@ -4,4 +4,4 @@
all: all:
- '"Accept" in headers' - '"Accept" in headers'
- 'headers["Accept"] == "application/json"' - 'headers["Accept"] == "application/json"'
- 'path.startsWith("/api/")' - 'path.startsWith("/api/")'

2
data/common/rfc-violations.yaml
View File

@@ -1,3 +1,3 @@
- name: no-user-agent-string - name: no-user-agent-string
action: DENY action: DENY
expression: userAgent == "" expression: userAgent == ""

2
data/crawlers/ai-search.yaml
View File

@@ -4,5 +4,5 @@
# - Claude-SearchBot: No published IP allowlist # - Claude-SearchBot: No published IP allowlist
- name: "ai-crawlers-search" - name: "ai-crawlers-search"
user_agent_regex: >- user_agent_regex: >-
OAI-SearchBot|Claude-SearchBot|PerplexityBot OAI-SearchBot|Claude-SearchBot
action: DENY action: DENY

29
data/crawlers/applebot.yaml
View File

@@ -4,18 +4,17 @@
user_agent_regex: Applebot user_agent_regex: Applebot
action: ALLOW action: ALLOW
# https://search.developer.apple.com/applebot.json # https://search.developer.apple.com/applebot.json
remote_addresses: remote_addresses: [
[ "17.241.208.160/27",
"17.241.208.160/27", "17.241.193.160/27",
"17.241.193.160/27", "17.241.200.160/27",
"17.241.200.160/27", "17.22.237.0/24",
"17.22.237.0/24", "17.22.245.0/24",
"17.22.245.0/24", "17.22.253.0/24",
"17.22.253.0/24", "17.241.75.0/24",
"17.241.75.0/24", "17.241.219.0/24",
"17.241.219.0/24", "17.241.227.0/24",
"17.241.227.0/24", "17.246.15.0/24",
"17.246.15.0/24", "17.246.19.0/24",
"17.246.19.0/24", "17.246.23.0/24",
"17.246.23.0/24", ]
]

61
data/crawlers/bingbot.yaml
View File

@@ -2,34 +2,33 @@
user_agent_regex: \+http\://www\.bing\.com/bingbot\.htm user_agent_regex: \+http\://www\.bing\.com/bingbot\.htm
action: ALLOW action: ALLOW
# https://www.bing.com/toolbox/bingbot.json # https://www.bing.com/toolbox/bingbot.json
remote_addresses: remote_addresses: [
[ "157.55.39.0/24",
"157.55.39.0/24", "207.46.13.0/24",
"207.46.13.0/24", "40.77.167.0/24",
"40.77.167.0/24", "13.66.139.0/24",
"13.66.139.0/24", "13.66.144.0/24",
"13.66.144.0/24", "52.167.144.0/24",
"52.167.144.0/24", "13.67.10.16/28",
"13.67.10.16/28", "13.69.66.240/28",
"13.69.66.240/28", "13.71.172.224/28",
"13.71.172.224/28", "139.217.52.0/28",
"139.217.52.0/28", "191.233.204.224/28",
"191.233.204.224/28", "20.36.108.32/28",
"20.36.108.32/28", "20.43.120.16/28",
"20.43.120.16/28", "40.79.131.208/28",
"40.79.131.208/28", "40.79.186.176/28",
"40.79.186.176/28", "52.231.148.0/28",
"52.231.148.0/28", "20.79.107.240/28",
"20.79.107.240/28", "51.105.67.0/28",
"51.105.67.0/28", "20.125.163.80/28",
"20.125.163.80/28", "40.77.188.0/22",
"40.77.188.0/22", "65.55.210.0/24",
"65.55.210.0/24", "199.30.24.0/23",
"199.30.24.0/23", "40.77.202.0/24",
"40.77.202.0/24", "40.77.139.0/25",
"40.77.139.0/25", "20.74.197.0/28",
"20.74.197.0/28", "20.15.133.160/27",
"20.15.133.160/27", "40.77.177.0/24",
"40.77.177.0/24", "40.77.178.0/23"
"40.77.178.0/23", ]
]

543
data/crawlers/duckduckbot.yaml
View File

@@ -2,275 +2,274 @@
user_agent_regex: DuckDuckBot/1\.1; \(\+http\://duckduckgo\.com/duckduckbot\.html\) user_agent_regex: DuckDuckBot/1\.1; \(\+http\://duckduckgo\.com/duckduckbot\.html\)
action: ALLOW action: ALLOW
# https://duckduckgo.com/duckduckgo-help-pages/results/duckduckbot # https://duckduckgo.com/duckduckgo-help-pages/results/duckduckbot
remote_addresses: remote_addresses: [
[ "57.152.72.128/32",
"57.152.72.128/32", "51.8.253.152/32",
"51.8.253.152/32", "40.80.242.63/32",
"40.80.242.63/32", "20.12.141.99/32",
"20.12.141.99/32", "20.49.136.28/32",
"20.49.136.28/32", "51.116.131.221/32",
"51.116.131.221/32", "51.107.40.209/32",
"51.107.40.209/32", "20.40.133.240/32",
"20.40.133.240/32", "20.50.168.91/32",
"20.50.168.91/32", "51.120.48.122/32",
"51.120.48.122/32", "20.193.45.113/32",
"20.193.45.113/32", "40.76.173.151/32",
"40.76.173.151/32", "40.76.163.7/32",
"40.76.163.7/32", "20.185.79.47/32",
"20.185.79.47/32", "52.142.26.175/32",
"52.142.26.175/32", "20.185.79.15/32",
"20.185.79.15/32", "52.142.24.149/32",
"52.142.24.149/32", "40.76.162.208/32",
"40.76.162.208/32", "40.76.163.23/32",
"40.76.163.23/32", "40.76.162.191/32",
"40.76.162.191/32", "40.76.162.247/32",
"40.76.162.247/32", "40.88.21.235/32",
"40.88.21.235/32", "20.191.45.212/32",
"20.191.45.212/32", "52.146.59.12/32",
"52.146.59.12/32", "52.146.59.156/32",
"52.146.59.156/32", "52.146.59.154/32",
"52.146.59.154/32", "52.146.58.236/32",
"52.146.58.236/32", "20.62.224.44/32",
"20.62.224.44/32", "51.104.180.53/32",
"51.104.180.53/32", "51.104.180.47/32",
"51.104.180.47/32", "51.104.180.26/32",
"51.104.180.26/32", "51.104.146.225/32",
"51.104.146.225/32", "51.104.146.235/32",
"51.104.146.235/32", "20.73.202.147/32",
"20.73.202.147/32", "20.73.132.240/32",
"20.73.132.240/32", "20.71.12.143/32",
"20.71.12.143/32", "20.56.197.58/32",
"20.56.197.58/32", "20.56.197.63/32",
"20.56.197.63/32", "20.43.150.93/32",
"20.43.150.93/32", "20.43.150.85/32",
"20.43.150.85/32", "20.44.222.1/32",
"20.44.222.1/32", "40.89.243.175/32",
"40.89.243.175/32", "13.89.106.77/32",
"13.89.106.77/32", "52.143.242.6/32",
"52.143.242.6/32", "52.143.241.111/32",
"52.143.241.111/32", "52.154.60.82/32",
"52.154.60.82/32", "20.197.209.11/32",
"20.197.209.11/32", "20.197.209.27/32",
"20.197.209.27/32", "20.226.133.105/32",
"20.226.133.105/32", "191.234.216.4/32",
"191.234.216.4/32", "191.234.216.178/32",
"191.234.216.178/32", "20.53.92.211/32",
"20.53.92.211/32", "20.53.91.2/32",
"20.53.91.2/32", "20.207.99.197/32",
"20.207.99.197/32", "20.207.97.190/32",
"20.207.97.190/32", "40.81.250.205/32",
"40.81.250.205/32", "40.64.106.11/32",
"40.64.106.11/32", "40.64.105.247/32",
"40.64.105.247/32", "20.72.242.93/32",
"20.72.242.93/32", "20.99.255.235/32",
"20.99.255.235/32", "20.113.3.121/32",
"20.113.3.121/32", "52.224.16.221/32",
"52.224.16.221/32", "52.224.21.53/32",
"52.224.21.53/32", "52.224.20.204/32",
"52.224.20.204/32", "52.224.21.19/32",
"52.224.21.19/32", "52.224.20.249/32",
"52.224.20.249/32", "52.224.20.203/32",
"52.224.20.203/32", "52.224.20.190/32",
"52.224.20.190/32", "52.224.16.229/32",
"52.224.16.229/32", "52.224.21.20/32",
"52.224.21.20/32", "52.146.63.80/32",
"52.146.63.80/32", "52.224.20.227/32",
"52.224.20.227/32", "52.224.20.193/32",
"52.224.20.193/32", "52.190.37.160/32",
"52.190.37.160/32", "52.224.21.23/32",
"52.224.21.23/32", "52.224.20.223/32",
"52.224.20.223/32", "52.224.20.181/32",
"52.224.20.181/32", "52.224.21.49/32",
"52.224.21.49/32", "52.224.21.55/32",
"52.224.21.55/32", "52.224.21.61/32",
"52.224.21.61/32", "52.224.19.152/32",
"52.224.19.152/32", "52.224.20.186/32",
"52.224.20.186/32", "52.224.21.27/32",
"52.224.21.27/32", "52.224.21.51/32",
"52.224.21.51/32", "52.224.20.174/32",
"52.224.20.174/32", "52.224.21.4/32",
"52.224.21.4/32", "51.104.164.109/32",
"51.104.164.109/32", "51.104.167.71/32",
"51.104.167.71/32", "51.104.160.177/32",
"51.104.160.177/32", "51.104.162.149/32",
"51.104.162.149/32", "51.104.167.95/32",
"51.104.167.95/32", "51.104.167.54/32",
"51.104.167.54/32", "51.104.166.111/32",
"51.104.166.111/32", "51.104.167.88/32",
"51.104.167.88/32", "51.104.161.32/32",
"51.104.161.32/32", "51.104.163.250/32",
"51.104.163.250/32", "51.104.164.189/32",
"51.104.164.189/32", "51.104.167.19/32",
"51.104.167.19/32", "51.104.160.167/32",
"51.104.160.167/32", "51.104.167.110/32",
"51.104.167.110/32", "20.191.44.119/32",
"20.191.44.119/32", "51.104.167.104/32",
"51.104.167.104/32", "20.191.44.234/32",
"20.191.44.234/32", "51.104.164.215/32",
"51.104.164.215/32", "51.104.167.52/32",
"51.104.167.52/32", "20.191.44.22/32",
"20.191.44.22/32", "51.104.167.87/32",
"51.104.167.87/32", "51.104.167.96/32",
"51.104.167.96/32", "20.191.44.16/32",
"20.191.44.16/32", "51.104.167.61/32",
"51.104.167.61/32", "51.104.164.147/32",
"51.104.164.147/32", "20.50.48.159/32",
"20.50.48.159/32", "40.114.182.172/32",
"40.114.182.172/32", "20.50.50.130/32",
"20.50.50.130/32", "20.50.50.163/32",
"20.50.50.163/32", "20.50.50.46/32",
"20.50.50.46/32", "40.114.182.153/32",
"40.114.182.153/32", "20.50.50.118/32",
"20.50.50.118/32", "20.50.49.55/32",
"20.50.49.55/32", "20.50.49.25/32",
"20.50.49.25/32", "40.114.183.251/32",
"40.114.183.251/32", "20.50.50.123/32",
"20.50.50.123/32", "20.50.49.237/32",
"20.50.49.237/32", "20.50.48.192/32",
"20.50.48.192/32", "20.50.50.134/32",
"20.50.50.134/32", "51.138.90.233/32",
"51.138.90.233/32", "40.114.183.196/32",
"40.114.183.196/32", "20.50.50.146/32",
"20.50.50.146/32", "40.114.183.88/32",
"40.114.183.88/32", "20.50.50.145/32",
"20.50.50.145/32", "20.50.50.121/32",
"20.50.50.121/32", "20.50.49.40/32",
"20.50.49.40/32", "51.138.90.206/32",
"51.138.90.206/32", "40.114.182.45/32",
"40.114.182.45/32", "51.138.90.161/32",
"51.138.90.161/32", "20.50.49.0/32",
"20.50.49.0/32", "40.119.232.215/32",
"40.119.232.215/32", "104.43.55.167/32",
"104.43.55.167/32", "40.119.232.251/32",
"40.119.232.251/32", "40.119.232.50/32",
"40.119.232.50/32", "40.119.232.146/32",
"40.119.232.146/32", "40.119.232.218/32",
"40.119.232.218/32", "104.43.54.127/32",
"104.43.54.127/32", "104.43.55.117/32",
"104.43.55.117/32", "104.43.55.116/32",
"104.43.55.116/32", "104.43.55.166/32",
"104.43.55.166/32", "52.154.169.50/32",
"52.154.169.50/32", "52.154.171.70/32",
"52.154.171.70/32", "52.154.170.229/32",
"52.154.170.229/32", "52.154.170.113/32",
"52.154.170.113/32", "52.154.171.44/32",
"52.154.171.44/32", "52.154.172.2/32",
"52.154.172.2/32", "52.143.244.81/32",
"52.143.244.81/32", "52.154.171.87/32",
"52.154.171.87/32", "52.154.171.250/32",
"52.154.171.250/32", "52.154.170.28/32",
"52.154.170.28/32", "52.154.170.122/32",
"52.154.170.122/32", "52.143.243.117/32",
"52.143.243.117/32", "52.143.247.235/32",
"52.143.247.235/32", "52.154.171.235/32",
"52.154.171.235/32", "52.154.171.196/32",
"52.154.171.196/32", "52.154.171.0/32",
"52.154.171.0/32", "52.154.170.243/32",
"52.154.170.243/32", "52.154.170.26/32",
"52.154.170.26/32", "52.154.169.200/32",
"52.154.169.200/32", "52.154.170.96/32",
"52.154.170.96/32", "52.154.170.88/32",
"52.154.170.88/32", "52.154.171.150/32",
"52.154.171.150/32", "52.154.171.205/32",
"52.154.171.205/32", "52.154.170.117/32",
"52.154.170.117/32", "52.154.170.209/32",
"52.154.170.209/32", "191.235.202.48/32",
"191.235.202.48/32", "191.233.3.202/32",
"191.233.3.202/32", "191.235.201.214/32",
"191.235.201.214/32", "191.233.3.197/32",
"191.233.3.197/32", "191.235.202.38/32",
"191.235.202.38/32", "20.53.78.144/32",
"20.53.78.144/32", "20.193.24.10/32",
"20.193.24.10/32", "20.53.78.236/32",
"20.53.78.236/32", "20.53.78.138/32",
"20.53.78.138/32", "20.53.78.123/32",
"20.53.78.123/32", "20.53.78.106/32",
"20.53.78.106/32", "20.193.27.215/32",
"20.193.27.215/32", "20.193.25.197/32",
"20.193.25.197/32", "20.193.12.126/32",
"20.193.12.126/32", "20.193.24.251/32",
"20.193.24.251/32", "20.204.242.101/32",
"20.204.242.101/32", "20.207.72.113/32",
"20.207.72.113/32", "20.204.242.19/32",
"20.204.242.19/32", "20.219.45.67/32",
"20.219.45.67/32", "20.207.72.11/32",
"20.207.72.11/32", "20.219.45.190/32",
"20.219.45.190/32", "20.204.243.55/32",
"20.204.243.55/32", "20.204.241.148/32",
"20.204.241.148/32", "20.207.72.110/32",
"20.207.72.110/32", "20.204.240.172/32",
"20.204.240.172/32", "20.207.72.21/32",
"20.207.72.21/32", "20.204.246.81/32",
"20.204.246.81/32", "20.207.107.181/32",
"20.207.107.181/32", "20.204.246.254/32",
"20.204.246.254/32", "20.219.43.246/32",
"20.219.43.246/32", "52.149.25.43/32",
"52.149.25.43/32", "52.149.61.51/32",
"52.149.61.51/32", "52.149.58.139/32",
"52.149.58.139/32", "52.149.60.38/32",
"52.149.60.38/32", "52.148.165.38/32",
"52.148.165.38/32", "52.143.95.162/32",
"52.143.95.162/32", "52.149.56.151/32",
"52.149.56.151/32", "52.149.30.45/32",
"52.149.30.45/32", "52.149.58.173/32",
"52.149.58.173/32", "52.143.95.204/32",
"52.143.95.204/32", "52.149.28.83/32",
"52.149.28.83/32", "52.149.58.69/32",
"52.149.58.69/32", "52.148.161.87/32",
"52.148.161.87/32", "52.149.58.27/32",
"52.149.58.27/32", "52.149.28.18/32",
"52.149.28.18/32", "20.79.226.26/32",
"20.79.226.26/32", "20.79.239.66/32",
"20.79.239.66/32", "20.79.238.198/32",
"20.79.238.198/32", "20.113.14.159/32",
"20.113.14.159/32", "20.75.144.152/32",
"20.75.144.152/32", "20.43.172.120/32",
"20.43.172.120/32", "20.53.134.160/32",
"20.53.134.160/32", "20.201.15.208/32",
"20.201.15.208/32", "20.93.28.24/32",
"20.93.28.24/32", "20.61.34.40/32",
"20.61.34.40/32", "52.242.224.168/32",
"52.242.224.168/32", "20.80.129.80/32",
"20.80.129.80/32", "20.195.108.47/32",
"20.195.108.47/32", "4.195.133.120/32",
"4.195.133.120/32", "4.228.76.163/32",
"4.228.76.163/32", "4.182.131.108/32",
"4.182.131.108/32", "4.209.224.56/32",
"4.209.224.56/32", "108.141.83.74/32",
"108.141.83.74/32", "4.213.46.14/32",
"4.213.46.14/32", "172.169.17.165/32",
"172.169.17.165/32", "51.8.71.117/32",
"51.8.71.117/32", "20.3.1.178/32",
"20.3.1.178/32", "52.149.56.151/32",
"52.149.56.151/32", "52.149.30.45/32",
"52.149.30.45/32", "52.149.58.173/32",
"52.149.58.173/32", "52.143.95.204/32",
"52.143.95.204/32", "52.149.28.83/32",
"52.149.28.83/32", "52.149.58.69/32",
"52.149.58.69/32", "52.148.161.87/32",
"52.148.161.87/32", "52.149.58.27/32",
"52.149.58.27/32", "52.149.28.18/32",
"52.149.28.18/32", "20.79.226.26/32",
"20.79.226.26/32", "20.79.239.66/32",
"20.79.239.66/32", "20.79.238.198/32",
"20.79.238.198/32", "20.113.14.159/32",
"20.113.14.159/32", "20.75.144.152/32",
"20.75.144.152/32", "20.43.172.120/32",
"20.43.172.120/32", "20.53.134.160/32",
"20.53.134.160/32", "20.201.15.208/32",
"20.201.15.208/32", "20.93.28.24/32",
"20.93.28.24/32", "20.61.34.40/32",
"20.61.34.40/32", "52.242.224.168/32",
"52.242.224.168/32", "20.80.129.80/32",
"20.80.129.80/32", "20.195.108.47/32",
"20.195.108.47/32", "4.195.133.120/32",
"4.195.133.120/32", "4.228.76.163/32",
"4.228.76.163/32", "4.182.131.108/32",
"4.182.131.108/32", "4.209.224.56/32",
"4.209.224.56/32", "108.141.83.74/32",
"108.141.83.74/32", "4.213.46.14/32",
"4.213.46.14/32", "172.169.17.165/32",
"172.169.17.165/32", "51.8.71.117/32",
"51.8.71.117/32", "20.3.1.178/32"
"20.3.1.178/32", ]
]

519
data/crawlers/googlebot.yaml
View File

@@ -2,263 +2,262 @@
user_agent_regex: \+http\://www\.google\.com/bot\.html user_agent_regex: \+http\://www\.google\.com/bot\.html
action: ALLOW action: ALLOW
# https://developers.google.com/static/search/apis/ipranges/googlebot.json # https://developers.google.com/static/search/apis/ipranges/googlebot.json
remote_addresses: remote_addresses: [
[ "2001:4860:4801:10::/64",
"2001:4860:4801:10::/64", "2001:4860:4801:11::/64",
"2001:4860:4801:11::/64", "2001:4860:4801:12::/64",
"2001:4860:4801:12::/64", "2001:4860:4801:13::/64",
"2001:4860:4801:13::/64", "2001:4860:4801:14::/64",
"2001:4860:4801:14::/64", "2001:4860:4801:15::/64",
"2001:4860:4801:15::/64", "2001:4860:4801:16::/64",
"2001:4860:4801:16::/64", "2001:4860:4801:17::/64",
"2001:4860:4801:17::/64", "2001:4860:4801:18::/64",
"2001:4860:4801:18::/64", "2001:4860:4801:19::/64",
"2001:4860:4801:19::/64", "2001:4860:4801:1a::/64",
"2001:4860:4801:1a::/64", "2001:4860:4801:1b::/64",
"2001:4860:4801:1b::/64", "2001:4860:4801:1c::/64",
"2001:4860:4801:1c::/64", "2001:4860:4801:1d::/64",
"2001:4860:4801:1d::/64", "2001:4860:4801:1e::/64",
"2001:4860:4801:1e::/64", "2001:4860:4801:1f::/64",
"2001:4860:4801:1f::/64", "2001:4860:4801:20::/64",
"2001:4860:4801:20::/64", "2001:4860:4801:21::/64",
"2001:4860:4801:21::/64", "2001:4860:4801:22::/64",
"2001:4860:4801:22::/64", "2001:4860:4801:23::/64",
"2001:4860:4801:23::/64", "2001:4860:4801:24::/64",
"2001:4860:4801:24::/64", "2001:4860:4801:25::/64",
"2001:4860:4801:25::/64", "2001:4860:4801:26::/64",
"2001:4860:4801:26::/64", "2001:4860:4801:27::/64",
"2001:4860:4801:27::/64", "2001:4860:4801:28::/64",
"2001:4860:4801:28::/64", "2001:4860:4801:29::/64",
"2001:4860:4801:29::/64", "2001:4860:4801:2::/64",
"2001:4860:4801:2::/64", "2001:4860:4801:2a::/64",
"2001:4860:4801:2a::/64", "2001:4860:4801:2b::/64",
"2001:4860:4801:2b::/64", "2001:4860:4801:2c::/64",
"2001:4860:4801:2c::/64", "2001:4860:4801:2d::/64",
"2001:4860:4801:2d::/64", "2001:4860:4801:2e::/64",
"2001:4860:4801:2e::/64", "2001:4860:4801:2f::/64",
"2001:4860:4801:2f::/64", "2001:4860:4801:31::/64",
"2001:4860:4801:31::/64", "2001:4860:4801:32::/64",
"2001:4860:4801:32::/64", "2001:4860:4801:33::/64",
"2001:4860:4801:33::/64", "2001:4860:4801:34::/64",
"2001:4860:4801:34::/64", "2001:4860:4801:35::/64",
"2001:4860:4801:35::/64", "2001:4860:4801:36::/64",
"2001:4860:4801:36::/64", "2001:4860:4801:37::/64",
"2001:4860:4801:37::/64", "2001:4860:4801:38::/64",
"2001:4860:4801:38::/64", "2001:4860:4801:39::/64",
"2001:4860:4801:39::/64", "2001:4860:4801:3a::/64",
"2001:4860:4801:3a::/64", "2001:4860:4801:3b::/64",
"2001:4860:4801:3b::/64", "2001:4860:4801:3c::/64",
"2001:4860:4801:3c::/64", "2001:4860:4801:3d::/64",
"2001:4860:4801:3d::/64", "2001:4860:4801:3e::/64",
"2001:4860:4801:3e::/64", "2001:4860:4801:40::/64",
"2001:4860:4801:40::/64", "2001:4860:4801:41::/64",
"2001:4860:4801:41::/64", "2001:4860:4801:42::/64",
"2001:4860:4801:42::/64", "2001:4860:4801:43::/64",
"2001:4860:4801:43::/64", "2001:4860:4801:44::/64",
"2001:4860:4801:44::/64", "2001:4860:4801:45::/64",
"2001:4860:4801:45::/64", "2001:4860:4801:46::/64",
"2001:4860:4801:46::/64", "2001:4860:4801:47::/64",
"2001:4860:4801:47::/64", "2001:4860:4801:48::/64",
"2001:4860:4801:48::/64", "2001:4860:4801:49::/64",
"2001:4860:4801:49::/64", "2001:4860:4801:4a::/64",
"2001:4860:4801:4a::/64", "2001:4860:4801:4b::/64",
"2001:4860:4801:4b::/64", "2001:4860:4801:4c::/64",
"2001:4860:4801:4c::/64", "2001:4860:4801:50::/64",
"2001:4860:4801:50::/64", "2001:4860:4801:51::/64",
"2001:4860:4801:51::/64", "2001:4860:4801:52::/64",
"2001:4860:4801:52::/64", "2001:4860:4801:53::/64",
"2001:4860:4801:53::/64", "2001:4860:4801:54::/64",
"2001:4860:4801:54::/64", "2001:4860:4801:55::/64",
"2001:4860:4801:55::/64", "2001:4860:4801:56::/64",
"2001:4860:4801:56::/64", "2001:4860:4801:60::/64",
"2001:4860:4801:60::/64", "2001:4860:4801:61::/64",
"2001:4860:4801:61::/64", "2001:4860:4801:62::/64",
"2001:4860:4801:62::/64", "2001:4860:4801:63::/64",
"2001:4860:4801:63::/64", "2001:4860:4801:64::/64",
"2001:4860:4801:64::/64", "2001:4860:4801:65::/64",
"2001:4860:4801:65::/64", "2001:4860:4801:66::/64",
"2001:4860:4801:66::/64", "2001:4860:4801:67::/64",
"2001:4860:4801:67::/64", "2001:4860:4801:68::/64",
"2001:4860:4801:68::/64", "2001:4860:4801:69::/64",
"2001:4860:4801:69::/64", "2001:4860:4801:6a::/64",
"2001:4860:4801:6a::/64", "2001:4860:4801:6b::/64",
"2001:4860:4801:6b::/64", "2001:4860:4801:6c::/64",
"2001:4860:4801:6c::/64", "2001:4860:4801:6d::/64",
"2001:4860:4801:6d::/64", "2001:4860:4801:6e::/64",
"2001:4860:4801:6e::/64", "2001:4860:4801:6f::/64",
"2001:4860:4801:6f::/64", "2001:4860:4801:70::/64",
"2001:4860:4801:70::/64", "2001:4860:4801:71::/64",
"2001:4860:4801:71::/64", "2001:4860:4801:72::/64",
"2001:4860:4801:72::/64", "2001:4860:4801:73::/64",
"2001:4860:4801:73::/64", "2001:4860:4801:74::/64",
"2001:4860:4801:74::/64", "2001:4860:4801:75::/64",
"2001:4860:4801:75::/64", "2001:4860:4801:76::/64",
"2001:4860:4801:76::/64", "2001:4860:4801:77::/64",
"2001:4860:4801:77::/64", "2001:4860:4801:78::/64",
"2001:4860:4801:78::/64", "2001:4860:4801:79::/64",
"2001:4860:4801:79::/64", "2001:4860:4801:80::/64",
"2001:4860:4801:80::/64", "2001:4860:4801:81::/64",
"2001:4860:4801:81::/64", "2001:4860:4801:82::/64",
"2001:4860:4801:82::/64", "2001:4860:4801:83::/64",
"2001:4860:4801:83::/64", "2001:4860:4801:84::/64",
"2001:4860:4801:84::/64", "2001:4860:4801:85::/64",
"2001:4860:4801:85::/64", "2001:4860:4801:86::/64",
"2001:4860:4801:86::/64", "2001:4860:4801:87::/64",
"2001:4860:4801:87::/64", "2001:4860:4801:88::/64",
"2001:4860:4801:88::/64", "2001:4860:4801:90::/64",
"2001:4860:4801:90::/64", "2001:4860:4801:91::/64",
"2001:4860:4801:91::/64", "2001:4860:4801:92::/64",
"2001:4860:4801:92::/64", "2001:4860:4801:93::/64",
"2001:4860:4801:93::/64", "2001:4860:4801:94::/64",
"2001:4860:4801:94::/64", "2001:4860:4801:95::/64",
"2001:4860:4801:95::/64", "2001:4860:4801:96::/64",
"2001:4860:4801:96::/64", "2001:4860:4801:a0::/64",
"2001:4860:4801:a0::/64", "2001:4860:4801:a1::/64",
"2001:4860:4801:a1::/64", "2001:4860:4801:a2::/64",
"2001:4860:4801:a2::/64", "2001:4860:4801:a3::/64",
"2001:4860:4801:a3::/64", "2001:4860:4801:a4::/64",
"2001:4860:4801:a4::/64", "2001:4860:4801:a5::/64",
"2001:4860:4801:a5::/64", "2001:4860:4801:c::/64",
"2001:4860:4801:c::/64", "2001:4860:4801:f::/64",
"2001:4860:4801:f::/64", "192.178.5.0/27",
"192.178.5.0/27", "192.178.6.0/27",
"192.178.6.0/27", "192.178.6.128/27",
"192.178.6.128/27", "192.178.6.160/27",
"192.178.6.160/27", "192.178.6.192/27",
"192.178.6.192/27", "192.178.6.32/27",
"192.178.6.32/27", "192.178.6.64/27",
"192.178.6.64/27", "192.178.6.96/27",
"192.178.6.96/27", "34.100.182.96/28",
"34.100.182.96/28", "34.101.50.144/28",
"34.101.50.144/28", "34.118.254.0/28",
"34.118.254.0/28", "34.118.66.0/28",
"34.118.66.0/28", "34.126.178.96/28",
"34.126.178.96/28", "34.146.150.144/28",
"34.146.150.144/28", "34.147.110.144/28",
"34.147.110.144/28", "34.151.74.144/28",
"34.151.74.144/28", "34.152.50.64/28",
"34.152.50.64/28", "34.154.114.144/28",
"34.154.114.144/28", "34.155.98.32/28",
"34.155.98.32/28", "34.165.18.176/28",
"34.165.18.176/28", "34.175.160.64/28",
"34.175.160.64/28", "34.176.130.16/28",
"34.176.130.16/28", "34.22.85.0/27",
"34.22.85.0/27", "34.64.82.64/28",
"34.64.82.64/28", "34.65.242.112/28",
"34.65.242.112/28", "34.80.50.80/28",
"34.80.50.80/28", "34.88.194.0/28",
"34.88.194.0/28", "34.89.10.80/28",
"34.89.10.80/28", "34.89.198.80/28",
"34.89.198.80/28", "34.96.162.48/28",
"34.96.162.48/28", "35.247.243.240/28",
"35.247.243.240/28", "66.249.64.0/27",
"66.249.64.0/27", "66.249.64.128/27",
"66.249.64.128/27", "66.249.64.160/27",
"66.249.64.160/27", "66.249.64.224/27",
"66.249.64.224/27", "66.249.64.32/27",
"66.249.64.32/27", "66.249.64.64/27",
"66.249.64.64/27", "66.249.64.96/27",
"66.249.64.96/27", "66.249.65.0/27",
"66.249.65.0/27", "66.249.65.128/27",
"66.249.65.128/27", "66.249.65.160/27",
"66.249.65.160/27", "66.249.65.192/27",
"66.249.65.192/27", "66.249.65.224/27",
"66.249.65.224/27", "66.249.65.32/27",
"66.249.65.32/27", "66.249.65.64/27",
"66.249.65.64/27", "66.249.65.96/27",
"66.249.65.96/27", "66.249.66.0/27",
"66.249.66.0/27", "66.249.66.128/27",
"66.249.66.128/27", "66.249.66.160/27",
"66.249.66.160/27", "66.249.66.192/27",
"66.249.66.192/27", "66.249.66.224/27",
"66.249.66.224/27", "66.249.66.32/27",
"66.249.66.32/27", "66.249.66.64/27",
"66.249.66.64/27", "66.249.66.96/27",
"66.249.66.96/27", "66.249.68.0/27",
"66.249.68.0/27", "66.249.68.128/27",
"66.249.68.128/27", "66.249.68.32/27",
"66.249.68.32/27", "66.249.68.64/27",
"66.249.68.64/27", "66.249.68.96/27",
"66.249.68.96/27", "66.249.69.0/27",
"66.249.69.0/27", "66.249.69.128/27",
"66.249.69.128/27", "66.249.69.160/27",
"66.249.69.160/27", "66.249.69.192/27",
"66.249.69.192/27", "66.249.69.224/27",
"66.249.69.224/27", "66.249.69.32/27",
"66.249.69.32/27", "66.249.69.64/27",
"66.249.69.64/27", "66.249.69.96/27",
"66.249.69.96/27", "66.249.70.0/27",
"66.249.70.0/27", "66.249.70.128/27",
"66.249.70.128/27", "66.249.70.160/27",
"66.249.70.160/27", "66.249.70.192/27",
"66.249.70.192/27", "66.249.70.224/27",
"66.249.70.224/27", "66.249.70.32/27",
"66.249.70.32/27", "66.249.70.64/27",
"66.249.70.64/27", "66.249.70.96/27",
"66.249.70.96/27", "66.249.71.0/27",
"66.249.71.0/27", "66.249.71.128/27",
"66.249.71.128/27", "66.249.71.160/27",
"66.249.71.160/27", "66.249.71.192/27",
"66.249.71.192/27", "66.249.71.224/27",
"66.249.71.224/27", "66.249.71.32/27",
"66.249.71.32/27", "66.249.71.64/27",
"66.249.71.64/27", "66.249.71.96/27",
"66.249.71.96/27", "66.249.72.0/27",
"66.249.72.0/27", "66.249.72.128/27",
"66.249.72.128/27", "66.249.72.160/27",
"66.249.72.160/27", "66.249.72.192/27",
"66.249.72.192/27", "66.249.72.224/27",
"66.249.72.224/27", "66.249.72.32/27",
"66.249.72.32/27", "66.249.72.64/27",
"66.249.72.64/27", "66.249.72.96/27",
"66.249.72.96/27", "66.249.73.0/27",
"66.249.73.0/27", "66.249.73.128/27",
"66.249.73.128/27", "66.249.73.160/27",
"66.249.73.160/27", "66.249.73.192/27",
"66.249.73.192/27", "66.249.73.224/27",
"66.249.73.224/27", "66.249.73.32/27",
"66.249.73.32/27", "66.249.73.64/27",
"66.249.73.64/27", "66.249.73.96/27",
"66.249.73.96/27", "66.249.74.0/27",
"66.249.74.0/27", "66.249.74.128/27",
"66.249.74.128/27", "66.249.74.160/27",
"66.249.74.160/27", "66.249.74.192/27",
"66.249.74.192/27", "66.249.74.32/27",
"66.249.74.32/27", "66.249.74.64/27",
"66.249.74.64/27", "66.249.74.96/27",
"66.249.74.96/27", "66.249.75.0/27",
"66.249.75.0/27", "66.249.75.128/27",
"66.249.75.128/27", "66.249.75.160/27",
"66.249.75.160/27", "66.249.75.192/27",
"66.249.75.192/27", "66.249.75.224/27",
"66.249.75.224/27", "66.249.75.32/27",
"66.249.75.32/27", "66.249.75.64/27",
"66.249.75.64/27", "66.249.75.96/27",
"66.249.75.96/27", "66.249.76.0/27",
"66.249.76.0/27", "66.249.76.128/27",
"66.249.76.128/27", "66.249.76.160/27",
"66.249.76.160/27", "66.249.76.192/27",
"66.249.76.192/27", "66.249.76.224/27",
"66.249.76.224/27", "66.249.76.32/27",
"66.249.76.32/27", "66.249.76.64/27",
"66.249.76.64/27", "66.249.76.96/27",
"66.249.76.96/27", "66.249.77.0/27",
"66.249.77.0/27", "66.249.77.128/27",
"66.249.77.128/27", "66.249.77.160/27",
"66.249.77.160/27", "66.249.77.192/27",
"66.249.77.192/27", "66.249.77.224/27",
"66.249.77.224/27", "66.249.77.32/27",
"66.249.77.32/27", "66.249.77.64/27",
"66.249.77.64/27", "66.249.77.96/27",
"66.249.77.96/27", "66.249.78.0/27",
"66.249.78.0/27", "66.249.78.32/27",
"66.249.78.32/27", "66.249.79.0/27",
"66.249.79.0/27", "66.249.79.128/27",
"66.249.79.128/27", "66.249.79.160/27",
"66.249.79.160/27", "66.249.79.192/27",
"66.249.79.192/27", "66.249.79.224/27",
"66.249.79.224/27", "66.249.79.32/27",
"66.249.79.32/27", "66.249.79.64/27",
"66.249.79.64/27", "66.249.79.96/27"
"66.249.79.96/27", ]
]

6
data/crawlers/internet-archive.yaml
View File

@@ -1,4 +1,8 @@
- name: internet-archive - name: internet-archive
action: ALLOW action: ALLOW
# https://ipinfo.io/AS7941 # https://ipinfo.io/AS7941
remote_addresses: ["207.241.224.0/20", "208.70.24.0/21", "2620:0:9c0::/48"] remote_addresses: [
"207.241.224.0/20",
"208.70.24.0/21",
"2620:0:9c0::/48"
]

13
data/crawlers/kagibot.yaml
View File

@@ -2,10 +2,9 @@
user_agent_regex: \+https\://kagi\.com/bot user_agent_regex: \+https\://kagi\.com/bot
action: ALLOW action: ALLOW
# https://kagi.com/bot # https://kagi.com/bot
remote_addresses: remote_addresses: [
[ "216.18.205.234/32",
"216.18.205.234/32", "35.212.27.76/32",
"35.212.27.76/32", "104.254.65.50/32",
"104.254.65.50/32", "209.151.156.194/32"
"209.151.156.194/32", ]
]

15
data/crawlers/marginalia.yaml
View File

@@ -2,11 +2,10 @@
user_agent_regex: search\.marginalia\.nu user_agent_regex: search\.marginalia\.nu
action: ALLOW action: ALLOW
# Received directly over email # Received directly over email
remote_addresses: remote_addresses: [
[ "193.183.0.162/31",
"193.183.0.162/31", "193.183.0.164/30",
"193.183.0.164/30", "193.183.0.168/30",
"193.183.0.168/30", "193.183.0.172/31",
"193.183.0.172/31", "193.183.0.174/32"
"193.183.0.174/32", ]
]

2
data/crawlers/mojeekbot.yaml
View File

@@ -2,4 +2,4 @@
user_agent_regex: \+https\://www\.mojeek\.com/bot\.html user_agent_regex: \+https\://www\.mojeek\.com/bot\.html
action: ALLOW action: ALLOW
# https://www.mojeek.com/bot.html # https://www.mojeek.com/bot.html
remote_addresses: ["5.102.173.71/32"] remote_addresses: [ "5.102.173.71/32" ]

21
data/crawlers/openai-gptbot.yaml
View File

@@ -4,14 +4,13 @@
user_agent_regex: GPTBot/1\.1; \+https\://openai\.com/gptbot user_agent_regex: GPTBot/1\.1; \+https\://openai\.com/gptbot
action: ALLOW action: ALLOW
# https://openai.com/gptbot.json # https://openai.com/gptbot.json
remote_addresses: remote_addresses: [
[ "52.230.152.0/24",
"52.230.152.0/24", "20.171.206.0/24",
"20.171.206.0/24", "20.171.207.0/24",
"20.171.207.0/24", "4.227.36.0/25",
"4.227.36.0/25", "20.125.66.80/28",
"20.125.66.80/28", "172.182.204.0/24",
"172.182.204.0/24", "172.182.214.0/24",
"172.182.214.0/24", "172.182.215.0/24",
"172.182.215.0/24", ]
]

15
data/crawlers/openai-searchbot.yaml
View File

@@ -4,11 +4,10 @@
user_agent_regex: OAI-SearchBot/1\.0; \+https\://openai\.com/searchbot user_agent_regex: OAI-SearchBot/1\.0; \+https\://openai\.com/searchbot
action: ALLOW action: ALLOW
# https://openai.com/searchbot.json # https://openai.com/searchbot.json
remote_addresses: remote_addresses: [
[ "20.42.10.176/28",
"20.42.10.176/28", "172.203.190.128/28",
"172.203.190.128/28", "104.210.140.128/28",
"104.210.140.128/28", "51.8.102.0/24",
"51.8.102.0/24", "135.234.64.0/24"
"135.234.64.0/24", ]
]

17
data/crawlers/perplexitybot.yaml
View File

@@ -1,17 +0,0 @@
# Indexing for search, does not collect training data
# https://docs.perplexity.ai/guides/bots
- name: perplexitybot
user_agent_regex: PerplexityBot/.+; \+https\://perplexity\.ai/perplexitybot
action: ALLOW
# https://www.perplexity.com/perplexitybot.json
remote_addresses:
[
"107.20.236.150/32",
"3.224.62.45/32",
"18.210.92.235/32",
"3.222.232.239/32",
"3.211.124.183/32",
"3.231.139.107/32",
"18.97.1.228/30",
"18.97.9.96/29",
]

2
data/crawlers/qwantbot.yaml
View File

@@ -2,4 +2,4 @@
user_agent_regex: \+https\://help\.qwant\.com/bot/ user_agent_regex: \+https\://help\.qwant\.com/bot/
action: ALLOW action: ALLOW
# https://help.qwant.com/wp-content/uploads/sites/2/2025/01/qwantbot.json # https://help.qwant.com/wp-content/uploads/sites/2/2025/01/qwantbot.json
remote_addresses: ["91.242.162.0/24"] remote_addresses: [ "91.242.162.0/24" ]

12
data/crawlers/yandexbot.yaml
View File

@@ -1,6 +1,6 @@
- name: yandexbot - name: yandexbot
action: ALLOW action: ALLOW
expression: expression:
all: all:
- userAgent.matches("\\+http\\://yandex\\.com/bots") - userAgent.matches("\\+http\\://yandex\\.com/bots")
- verifyFCrDNS(remoteAddress, "^.*\\.yandex\\.(ru|com|net)$") - verifyFCrDNS(remoteAddress, "^.*\\.yandex\\.(ru|com|net)$")

2
data/meta/README.md
View File

@@ -2,4 +2,4 @@
Contains policies that exclusively reference policies in _multiple_ other data folders. Contains policies that exclusively reference policies in _multiple_ other data folders.
Akin to "stances" that the administrator can take, with reference to various topics, such as AI/LLM systems. Akin to "stances" that the administrator can take, with reference to various topics, such as AI/LLM systems.

2
data/meta/ai-block-aggressive.yaml
View File

@@ -3,4 +3,4 @@
- import: (data)/bots/ai-catchall.yaml - import: (data)/bots/ai-catchall.yaml
- import: (data)/clients/ai.yaml - import: (data)/clients/ai.yaml
- import: (data)/crawlers/ai-search.yaml - import: (data)/crawlers/ai-search.yaml
- import: (data)/crawlers/ai-training.yaml - import: (data)/crawlers/ai-training.yaml

4
data/meta/ai-block-moderate.yaml
View File

@@ -3,7 +3,5 @@
- import: (data)/bots/ai-catchall.yaml - import: (data)/bots/ai-catchall.yaml
- import: (data)/crawlers/ai-training.yaml - import: (data)/crawlers/ai-training.yaml
- import: (data)/crawlers/openai-searchbot.yaml - import: (data)/crawlers/openai-searchbot.yaml
- import: (data)/crawlers/perplexitybot.yaml
- import: (data)/clients/openai-chatgpt-user.yaml - import: (data)/clients/openai-chatgpt-user.yaml
- import: (data)/clients/mistral-mistralai-user.yaml - import: (data)/clients/mistral-mistralai-user.yaml
- import: (data)/clients/perplexity-user.yaml

4
data/meta/ai-block-permissive.yaml
View File

@@ -2,7 +2,5 @@
- import: (data)/bots/ai-catchall.yaml - import: (data)/bots/ai-catchall.yaml
- import: (data)/crawlers/openai-searchbot.yaml - import: (data)/crawlers/openai-searchbot.yaml
- import: (data)/crawlers/openai-gptbot.yaml - import: (data)/crawlers/openai-gptbot.yaml
- import: (data)/crawlers/perplexitybot.yaml
- import: (data)/clients/openai-chatgpt-user.yaml - import: (data)/clients/openai-chatgpt-user.yaml
- import: (data)/clients/mistral-mistralai-user.yaml - import: (data)/clients/mistral-mistralai-user.yaml
- import: (data)/clients/perplexity-user.yaml

44
data/meta/default-config.yaml
View File

@@ -79,6 +79,50 @@
# weight: # weight:
# adjust: -10 # adjust: -10
# Assert behaviour that only genuine browsers display. This ensures that Chrome
# or Firefox versions
- name: realistic-browser-catchall
expression:
all:
- '"User-Agent" in headers'
- '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
- '"Accept" in headers'
- '"Sec-Fetch-Dest" in headers'
- '"Sec-Fetch-Mode" in headers'
- '"Sec-Fetch-Site" in headers'
- '"Accept-Encoding" in headers'
- '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
- '"Accept-Language" in headers'
action: WEIGH
weight:
adjust: -10
# The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
- name: upgrade-insecure-requests
expression: '"Upgrade-Insecure-Requests" in headers'
action: WEIGH
weight:
adjust: -2
# Chrome should behave like Chrome
- name: chrome-is-proper
expression:
all:
- userAgent.contains("Chrome")
- '"Sec-Ch-Ua" in headers'
- 'headers["Sec-Ch-Ua"].contains("Chromium")'
- '"Sec-Ch-Ua-Mobile" in headers'
- '"Sec-Ch-Ua-Platform" in headers'
action: WEIGH
weight:
adjust: -5
- name: should-have-accept
expression: '!("Accept" in headers)'
action: WEIGH
weight:
adjust: 5
# Generic catchall rule # Generic catchall rule
- name: generic-browser - name: generic-browser
user_agent_regex: >- user_agent_regex: >-

4
data/meta/messengers-preview.yaml
View File

@@ -1,2 +1,2 @@
- import: (data)/clients/telegram-preview.yaml - import: (data)/clients/telegram-preview.yaml
- import: (data)/clients/vk-preview.yaml - import: (data)/clients/vk-preview.yaml

439
data/services/uptime-robot.yaml
View File

@@ -2,223 +2,222 @@
user_agent_regex: UptimeRobot user_agent_regex: UptimeRobot
action: ALLOW action: ALLOW
# https://api.uptimerobot.com/meta/ips # https://api.uptimerobot.com/meta/ips
remote_addresses: remote_addresses: [
[ "3.12.251.153/32",
"3.12.251.153/32", "3.20.63.178/32",
"3.20.63.178/32", "3.77.67.4/32",
"3.77.67.4/32", "3.79.134.69/32",
"3.79.134.69/32", "3.105.133.239/32",
"3.105.133.239/32", "3.105.190.221/32",
"3.105.190.221/32", "3.133.226.214/32",
"3.133.226.214/32", "3.149.57.90/32",
"3.149.57.90/32", "3.212.128.62/32",
"3.212.128.62/32", "5.161.61.238/32",
"5.161.61.238/32", "5.161.73.160/32",
"5.161.73.160/32", "5.161.75.7/32",
"5.161.75.7/32", "5.161.113.195/32",
"5.161.113.195/32", "5.161.117.52/32",
"5.161.117.52/32", "5.161.177.47/32",
"5.161.177.47/32", "5.161.194.92/32",
"5.161.194.92/32", "5.161.215.244/32",
"5.161.215.244/32", "5.223.43.32/32",
"5.223.43.32/32", "5.223.53.147/32",
"5.223.53.147/32", "5.223.57.22/32",
"5.223.57.22/32", "18.116.205.62/32",
"18.116.205.62/32", "18.180.208.214/32",
"18.180.208.214/32", "18.192.166.72/32",
"18.192.166.72/32", "18.193.252.127/32",
"18.193.252.127/32", "24.144.78.39/32",
"24.144.78.39/32", "24.144.78.185/32",
"24.144.78.185/32", "34.198.201.66/32",
"34.198.201.66/32", "45.55.123.175/32",
"45.55.123.175/32", "45.55.127.146/32",
"45.55.127.146/32", "49.13.24.81/32",
"49.13.24.81/32", "49.13.130.29/32",
"49.13.130.29/32", "49.13.134.145/32",
"49.13.134.145/32", "49.13.164.148/32",
"49.13.164.148/32", "49.13.167.123/32",
"49.13.167.123/32", "52.15.147.27/32",
"52.15.147.27/32", "52.22.236.30/32",
"52.22.236.30/32", "52.28.162.93/32",
"52.28.162.93/32", "52.59.43.236/32",
"52.59.43.236/32", "52.87.72.16/32",
"52.87.72.16/32", "54.64.67.106/32",
"54.64.67.106/32", "54.79.28.129/32",
"54.79.28.129/32", "54.87.112.51/32",
"54.87.112.51/32", "54.167.223.174/32",
"54.167.223.174/32", "54.249.170.27/32",
"54.249.170.27/32", "63.178.84.147/32",
"63.178.84.147/32", "64.225.81.248/32",
"64.225.81.248/32", "64.225.82.147/32",
"64.225.82.147/32", "69.162.124.227/32",
"69.162.124.227/32", "69.162.124.235/32",
"69.162.124.235/32", "69.162.124.238/32",
"69.162.124.238/32", "78.46.190.63/32",
"78.46.190.63/32", "78.46.215.1/32",
"78.46.215.1/32", "78.47.98.55/32",
"78.47.98.55/32", "78.47.173.76/32",
"78.47.173.76/32", "88.99.80.227/32",
"88.99.80.227/32", "91.99.101.207/32",
"91.99.101.207/32", "128.140.41.193/32",
"128.140.41.193/32", "128.140.106.114/32",
"128.140.106.114/32", "129.212.132.140/32",
"129.212.132.140/32", "134.199.240.137/32",
"134.199.240.137/32", "138.197.53.117/32",
"138.197.53.117/32", "138.197.53.138/32",
"138.197.53.138/32", "138.197.54.143/32",
"138.197.54.143/32", "138.197.54.247/32",
"138.197.54.247/32", "138.197.63.92/32",
"138.197.63.92/32", "139.59.50.44/32",
"139.59.50.44/32", "142.132.180.39/32",
"142.132.180.39/32", "143.198.249.237/32",
"143.198.249.237/32", "143.198.250.89/32",
"143.198.250.89/32", "143.244.196.21/32",
"143.244.196.21/32", "143.244.196.211/32",
"143.244.196.211/32", "143.244.221.177/32",
"143.244.221.177/32", "144.126.251.21/32",
"144.126.251.21/32", "146.190.9.187/32",
"146.190.9.187/32", "152.42.149.135/32",
"152.42.149.135/32", "157.90.155.240/32",
"157.90.155.240/32", "157.90.156.63/32",
"157.90.156.63/32", "159.69.158.189/32",
"159.69.158.189/32", "159.223.243.219/32",
"159.223.243.219/32", "161.35.247.201/32",
"161.35.247.201/32", "167.99.18.52/32",
"167.99.18.52/32", "167.235.143.113/32",
"167.235.143.113/32", "168.119.53.160/32",
"168.119.53.160/32", "168.119.96.239/32",
"168.119.96.239/32", "168.119.123.75/32",
"168.119.123.75/32", "170.64.250.64/32",
"170.64.250.64/32", "170.64.250.132/32",
"170.64.250.132/32", "170.64.250.235/32",
"170.64.250.235/32", "178.156.181.172/32",
"178.156.181.172/32", "178.156.184.20/32",
"178.156.184.20/32", "178.156.185.127/32",
"178.156.185.127/32", "178.156.185.231/32",
"178.156.185.231/32", "178.156.187.238/32",
"178.156.187.238/32", "178.156.189.113/32",
"178.156.189.113/32", "178.156.189.249/32",
"178.156.189.249/32", "188.166.201.79/32",
"188.166.201.79/32", "206.189.241.133/32",
"206.189.241.133/32", "209.38.49.1/32",
"209.38.49.1/32", "209.38.49.206/32",
"209.38.49.206/32", "209.38.49.226/32",
"209.38.49.226/32", "209.38.51.43/32",
"209.38.51.43/32", "209.38.53.7/32",
"209.38.53.7/32", "209.38.124.252/32",
"209.38.124.252/32", "216.144.248.18/31",
"216.144.248.18/31", "216.144.248.21/32",
"216.144.248.21/32", "216.144.248.22/31",
"216.144.248.22/31", "216.144.248.24/30",
"216.144.248.24/30", "216.144.248.28/31",
"216.144.248.28/31", "216.144.248.30/32",
"216.144.248.30/32", "216.245.221.83/32",
"216.245.221.83/32", "2400:6180:10:200::56a0:b000/128",
"2400:6180:10:200::56a0:b000/128", "2400:6180:10:200::56a0:c000/128",
"2400:6180:10:200::56a0:c000/128", "2400:6180:10:200::56a0:e000/128",
"2400:6180:10:200::56a0:e000/128", "2400:6180:100:d0::94b6:4001/128",
"2400:6180:100:d0::94b6:4001/128", "2400:6180:100:d0::94b6:5001/128",
"2400:6180:100:d0::94b6:5001/128", "2400:6180:100:d0::94b6:7001/128",
"2400:6180:100:d0::94b6:7001/128", "2406:da14:94d:8601:9d0d:7754:bedf:e4f5/128",
"2406:da14:94d:8601:9d0d:7754:bedf:e4f5/128", "2406:da14:94d:8601:b325:ff58:2bba:7934/128",
"2406:da14:94d:8601:b325:ff58:2bba:7934/128", "2406:da14:94d:8601:db4b:c5ac:2cbe:9a79/128",
"2406:da14:94d:8601:db4b:c5ac:2cbe:9a79/128", "2406:da1c:9c8:dc02:7ae1:f2ea:ab91:2fde/128",
"2406:da1c:9c8:dc02:7ae1:f2ea:ab91:2fde/128", "2406:da1c:9c8:dc02:7db9:f38b:7b9f:402e/128",
"2406:da1c:9c8:dc02:7db9:f38b:7b9f:402e/128", "2406:da1c:9c8:dc02:82b2:f0fd:ee96:579/128",
"2406:da1c:9c8:dc02:82b2:f0fd:ee96:579/128", "2600:1f16:775:3a00:ac3:c5eb:7081:942e/128",
"2600:1f16:775:3a00:ac3:c5eb:7081:942e/128", "2600:1f16:775:3a00:37bf:6026:e54a:f03a/128",
"2600:1f16:775:3a00:37bf:6026:e54a:f03a/128", "2600:1f16:775:3a00:3f24:5bb0:95d7:5a6b/128",
"2600:1f16:775:3a00:3f24:5bb0:95d7:5a6b/128", "2600:1f16:775:3a00:8c2c:2ba6:778f:5be5/128",
"2600:1f16:775:3a00:8c2c:2ba6:778f:5be5/128", "2600:1f16:775:3a00:91ac:3120:ff38:92b5/128",
"2600:1f16:775:3a00:91ac:3120:ff38:92b5/128", "2600:1f16:775:3a00:dbbe:36b0:3c45:da32/128",
"2600:1f16:775:3a00:dbbe:36b0:3c45:da32/128", "2600:1f18:179:f900:71:af9a:ade7:d772/128",
"2600:1f18:179:f900:71:af9a:ade7:d772/128", "2600:1f18:179:f900:2406:9399:4ae6:c5d3/128",
"2600:1f18:179:f900:2406:9399:4ae6:c5d3/128", "2600:1f18:179:f900:4696:7729:7bb3:f52f/128",
"2600:1f18:179:f900:4696:7729:7bb3:f52f/128", "2600:1f18:179:f900:4b7d:d1cc:2d10:211/128",
"2600:1f18:179:f900:4b7d:d1cc:2d10:211/128", "2600:1f18:179:f900:5c68:91b6:5d75:5d7/128",
"2600:1f18:179:f900:5c68:91b6:5d75:5d7/128", "2600:1f18:179:f900:e8dd:eed1:a6c:183b/128",
"2600:1f18:179:f900:e8dd:eed1:a6c:183b/128", "2604:a880:800:14:0:1:68ba:d000/128",
"2604:a880:800:14:0:1:68ba:d000/128", "2604:a880:800:14:0:1:68ba:e000/128",
"2604:a880:800:14:0:1:68ba:e000/128", "2604:a880:800:14:0:1:68bb:0/128",
"2604:a880:800:14:0:1:68bb:0/128", "2604:a880:800:14:0:1:68bb:1000/128",
"2604:a880:800:14:0:1:68bb:1000/128", "2604:a880:800:14:0:1:68bb:3000/128",
"2604:a880:800:14:0:1:68bb:3000/128", "2604:a880:800:14:0:1:68bb:4000/128",
"2604:a880:800:14:0:1:68bb:4000/128", "2604:a880:800:14:0:1:68bb:5000/128",
"2604:a880:800:14:0:1:68bb:5000/128", "2604:a880:800:14:0:1:68bb:6000/128",
"2604:a880:800:14:0:1:68bb:6000/128", "2604:a880:800:14:0:1:68bb:7000/128",
"2604:a880:800:14:0:1:68bb:7000/128", "2604:a880:800:14:0:1:68bb:a000/128",
"2604:a880:800:14:0:1:68bb:a000/128", "2604:a880:800:14:0:1:68bb:b000/128",
"2604:a880:800:14:0:1:68bb:b000/128", "2604:a880:800:14:0:1:68bb:c000/128",
"2604:a880:800:14:0:1:68bb:c000/128", "2604:a880:800:14:0:1:68bb:d000/128",
"2604:a880:800:14:0:1:68bb:d000/128", "2604:a880:800:14:0:1:68bb:e000/128",
"2604:a880:800:14:0:1:68bb:e000/128", "2604:a880:800:14:0:1:68bb:f000/128",
"2604:a880:800:14:0:1:68bb:f000/128", "2607:ff68:107::4/128",
"2607:ff68:107::4/128", "2607:ff68:107::14/128",
"2607:ff68:107::14/128", "2607:ff68:107::33/128",
"2607:ff68:107::33/128", "2607:ff68:107::48/127",
"2607:ff68:107::48/127", "2607:ff68:107::50/125",
"2607:ff68:107::50/125", "2607:ff68:107::58/127",
"2607:ff68:107::58/127", "2607:ff68:107::60/128",
"2607:ff68:107::60/128", "2a01:4f8:c0c:83fa::1/128",
"2a01:4f8:c0c:83fa::1/128", "2a01:4f8:c17:42e4::1/128",
"2a01:4f8:c17:42e4::1/128", "2a01:4f8:c2c:9fc6::1/128",
"2a01:4f8:c2c:9fc6::1/128", "2a01:4f8:c2c:beae::1/128",
"2a01:4f8:c2c:beae::1/128", "2a01:4f8:1c1a:3d53::1/128",
"2a01:4f8:1c1a:3d53::1/128", "2a01:4f8:1c1b:4ef4::1/128",
"2a01:4f8:1c1b:4ef4::1/128", "2a01:4f8:1c1b:5b5a::1/128",
"2a01:4f8:1c1b:5b5a::1/128", "2a01:4f8:1c1b:7ecc::1/128",
"2a01:4f8:1c1b:7ecc::1/128", "2a01:4f8:1c1c:11aa::1/128",
"2a01:4f8:1c1c:11aa::1/128", "2a01:4f8:1c1c:5353::1/128",
"2a01:4f8:1c1c:5353::1/128", "2a01:4f8:1c1c:7240::1/128",
"2a01:4f8:1c1c:7240::1/128", "2a01:4f8:1c1c:a98a::1/128",
"2a01:4f8:1c1c:a98a::1/128", "2a01:4f8:c012:c60e::1/128",
"2a01:4f8:c012:c60e::1/128", "2a01:4f8:c013:c18::1/128",
"2a01:4f8:c013:c18::1/128", "2a01:4f8:c013:34c0::1/128",
"2a01:4f8:c013:34c0::1/128", "2a01:4f8:c013:3b0f::1/128",
"2a01:4f8:c013:3b0f::1/128", "2a01:4f8:c013:3c52::1/128",
"2a01:4f8:c013:3c52::1/128", "2a01:4f8:c013:3c53::1/128",
"2a01:4f8:c013:3c53::1/128", "2a01:4f8:c013:3c54::1/128",
"2a01:4f8:c013:3c54::1/128", "2a01:4f8:c013:3c55::1/128",
"2a01:4f8:c013:3c55::1/128", "2a01:4f8:c013:3c56::1/128",
"2a01:4f8:c013:3c56::1/128", "2a01:4ff:f0:bfd::1/128",
"2a01:4ff:f0:bfd::1/128", "2a01:4ff:f0:2219::1/128",
"2a01:4ff:f0:2219::1/128", "2a01:4ff:f0:3e03::1/128",
"2a01:4ff:f0:3e03::1/128", "2a01:4ff:f0:5f80::1/128",
"2a01:4ff:f0:5f80::1/128", "2a01:4ff:f0:7fad::1/128",
"2a01:4ff:f0:7fad::1/128", "2a01:4ff:f0:9c5f::1/128",
"2a01:4ff:f0:9c5f::1/128", "2a01:4ff:f0:b2f2::1/128",
"2a01:4ff:f0:b2f2::1/128", "2a01:4ff:f0:b6f1::1/128",
"2a01:4ff:f0:b6f1::1/128", "2a01:4ff:f0:d283::1/128",
"2a01:4ff:f0:d283::1/128", "2a01:4ff:f0:d3cd::1/128",
"2a01:4ff:f0:d3cd::1/128", "2a01:4ff:f0:e516::1/128",
"2a01:4ff:f0:e516::1/128", "2a01:4ff:f0:e9cf::1/128",
"2a01:4ff:f0:e9cf::1/128", "2a01:4ff:f0:eccb::1/128",
"2a01:4ff:f0:eccb::1/128", "2a01:4ff:f0:efd1::1/128",
"2a01:4ff:f0:efd1::1/128", "2a01:4ff:f0:fdc7::1/128",
"2a01:4ff:f0:fdc7::1/128", "2a01:4ff:2f0:193c::1/128",
"2a01:4ff:2f0:193c::1/128", "2a01:4ff:2f0:27de::1/128",
"2a01:4ff:2f0:27de::1/128", "2a01:4ff:2f0:3b3a::1/128",
"2a01:4ff:2f0:3b3a::1/128", "2a03:b0c0:2:f0::bd91:f001/128",
"2a03:b0c0:2:f0::bd91:f001/128", "2a03:b0c0:2:f0::bd92:1/128",
"2a03:b0c0:2:f0::bd92:1/128", "2a03:b0c0:2:f0::bd92:1001/128",
"2a03:b0c0:2:f0::bd92:1001/128", "2a03:b0c0:2:f0::bd92:2001/128",
"2a03:b0c0:2:f0::bd92:2001/128", "2a03:b0c0:2:f0::bd92:4001/128",
"2a03:b0c0:2:f0::bd92:4001/128", "2a03:b0c0:2:f0::bd92:5001/128",
"2a03:b0c0:2:f0::bd92:5001/128", "2a03:b0c0:2:f0::bd92:6001/128",
"2a03:b0c0:2:f0::bd92:6001/128", "2a03:b0c0:2:f0::bd92:7001/128",
"2a03:b0c0:2:f0::bd92:7001/128", "2a03:b0c0:2:f0::bd92:8001/128",
"2a03:b0c0:2:f0::bd92:8001/128", "2a03:b0c0:2:f0::bd92:9001/128",
"2a03:b0c0:2:f0::bd92:9001/128", "2a03:b0c0:2:f0::bd92:a001/128",
"2a03:b0c0:2:f0::bd92:a001/128", "2a03:b0c0:2:f0::bd92:b001/128",
"2a03:b0c0:2:f0::bd92:b001/128", "2a03:b0c0:2:f0::bd92:c001/128",
"2a03:b0c0:2:f0::bd92:c001/128", "2a03:b0c0:2:f0::bd92:e001/128",
"2a03:b0c0:2:f0::bd92:e001/128", "2a03:b0c0:2:f0::bd92:f001/128",
"2a03:b0c0:2:f0::bd92:f001/128", "2a05:d014:1815:3400:6d:9235:c1c0:96ad/128",
"2a05:d014:1815:3400:6d:9235:c1c0:96ad/128", "2a05:d014:1815:3400:654f:bd37:724c:212b/128",
"2a05:d014:1815:3400:654f:bd37:724c:212b/128", "2a05:d014:1815:3400:90b4:4ef9:5631:b170/128",
"2a05:d014:1815:3400:90b4:4ef9:5631:b170/128", "2a05:d014:1815:3400:9779:d8e9:100a:9642/128",
"2a05:d014:1815:3400:9779:d8e9:100a:9642/128", "2a05:d014:1815:3400:af29:e95e:64ff:df81/128",
"2a05:d014:1815:3400:af29:e95e:64ff:df81/128", "2a05:d014:1815:3400:c7d6:f7f3:6cc1:30d1/128",
"2a05:d014:1815:3400:c7d6:f7f3:6cc1:30d1/128", "2a05:d014:1815:3400:d784:e5dd:8e0:67cb/128",
"2a05:d014:1815:3400:d784:e5dd:8e0:67cb/128", ]
]

2
decaymap/decaymap.go
View File

@@ -146,7 +146,7 @@ func (m *Impl[K, V]) Close() {
func (m *Impl[K, V]) cleanupWorker() { func (m *Impl[K, V]) cleanupWorker() {
defer m.wg.Done() defer m.wg.Done()
batch := make([]deleteReq[K], 0, 64) batch := make([]deleteReq[K], 0, 64)
ticker := time.NewTicker(500 * time.Millisecond) ticker := time.NewTicker(10 * time.Millisecond)
defer ticker.Stop() defer ticker.Stop()
flush := func() { flush := func() {

2
decaymap/decaymap_test.go
View File

@@ -32,7 +32,7 @@ func TestImpl(t *testing.T) {
// Deletion of expired entries after Get is deferred to a background worker. // Deletion of expired entries after Get is deferred to a background worker.
// Assert it eventually disappears from the map. // Assert it eventually disappears from the map.
deadline := time.Now().Add(700 * time.Millisecond) deadline := time.Now().Add(200 * time.Millisecond)
for time.Now().Before(deadline) { for time.Now().Before(deadline) {
if dm.Len() == 0 { if dm.Len() == 0 {
break break

2
docs/blog/2025-06-27-release-1.20.0/index.mdx
View File

@@ -226,7 +226,7 @@ So far Anubis supports the following languages:
- English (Simplified and Traditional) - English (Simplified and Traditional)
- French - French
- Portuguese (Brazil) - Portugese (Brazil)
- Spanish - Spanish
If you want to contribute translations, please [file an issue](https://github.com/TecharoHQ/anubis/issues/new) with your language of choice or submit a pull request to [the `lib/localization/locales` folder](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). We are about to introduce features to the translation stack, so you may want to hold off a hot minute, but we welcome any and all contributions to making Anubis useful to a global audience. If you want to contribute translations, please [file an issue](https://github.com/TecharoHQ/anubis/issues/new) with your language of choice or submit a pull request to [the `lib/localization/locales` folder](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). We are about to introduce features to the translation stack, so you may want to hold off a hot minute, but we welcome any and all contributions to making Anubis useful to a global audience.

2
docs/blog/2025-07-22-release-1.21.1/index.mdx
View File

@@ -69,7 +69,7 @@ I am waiting to hear back from NLNet on if Anubis was selected for funding or no
Anubis now supports localized responses. Locales can be added in [lib/localization/locales/](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). This release includes support for the following languages: Anubis now supports localized responses. Locales can be added in [lib/localization/locales/](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). This release includes support for the following languages:
- [Brazilian Portuguese](https://github.com/TecharoHQ/anubis/pull/726) - [Brazilian Portugese](https://github.com/TecharoHQ/anubis/pull/726)
- [Chinese (Simplified)](https://github.com/TecharoHQ/anubis/pull/774) - [Chinese (Simplified)](https://github.com/TecharoHQ/anubis/pull/774)
- [Chinese (Traditional)](https://github.com/TecharoHQ/anubis/pull/759) - [Chinese (Traditional)](https://github.com/TecharoHQ/anubis/pull/759)
- [Czech](https://github.com/TecharoHQ/anubis/pull/849) - [Czech](https://github.com/TecharoHQ/anubis/pull/849)

150
docs/blog/2025-08-28-cpu-core-odd/ProofOfWorkDiagram/index.jsx
View File

@@ -1,16 +1,14 @@
import React, { useState, useEffect, useMemo } from "react"; import React, { useState, useEffect, useMemo } from 'react';
import styles from "./styles.module.css"; import styles from './styles.module.css';
// A helper function to perform SHA-256 hashing. // A helper function to perform SHA-256 hashing.
// It takes a string, encodes it, hashes it, and returns a hex string. // It takes a string, encodes it, hashes it, and returns a hex string.
async function sha256(message) { async function sha256(message) {
try { try {
const msgBuffer = new TextEncoder().encode(message); const msgBuffer = new TextEncoder().encode(message);
const hashBuffer = await crypto.subtle.digest("SHA-256", msgBuffer); const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);
const hashArray = Array.from(new Uint8Array(hashBuffer)); const hashArray = Array.from(new Uint8Array(hashBuffer));
const hashHex = hashArray const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
.map((b) => b.toString(16).padStart(2, "0"))
.join("");
return hashHex; return hashHex;
} catch (error) { } catch (error) {
console.error("Hashing failed:", error); console.error("Hashing failed:", error);
@@ -23,42 +21,21 @@ const generateRandomHex = (bytes = 16) => {
const buffer = new Uint8Array(bytes); const buffer = new Uint8Array(bytes);
crypto.getRandomValues(buffer); crypto.getRandomValues(buffer);
return Array.from(buffer) return Array.from(buffer)
.map((byte) => byte.toString(16).padStart(2, "0")) .map(byte => byte.toString(16).padStart(2, '0'))
.join(""); .join('');
}; };
// Icon components for better visual feedback // Icon components for better visual feedback
const CheckIcon = () => ( const CheckIcon = () => (
<svg <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconGreen} fill="none" viewBox="0 0 24 24" stroke="currentColor">
xmlns="http://www.w3.org/2000/svg" <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z" />
className={styles.iconGreen}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z"
/>
</svg> </svg>
); );
const XCircleIcon = () => ( const XCircleIcon = () => (
<svg <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconRed} fill="none" viewBox="0 0 24 24" stroke="currentColor">
xmlns="http://www.w3.org/2000/svg" <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z" />
className={styles.iconRed}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z"
/>
</svg> </svg>
); );
@@ -69,7 +46,7 @@ export default function App() {
// State for the nonce, which is the variable we can change // State for the nonce, which is the variable we can change
const [nonce, setNonce] = useState(0); const [nonce, setNonce] = useState(0);
// State to store the resulting hash // State to store the resulting hash
const [hash, setHash] = useState(""); const [hash, setHash] = useState('');
// A flag to indicate if the current hash is the "winning" one // A flag to indicate if the current hash is the "winning" one
const [isMining, setIsMining] = useState(false); const [isMining, setIsMining] = useState(false);
const [isFound, setIsFound] = useState(false); const [isFound, setIsFound] = useState(false);
@@ -78,10 +55,7 @@ export default function App() {
const difficulty = "00"; const difficulty = "00";
// Memoize the combined data to avoid recalculating on every render // Memoize the combined data to avoid recalculating on every render
const combinedData = useMemo( const combinedData = useMemo(() => `${challenge}${nonce}`, [challenge, nonce]);
() => `${challenge}${nonce}`,
[challenge, nonce],
);
// This effect hook recalculates the hash whenever the combinedData changes. // This effect hook recalculates the hash whenever the combinedData changes.
useEffect(() => { useEffect(() => {
@@ -94,9 +68,7 @@ export default function App() {
} }
}; };
calculateHash(); calculateHash();
return () => { return () => { isMounted = false; };
isMounted = false;
};
}, [combinedData, difficulty]); }, [combinedData, difficulty]);
// This effect handles the automatic mining process // This effect handles the automatic mining process
@@ -121,7 +93,7 @@ export default function App() {
// Update the UI periodically to avoid freezing the browser // Update the UI periodically to avoid freezing the browser
if (miningNonce % 100 === 0) { if (miningNonce % 100 === 0) {
setNonce(miningNonce); setNonce(miningNonce);
await new Promise((resolve) => setTimeout(resolve, 0)); // Yield to the browser await new Promise(resolve => setTimeout(resolve, 0)); // Yield to the browser
} }
} }
}; };
@@ -130,27 +102,28 @@ export default function App() {
return () => { return () => {
continueMining = false; continueMining = false;
}; }
}, [isMining, challenge, nonce, difficulty]); }, [isMining, challenge, nonce, difficulty]);
const handleMineClick = () => { const handleMineClick = () => {
setIsMining(true); setIsMining(true);
}; }
const handleStopClick = () => { const handleStopClick = () => {
setIsMining(false); setIsMining(false);
}; }
const handleResetClick = () => { const handleResetClick = () => {
setIsMining(false); setIsMining(false);
setNonce(0); setNonce(0);
}; }
const handleNewChallengeClick = () => { const handleNewChallengeClick = () => {
setIsMining(false); setIsMining(false);
setChallenge(generateRandomHex(16)); setChallenge(generateRandomHex(16));
setNonce(0); setNonce(0);
}; }
// Helper to render the hash with colored leading characters // Helper to render the hash with colored leading characters
const renderHash = () => { const renderHash = () => {
@@ -180,46 +153,12 @@ export default function App() {
<div className={styles.block}> <div className={styles.block}>
<h2 className={styles.blockTitle}>2. Nonce</h2> <h2 className={styles.blockTitle}>2. Nonce</h2>
<div className={styles.nonceControls}> <div className={styles.nonceControls}>
<button <button onClick={() => setNonce(n => n - 1)} disabled={isMining} className={styles.nonceButton}>
onClick={() => setNonce((n) => n - 1)} <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconSmall} fill="none" viewBox="0 0 24 24" stroke="currentColor"><path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M20 12H4" /></svg>
disabled={isMining}
className={styles.nonceButton}
>
<svg
xmlns="http://www.w3.org/2000/svg"
className={styles.iconSmall}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M20 12H4"
/>
</svg>
</button> </button>
<span className={styles.nonceValue}>{nonce}</span> <span className={styles.nonceValue}>{nonce}</span>
<button <button onClick={() => setNonce(n => n + 1)} disabled={isMining} className={styles.nonceButton}>
onClick={() => setNonce((n) => n + 1)} <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconSmall} fill="none" viewBox="0 0 24 24" stroke="currentColor"><path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 4v16m8-8H4" /></svg>
disabled={isMining}
className={styles.nonceButton}
>
<svg
xmlns="http://www.w3.org/2000/svg"
className={styles.iconSmall}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M12 4v16m8-8H4"
/>
</svg>
</button> </button>
</div> </div>
</div> </div>
@@ -233,26 +172,13 @@ export default function App() {
{/* Arrow pointing down */} {/* Arrow pointing down */}
<div className={styles.arrowContainer}> <div className={styles.arrowContainer}>
<svg <svg xmlns="http://www.w3.org/2000/svg" className={styles.iconGray} fill="none" viewBox="0 0 24 24" stroke="currentColor">
xmlns="http://www.w3.org/2000/svg" <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 14l-7 7m0 0l-7-7m7 7V3" />
className={styles.iconGray}
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M19 14l-7 7m0 0l-7-7m7 7V3"
/>
</svg> </svg>
</div> </div>
{/* Hash Output Block */} {/* Hash Output Block */}
<div <div className={`${styles.hashContainer} ${isFound ? styles.hashContainerSuccess : styles.hashContainerError}`}>
className={`${styles.hashContainer} ${isFound ? styles.hashContainerSuccess : styles.hashContainerError}`}
>
<div className={styles.hashContent}> <div className={styles.hashContent}>
<div className={styles.hashText}> <div className={styles.hashText}>
<h2 className={styles.blockTitle}>4. Resulting Hash (SHA-256)</h2> <h2 className={styles.blockTitle}>4. Resulting Hash (SHA-256)</h2>
@@ -267,30 +193,18 @@ export default function App() {
{/* Mining Controls */} {/* Mining Controls */}
<div className={styles.buttonContainer}> <div className={styles.buttonContainer}>
{!isMining ? ( {!isMining ? (
<button <button onClick={handleMineClick} className={`${styles.button} ${styles.buttonCyan}`}>
onClick={handleMineClick}
className={`${styles.button} ${styles.buttonCyan}`}
>
Auto-Mine Auto-Mine
</button> </button>
) : ( ) : (
<button <button onClick={handleStopClick} className={`${styles.button} ${styles.buttonYellow}`}>
onClick={handleStopClick}
className={`${styles.button} ${styles.buttonYellow}`}
>
Stop Mining Stop Mining
</button> </button>
)} )}
<button <button onClick={handleNewChallengeClick} className={`${styles.button} ${styles.buttonIndigo}`}>
onClick={handleNewChallengeClick}
className={`${styles.button} ${styles.buttonIndigo}`}
>
New Challenge New Challenge
</button> </button>
<button <button onClick={handleResetClick} className={`${styles.button} ${styles.buttonGray}`}>
onClick={handleResetClick}
className={`${styles.button} ${styles.buttonGray}`}
>
Reset Nonce Reset Nonce
</button> </button>
</div> </div>

8
docs/blog/2025-08-28-cpu-core-odd/ProofOfWorkDiagram/styles.module.css
View File

@@ -48,9 +48,7 @@
background-color: rgb(31 41 55); background-color: rgb(31 41 55);
padding: 1.5rem; padding: 1.5rem;
border-radius: 0.5rem; border-radius: 0.5rem;
box-shadow: box-shadow: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
0 10px 15px -3px rgb(0 0 0 / 0.1),
0 4px 6px -4px rgb(0 0 0 / 0.1);
height: 100%; height: 100%;
display: flex; display: flex;
flex-direction: column; flex-direction: column;
@@ -160,9 +158,7 @@
.hashContainer { .hashContainer {
padding: 1.5rem; padding: 1.5rem;
border-radius: 0.5rem; border-radius: 0.5rem;
box-shadow: box-shadow: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
0 10px 15px -3px rgb(0 0 0 / 0.1),
0 4px 6px -4px rgb(0 0 0 / 0.1);
transition: all 300ms; transition: all 300ms;
border: 2px solid; border: 2px solid;
} }

9
docs/docs/CHANGELOG.md
View File

@@ -11,14 +11,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
- Add iplist2rule tool that lets admins turn an IP address blocklist into an Anubis ruleset.
- Add Polish locale ([#1292](https://github.com/TecharoHQ/anubis/pull/1309))
- Fix honeypot and imprint links missing `BASE_PREFIX` when deployed behind a path prefix ([#1402](https://github.com/TecharoHQ/anubis/issues/1402))
- Improve idle performance in memory storage
<!-- This changes the project to: --> <!-- This changes the project to: -->
## v1.24.0: Y'shtola Rhul ## v1.24.0 [pre1]: Y'shtola Rhul
Anubis is back and better than ever! Lots of minor fixes with some big ones interspersed. Anubis is back and better than ever! Lots of minor fixes with some big ones interspersed.
@@ -32,8 +27,6 @@ Anubis is back and better than ever! Lots of minor fixes with some big ones inte
- Add support to simple Valkey/Redis cluster mode - Add support to simple Valkey/Redis cluster mode
- Open Graph passthrough now reuses the configured target Host/SNI/TLS settings, so metadata fetches succeed when the upstream certificate differs from the public domain. ([1283](https://github.com/TecharoHQ/anubis/pull/1283)) - Open Graph passthrough now reuses the configured target Host/SNI/TLS settings, so metadata fetches succeed when the upstream certificate differs from the public domain. ([1283](https://github.com/TecharoHQ/anubis/pull/1283))
- Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures. - Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures.
- Refine the check that ensures the presence of the Accept header to avoid breaking docker clients.
- Removed rules intended to reward actual browsers due to abuse in the wild.
### Dataset poisoning ### Dataset poisoning

2
docs/docs/admin/_category_.json
View File

@@ -5,4 +5,4 @@
"type": "generated-index", "type": "generated-index",
"description": "Tradeoffs and considerations you may want to keep in mind when using Anubis." "description": "Tradeoffs and considerations you may want to keep in mind when using Anubis."
} }
} }

7
docs/docs/admin/botstopper.mdx
View File

@@ -51,8 +51,9 @@ If you are using Kubernetes, you will need to create an image pull secret:
kubectl create secret docker-registry \ kubectl create secret docker-registry \
techarohq-botstopper \ techarohq-botstopper \
--docker-server ghcr.io \ --docker-server ghcr.io \
--docker-username any-username \ --docker-username your-username \
--docker-password <your-access-token> \ --docker-password your-access-token \
--docker-email your@email.address
``` ```
Then attach it to your Deployment: Then attach it to your Deployment:
@@ -84,7 +85,7 @@ Follow [the upstream Docker compose directions](https://anubis.techaro.lol/docs/
OG_EXPIRY_TIME: "24h" OG_EXPIRY_TIME: "24h"
+ # botstopper config here + # botstopper config here
+ CHALLENGE_TITLE: "Doing math for your connection!" + CHALLENGE_TITLE: "Doing math for your connnection!"
+ ERROR_TITLE: "Something went wrong!" + ERROR_TITLE: "Something went wrong!"
+ OVERLAY_FOLDER: /assets + OVERLAY_FOLDER: /assets
+ volumes: + volumes:

2
docs/docs/admin/configuration/_category_.json
View File

@@ -5,4 +5,4 @@
"type": "generated-index", "type": "generated-index",
"description": "Detailed information about configuring parts of Anubis." "description": "Detailed information about configuring parts of Anubis."
} }
} }

2
docs/docs/admin/configuration/challenges/_category_.json
View File

@@ -2,4 +2,4 @@
"label": "Challenges", "label": "Challenges",
"position": 10, "position": 10,
"link": null "link": null
} }

26
docs/docs/admin/configuration/expressions.mdx
View File

@@ -243,16 +243,16 @@ function regexSafe(input: string): string;
`regexSafe` takes a string and escapes it for safe use inside of a regular expression. This is useful when you are creating regular expressions from headers or variables such as `remoteAddress`. `regexSafe` takes a string and escapes it for safe use inside of a regular expression. This is useful when you are creating regular expressions from headers or variables such as `remoteAddress`.
| Input | Output | | Input | Output |
| :------------------------- | :-------------- | | :------------------------ | :------------------------------ |
| `regexSafe("1.2.3.4")` | `1\\.2\\.3\\.4` | | `regexSafe("1.2.3.4")` | `1\\.2\\.3\\.4` |
| `regexSafe("techaro.lol")` | `techaro\\.lol` | | `regexSafe("techaro.lol")` | `techaro\\.lol` |
| `regexSafe("star*")` | `star\\*` | | `regexSafe("star*")` | `star\\*` |
| `regexSafe("plus+")` | `plus\\+` | | `regexSafe("plus+")` | `plus\\+` |
| `regexSafe("{braces}")` | `\\{braces\\}` | | `regexSafe("{braces}")` | `\\{braces\\}` |
| `regexSafe("start^")` | `start\\^` | | `regexSafe("start^")` | `start\\^` |
| `regexSafe("back\\slash")` | `back\\\\slash` | | `regexSafe("back\\slash")` | `back\\\\slash` |
| `regexSafe("dash-dash")` | `dash\\-dash` | | `regexSafe("dash-dash")` | `dash\\-dash` |
### `segments` ### `segments`
@@ -301,9 +301,9 @@ function arpaReverseIP(ip: string): string;
`arpaReverseIP` takes an IP address and returns its value in [ARPA notation](https://www.ietf.org/rfc/rfc2317.html). This can be useful when matching PTR record patterns. `arpaReverseIP` takes an IP address and returns its value in [ARPA notation](https://www.ietf.org/rfc/rfc2317.html). This can be useful when matching PTR record patterns.
| Input | Output | | Input | Output |
| :----------------------------- | :---------------------------------------------------------------- | | :----------------------------- | :------------------------------------------------------------------- |
| `arpaReverseIP("1.2.3.4")` | `4.3.2.1` | | `arpaReverseIP("1.2.3.4")` | `4.3.2.1` |
| `arpaReverseIP("2001:db8::1")` | `1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2` | | `arpaReverseIP("2001:db8::1")` | `1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2` |
#### `lookupHost` #### `lookupHost`

29
docs/docs/admin/configuration/import.mdx
View File

@@ -13,8 +13,6 @@ bots:
- # This correlates to data/bots/ai-catchall.yaml in the source tree - # This correlates to data/bots/ai-catchall.yaml in the source tree
import: (data)/bots/ai-catchall.yaml import: (data)/bots/ai-catchall.yaml
- import: (data)/bots/cloudflare-workers.yaml - import: (data)/bots/cloudflare-workers.yaml
# Import all the rules in the default configuration
- import: (data)/meta/default-config.yaml
``` ```
Of note, a bot rule can either have inline bot configuration or import a bot config snippet. You cannot do both in a single bot rule. Of note, a bot rule can either have inline bot configuration or import a bot config snippet. You cannot do both in a single bot rule.
@@ -37,33 +35,6 @@ config.BotOrImport: rule definition is invalid, you must set either bot rules or
Paths can either be prefixed with `(data)` to import from the [the data folder in the Anubis source tree](https://github.com/TecharoHQ/anubis/tree/main/data) or anywhere on the filesystem. If you don't have access to the Anubis source tree, check /usr/share/docs/anubis/data or in the tarball you extracted Anubis from. Paths can either be prefixed with `(data)` to import from the [the data folder in the Anubis source tree](https://github.com/TecharoHQ/anubis/tree/main/data) or anywhere on the filesystem. If you don't have access to the Anubis source tree, check /usr/share/docs/anubis/data or in the tarball you extracted Anubis from.
## Importing the default configuration
If you want to base your configuration off of the default configuration, import `(data)/meta/default-config.yaml`:
```yaml
bots:
- import: (data)/meta/default-config.yaml
# Write your rules here
```
This will keep your configuration up to date as Anubis adapts to emerging threats.
## How do I exempt most modern browsers from Anubis challenges?
If you want to exempt most modern browsers from Anubis challenges, import `(data)/common/acts-like-browser.yaml`:
```yaml
bots:
- import: (data)/meta/default-config.yaml
- import: (data)/common/acts-like-browser.yaml
# Write your rules here
```
These rules will allow traffic that "looks like" it's from a modern copy of Edge, Safari, Chrome, or Firefox. These rules used to be enabled by default, however user reports have suggested that AI scraper bots have adapted to conform to these rules to scrape without regard for the infrastructure they are attacking.
Use these rules at your own risk.
## Importing from imports ## Importing from imports
You can also import from an imported file in case you want to import an entire folder of rules at once. You can also import from an imported file in case you want to import an entire folder of rules at once.

2
docs/docs/admin/default-allow-behavior.mdx
View File

@@ -89,4 +89,4 @@ If you want to deny all traffic except what you explicitly allow, add a catch-al
- The implicit allow rule is always last and cannot be removed. - The implicit allow rule is always last and cannot be removed.
- Use your logs to monitor what traffic is being allowed by default. - Use your logs to monitor what traffic is being allowed by default.
See [Policy Definitions](./policies) for more details on writing rules. See [Policy Definitions](./policies) for more details on writing rules.

2
docs/docs/admin/environments/_category_.json
View File

@@ -5,4 +5,4 @@
"type": "generated-index", "type": "generated-index",
"description": "Detailed information about individual environments (such as HTTP servers, platforms, etc.) Anubis is known to work with." "description": "Detailed information about individual environments (such as HTTP servers, platforms, etc.) Anubis is known to work with."
} }
} }

2
docs/docs/admin/environments/kubernetes.mdx
View File

@@ -94,8 +94,10 @@ containers:
- ALL - ALL
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
``` ```
Then add a Service entry for Anubis: Then add a Service entry for Anubis:
```yaml ```yaml

117
docs/docs/admin/environments/nginx.mdx
View File

@@ -1,7 +1,5 @@
# Nginx # Nginx
import CodeBlock from "@theme/CodeBlock";
Anubis is intended to be a filter proxy. The way to integrate this with nginx is to break your configuration up into two parts: TLS termination and then HTTP routing. Consider this diagram: Anubis is intended to be a filter proxy. The way to integrate this with nginx is to break your configuration up into two parts: TLS termination and then HTTP routing. Consider this diagram:
```mermaid ```mermaid
@@ -38,26 +36,110 @@ These examples assume that you are using a setup where your nginx configuration
Assuming that we are protecting `anubistest.techaro.lol`, here's what the server configuration file would look like: Assuming that we are protecting `anubistest.techaro.lol`, here's what the server configuration file would look like:
import anubisTest from "!!raw-loader!./nginx/server-anubistest-techaro-lol.conf"; ```nginx
# /etc/nginx/conf.d/server-anubistest-techaro-lol.conf
<CodeBlock language="nginx">{anubisTest}</CodeBlock> # HTTP - Redirect all HTTP traffic to HTTPS
server {
listen 80;
listen [::]:80;
server_name anubistest.techaro.lol;
location / {
return 301 https://$host$request_uri;
}
}
# TLS termination server, this will listen over TLS (https) and then
# proxy all traffic to the target via Anubis.
server {
# Listen on TCP port 443 with TLS (https) and HTTP/2
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Http-Version $server_protocol;
proxy_pass http://anubis;
}
server_name anubistest.techaro.lol;
ssl_certificate /path/to/your/certs/anubistest.techaro.lol.crt;
ssl_certificate_key /path/to/your/certs/anubistest.techaro.lol.key;
}
# Backend server, this is where your webapp should actually live.
server {
listen unix:/run/nginx/nginx.sock;
server_name anubistest.techaro.lol;
root "/srv/http/anubistest.techaro.lol";
index index.html;
# Get the visiting IP from the TLS termination server
set_real_ip_from unix:;
real_ip_header X-Real-IP;
# Your normal configuration can go here
# location .php { fastcgi...} etc.
}
```
:::tip :::tip
You can copy the `location /` block into a separate file named something like `conf-anubis.inc` and then include it inline to other `server` blocks: You can copy the `location /` block into a separate file named something like `conf-anubis.inc` and then include it inline to other `server` blocks:
import anubisInclude from "!!raw-loader!./nginx/conf-anubis.inc"; ```nginx
# /etc/nginx/conf.d/conf-anubis.inc
<CodeBlock language="nginx">{anubisInclude}</CodeBlock> # Forward to anubis
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://anubis;
}
```
Then in a server block: Then in a server block:
<details> <details>
<summary>Full nginx config</summary> <summary>Full nginx config</summary>
import mimiTecharoLol from "!!raw-loader!./nginx/server-mimi-techaro-lol.conf"; ```nginx
# /etc/nginx/conf.d/server-mimi-techaro-lol.conf
<CodeBlock language="nginx">{mimiTecharoLol}</CodeBlock> server {
# Listen on 443 with SSL
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
# Slipstream via Anubis
include "conf-anubis.inc";
server_name mimi.techaro.lol;
ssl_certificate /path/to/your/certs/mimi.techaro.lol.crt;
ssl_certificate_key /path/to/your/certs/mimi.techaro.lol.key;
}
server {
listen unix:/run/nginx/nginx.sock;
server_name mimi.techaro.lol;
port_in_redirect off;
root "/srv/http/mimi.techaro.lol";
index index.html;
# Your normal configuration can go here
# location .php { fastcgi...} etc.
}
```
</details> </details>
@@ -65,9 +147,24 @@ import mimiTecharoLol from "!!raw-loader!./nginx/server-mimi-techaro-lol.conf";
Create an upstream for Anubis. Create an upstream for Anubis.
import anubisUpstream from "!!raw-loader!./nginx/upstream-anubis.conf"; ```nginx
# /etc/nginx/conf.d/upstream-anubis.conf
<CodeBlock language="nginx">{anubisUpstream}</CodeBlock> upstream anubis {
# Make sure this matches the values you set for `BIND` and `BIND_NETWORK`.
# If this does not match, your services will not be protected by Anubis.
# Try anubis first over a UNIX socket
server unix:/run/anubis/nginx.sock;
#server 127.0.0.1:8923;
# Optional: fall back to serving the websites directly. This allows your
# websites to be resilient against Anubis failing, at the risk of exposing
# them to the raw internet without protection. This is a tradeoff and can
# be worth it in some edge cases.
#server unix:/run/nginx.sock backup;
}
```
This can be repeated for multiple sites. Anubis does not care about the HTTP `Host` header and will happily cope with multiple websites via the same instance. This can be repeated for multiple sites. Anubis does not care about the HTTP `Host` header and will happily cope with multiple websites via the same instance.

2
docs/docs/admin/environments/nginx/conf-anubis.inc
View File

@@ -1,2 +0,0 @@
# /etc/nginx/conf-anubis.inc # Forward to anubis location / { proxy_set_header
Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://anubis; }

50
docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf
View File

@@ -1,50 +0,0 @@
# /etc/nginx/conf.d/server-anubistest-techaro-lol.conf
# HTTP - Redirect all HTTP traffic to HTTPS
server {
listen 80;
listen [::]:80;
server_name anubistest.techaro.lol;
location / {
return 301 https://$host$request_uri;
}
}
# TLS termination server, this will listen over TLS (https) and then
# proxy all traffic to the target via Anubis.
server {
# Listen on TCP port 443 with TLS (https) and HTTP/2
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Http-Version $server_protocol;
proxy_pass http://anubis;
}
server_name anubistest.techaro.lol;
ssl_certificate /path/to/your/certs/anubistest.techaro.lol.crt;
ssl_certificate_key /path/to/your/certs/anubistest.techaro.lol.key;
}
# Backend server, this is where your webapp should actually live.
server {
listen unix:/run/nginx/nginx.sock;
server_name anubistest.techaro.lol;
root "/srv/http/anubistest.techaro.lol";
index index.html;
# Get the visiting IP from the TLS termination server
set_real_ip_from unix:;
real_ip_header X-Real-IP;
# Your normal configuration can go here
# location .php { fastcgi...} etc.
}

29
docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf
View File

@@ -1,29 +0,0 @@
# /etc/nginx/conf.d/server-mimi-techaro-lol.conf
server {
# Listen on 443 with SSL
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
# Slipstream via Anubis
include "conf-anubis.inc";
server_name mimi.techaro.lol;
ssl_certificate /path/to/your/certs/mimi.techaro.lol.crt;
ssl_certificate_key /path/to/your/certs/mimi.techaro.lol.key;
}
server {
listen unix:/run/nginx/nginx.sock;
server_name mimi.techaro.lol;
port_in_redirect off;
root "/srv/http/mimi.techaro.lol";
index index.html;
# Your normal configuration can go here
# location .php { fastcgi...} etc.
}

16
docs/docs/admin/environments/nginx/upstream-anubis.conf
View File

@@ -1,16 +0,0 @@
# /etc/nginx/conf.d/upstream-anubis.conf
upstream anubis {
# Make sure this matches the values you set for `BIND` and `BIND_NETWORK`.
# If this does not match, your services will not be protected by Anubis.
# Try anubis first over a UNIX socket
server unix:/run/anubis/nginx.sock;
#server 127.0.0.1:8923;
# Optional: fall back to serving the websites directly. This allows your
# websites to be resilient against Anubis failing, at the risk of exposing
# them to the raw internet without protection. This is a tradeoff and can
# be worth it in some edge cases.
#server unix:/run/nginx.sock backup;
}

Some files were not shown because too many files have changed in this diff Show More