docs: update CHANGELOG

Signed-off-by: Xe Iaso <me@xeiaso.net>

data/botPolicies.yaml

@@ -93,44 +93,6 @@ bots:
   #   weight:
   #     adjust: -10
 
-  # Assert behaviour that only genuine browsers display. This ensures that Chrome
-  # or Firefox versions
-  - name: realistic-browser-catchall
-    expression:
-      all:
-        - '"User-Agent" in headers'
-        - '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
-        - '"Accept" in headers'
-        - '"Sec-Fetch-Dest" in headers'
-        - '"Sec-Fetch-Mode" in headers'
-        - '"Sec-Fetch-Site" in headers'
-        - '"Upgrade-Insecure-Requests" in headers'
-        - '"Accept-Encoding" in headers'
-        - '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
-        - '"Accept-Language" in headers'
-    action: WEIGH
-    weight:
-      adjust: -10
-
-  # Chrome should behave like Chrome
-  - name: chrome-is-proper
-    expression:
-      all:
-        - userAgent.contains("Chrome")
-        - '"Sec-Ch-Ua" in headers'
-        - 'headers["Sec-Ch-Ua"].contains("Chromium")'
-        - '"Sec-Ch-Ua-Mobile" in headers'
-        - '"Sec-Ch-Ua-Platform" in headers'
-    action: WEIGH
-    weight:
-      adjust: -5
-
-  - name: should-have-accept
-    expression: '!("Accept" in headers)'
-    action: WEIGH
-    weight:
-      adjust: 5
-
   # Generic catchall rule
   - name: generic-browser
     user_agent_regex: >-
@@ -250,14 +212,10 @@ thresholds:
         - weight < 20
     action: CHALLENGE
     challenge:
-      # https://anubis.techaro.lol/docs/admin/configuration/challenges/preact
+      # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
-      #
+      algorithm: fast
-      # This challenge proves the client can run a webapp written with Preact.
+      difficulty: 2 # two leading zeros, very fast for most clients
-      # The preact webapp simply loads, calculates the SHA-256 checksum of the
+      report_as: 2
-      # challenge data, and forwards that to the client.
-      algorithm: preact
-      difficulty: 1
-      report_as: 1
   - name: mild-proof-of-work
     expression:
       all:
@@ -267,8 +225,8 @@ thresholds:
     challenge:
       # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
       algorithm: fast
-      difficulty: 2 # two leading zeros, very fast for most clients
+      difficulty: 4
-      report_as: 2
+      report_as: 4
   # For clients that are browser like and have gained many points from custom rules
   - name: extreme-suspicion
     expression: weight >= 30
@@ -276,5 +234,5 @@ thresholds:
     challenge:
       # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
       algorithm: fast
-      difficulty: 4
+      difficulty: 6
-      report_as: 4
+      report_as: 6

data/clients/git.yaml

@@ -2,19 +2,13 @@
   action: ALLOW
   expression:
     all:
-      - >
+    - >
-        (  
+      (  
-          userAgent.startsWith("git/") ||
+        userAgent.startsWith("git/") ||
-          userAgent.contains("libgit") ||
+        userAgent.contains("libgit") ||
-          userAgent.startsWith("go-git") ||
+        userAgent.startsWith("go-git") ||
-          userAgent.startsWith("JGit/") ||
+        userAgent.startsWith("JGit/") ||
-          userAgent.startsWith("JGit-")
+        userAgent.startsWith("JGit-")
-        )
+      )
-      - '"Accept" in headers'
+    - '"Git-Protocol" in headers'
-      - headers["Accept"] == "*/*"
+    - headers["Git-Protocol"] == "version=2"
-      - '"Cache-Control" in headers'
-      - headers["Cache-Control"] == "no-cache"
-      - '"Pragma" in headers'
-      - headers["Pragma"] == "no-cache"
-      - '"Accept-Encoding" in headers'
-      - headers["Accept-Encoding"].contains("gzip")

docs/docs/CHANGELOG.md

@@ -29,10 +29,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fixes concurrency problems with very old browsers ([#1082](https://github.com/TecharoHQ/anubis/issues/1082)).
 - Randomly use the Refresh header instead of the meta refresh tag in the metarefresh challenge.
 - Update OpenRC service to truncate the runtime directory before starting Anubis.
-- Make the git client profile more strictly match how the git client behaves.
-- Make the default configuration reward users using normal browsers.
 - Allow multiple consecutive slashes in a row in application paths ([#754](https://github.com/TecharoHQ/anubis/issues/754)).
 - Add option to set `targetSNI` to special keyword 'auto' to indicate that it should be automatically set to the request Host name ([424](https://github.com/TecharoHQ/anubis/issues/424)).
+- The Preact challenge has been removed from the default configuration. It will be deprecated in the future.
 
 ### Bug Fixes