arian/anubis-mirror
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2026-04-05 16:28:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: arian:main
Branches Tags
arian:main arian:dependabot/go_modules/gomod-93cd730d29 arian:dependabot/github_actions/github-actions-96ace4fdb6 arian:dependabot/npm_and_yarn/npm-34965409cd arian:Xe/feat-main-challenge-uses-preact arian:Xe/faq-min-browser-version arian:Xe/ddwrt-logo arian:Xe/toggle-source arian:Xe/pprof-2 arian:Xe/ci-multiple-go-versions arian:Xe/experimental-windows-binary arian:Xe/go-sh-for-build-scripts arian:Xe/doc-disabling-jit arian:add-claude-github-actions-1773949601522 arian:json/fix-pow-deref arian:Xe/no-govulncheck arian:Xe/docs-systemd-logging-to-file arian:json/gofix arian:json/add-cel-iterator arian:Xe/haproxy-smoke-test arian:Xe/sponsor-logo-sync arian:Xe/agent-hints arian:Xe/contributing-commitlint-etc arian:json/add-back-comments arian:Xe/fix-preact-static-path arian:Xe/document-meta-default-config arian:Xe/bump-go arian:revert-1370-dependabot/go_modules/gomod-76b51a1623 arian:Xe/iplist2rule arian:Xe/fix-nginx-gha arian:fix/nginxsmoke arian:Xe/expose-pprof-in-metrics arian:Xe/serialize-memory arian:Xe/nginx-config-test arian:Xe/no-more-kindness arian:Xe/adjust-accept-rule arian:Xe/honeypot arian:Xe/demote-explicit-deny-logs arian:fix/pin-versions arian:Xe/deprecate-report_as arian:Xe/dependabot-cooldown arian:Xe/logrotate arian:Xe/go-mod-tidy-check arian:Xe/redis-sentinel arian:docs/fix-1080 arian:fix/ogtags-sni arian:fix/ci-go-mod arian:chore/gomodupdates arian:fix/CVE2025_24369-flakyness arian:fix/upgrade-playwright arian:fix/nilpointerpanic arian:Xe/metrics-for-weigh-matches arian:Xe/fix-docs-deploy arian:Xe/dont-cookie-host-implicitly arian:Xe/ensure-embed-folder-matches-embed-fs arian:Xe/more-docker-client-programs arian:Xe/add-asset-build-verification-workflow arian:Xe/gh-1252/docker-registry-client-fix arian:Xe/chrome-version-number-deweighing arian:Xe/blog/abuse-reports arian:Xe/unblock-tencent-cloud arian:Xe/fix-serve-robots-txt arian:Xe/analytics-so-i-can-get-grants arian:Xe/fix-open-redirect-subrequest arian:Xe/remove-copilot-instructions arian:Xe/checker.List-and-like arian:Xe/block-tencent-cloud arian:Xe/fix-bbolt-errors arian:Xe/get-started-environments arian:Xe/show-error-state arian:Xe/fix-webcrypto-detection arian:Xe/even-less-paranoid arian:Xe/unflake-lib-package arian:Xe/default-config-macro arian:Xe/preact-deprecate arian:Xe/less-paranoid arian:Xe/wasm3 arian:Xe/double-slash-xess arian:Xe/double-slash-try-3 arian:Xe/fix-cookie-prefix-stutter arian:Xe/metarefresh-randomly-refresh-header arian:Xe/contentLength-in-expressions arian:Xe/ssh-ci-no-uname-av arian:Xe/ssh-ci-arm64 arian:Xe/actorify arian:Xe/log-filters arian:Xe/decaymap-sync-map arian:Xe/use-typescript arian:Xe/containerbuild-support-commas arian:Xe/npmjs-secvuln-fix arian:json/signingnudge arian:Xe/embed-services-folder arian:Xe/demote-temporal-assurance arian:Xe/store-s3 arian:json/requireED25519 arian:fix/multibot arian:json/docs arian:Xe/redirect-domain-wildcard arian:Xe/fix-force-language arian:Xe/anti-assistant arian:Xe/fix-main arian:Xe/enhanced-temporal-reassurance arian:Xe/docker-buildx-bake2 arian:Xe-patch-1 arian:Xe/proof-of-react arian:Xe/decimal-nonce-post arian:Xe/fix-decimal-nonce arian:json/fixspelling arian:copilot/fix-bac27955-bb79-4b41-8954-7463ba8a52db arian:Xe/block-alibaba arian:Xe/block-huawei arian:Xe/1002-challenge-spent-field arian:Xe/funding-update-august-2025 arian:Xe/remove-hack arian:revert-952-dependabot/github_actions/github-actions-246dc3e5c9 arian:Xe/embed-challenge-id-in-generated-pages arian:Xe/silence-http-pipelining-error arian:Xe/remove-json-docs arian:Xe/fix-purejs-and-make-faster arian:Xe/purge-slow arian:Xe/allow-opengraph-response-urls arian:Xe/anubis-custom-logger arian:Xe/default-rules/customasynchttpclient arian:Xe/store-challenge-method-with-challenge arian:Xe/checks-v2 arian:Xe/cel-segments arian:Xe/chore-expose-thoth arian:Xe/test-xff-no-double-comma arian:Xe/nerf-try-again-button arian:Xe/test-palemoon arian:Xe/xss-fix-2 arian:Xe/xss-fix arian:release/v1.21.1 arian:Xe/v1.21.1-blogpost arian:Xe/russian-translation-with-fixes arian:Xe/fix-unknown-challenge-throw-new-challenge arian:Xe/web-event-loop-thrashing arian:Xe/promise-leak arian:revert-873-dependabot/go_modules/gomod-adef35df73 arian:Xe/osiris arian:dependabot/go_modules/gomod-adef35df73 arian:Xe/missing-header-function arian:Xe/smoke-test/caddy-and-unix-socket arian:Xe/ssh-ci/deflake arian:Xe/smoke-test/translations arian:release/v1.21.0 arian:Xe/health-ready-endpoints arian:Xe/ja4h arian:Xe/test-cookie-fix arian:Xe/docs-image-per-commit arian:Xe/smoke-test/git-push arian:Xe/git-server-test arian:Xe/disable-system-load-by-default arian:release/v1.21.0-pre2 arian:Xe/double-slash-try-2 arian:Xe/status-page arian:Xe/double-slash arian:Xe/changelog-mention-migration-breakage arian:Xe/nginx-micro arian:Xe/TI-20250709-0001 arian:Xe/thoth-client-dont-block-on-healthchecks arian:Xe/load-average arian:Xe/docs-remove-proof-of-work-branding arian:Xe/bbolt-cleanup-every-hour arian:Xe/optimize-bbolt arian:Xe/ogtags-use-store arian:Xe/devcontainer-playwright arian:Xe/store-interface arian:Xe/allow-commoncrawl arian:Xe/docs-botstopper arian:Xe/fix-anubis-systemd-runtimedir-instances arian:Xe/checker-registry arian:vic/set-cookies-to-secure arian:json/dup arian:Xe/docker-buildx-bake arian:Xe/valkey-2 arian:Xe/thr1 arian:Xe/v1.19.0-pre1 arian:Xe/thoth arian:Xe/valkey arian:wasm arian:Xe/expressions arian:Xe/go-tool-yeet arian:Xe/pkgserver arian:Xe/yeet-as-tool arian:release/v1.15.x arian:Xe/minimize-logging arian:revert-134-revert-120-Xe/cookie-settings arian:Xe/allow-internet-archive arian:Xe/hyper-galaxy-brain
arian:v1.25.0 arian:v1.24.0 arian:v1.24.0-pre1 arian:v1.23.1 arian:v1.23.0 arian:v1.23.0-pre2 arian:v1.23.0-pre1 arian:v1.22.0 arian:v1.22.0-pre2 arian:v1.22.0-pre1 arian:v1.21.3 arian:v1.21.2 arian:v1.21.1 arian:v1.21.0 arian:v1.21.0-pre3 arian:v1.21.0-pre2 arian:v1.21.0-pre1 arian:v1.20.0 arian:v1.20.0-pre2 arian:v1.20.0-pre1 arian:v1.19.1 arian:v1.19.0 arian:v1.19.0-pre1 arian:v1.18.0 arian:v1.18.0-pre1 arian:v1.17.1 arian:v1.17.0 arian:v1.17.0.signed arian:v1.17.0-beta4 arian:1.17.0-beta2 arian:v1.17.0-beta3 arian:v1.17.0-beta1 arian:v1.16.0 arian:v1.15.2 arian:v1.15.1 arian:v1.15.0 arian:v1.14.2 arian:v1.14.1 arian:v1.14.0 arian:v1.13.0 arian:v1.12.1
..
compare: arian:Xe/default-rules/customasynchttpclient
Branches Tags
arian:dependabot/go_modules/gomod-93cd730d29 arian:dependabot/github_actions/github-actions-96ace4fdb6 arian:dependabot/npm_and_yarn/npm-34965409cd arian:Xe/feat-main-challenge-uses-preact arian:main arian:Xe/faq-min-browser-version arian:Xe/ddwrt-logo arian:Xe/toggle-source arian:Xe/pprof-2 arian:Xe/ci-multiple-go-versions arian:Xe/experimental-windows-binary arian:Xe/go-sh-for-build-scripts arian:Xe/doc-disabling-jit arian:add-claude-github-actions-1773949601522 arian:json/fix-pow-deref arian:Xe/no-govulncheck arian:Xe/docs-systemd-logging-to-file arian:json/gofix arian:json/add-cel-iterator arian:Xe/haproxy-smoke-test arian:Xe/sponsor-logo-sync arian:Xe/agent-hints arian:Xe/contributing-commitlint-etc arian:json/add-back-comments arian:Xe/fix-preact-static-path arian:Xe/document-meta-default-config arian:Xe/bump-go arian:revert-1370-dependabot/go_modules/gomod-76b51a1623 arian:Xe/iplist2rule arian:Xe/fix-nginx-gha arian:fix/nginxsmoke arian:Xe/expose-pprof-in-metrics arian:Xe/serialize-memory arian:Xe/nginx-config-test arian:Xe/no-more-kindness arian:Xe/adjust-accept-rule arian:Xe/honeypot arian:Xe/demote-explicit-deny-logs arian:fix/pin-versions arian:Xe/deprecate-report_as arian:Xe/dependabot-cooldown arian:Xe/logrotate arian:Xe/go-mod-tidy-check arian:Xe/redis-sentinel arian:docs/fix-1080 arian:fix/ogtags-sni arian:fix/ci-go-mod arian:chore/gomodupdates arian:fix/CVE2025_24369-flakyness arian:fix/upgrade-playwright arian:fix/nilpointerpanic arian:Xe/metrics-for-weigh-matches arian:Xe/fix-docs-deploy arian:Xe/dont-cookie-host-implicitly arian:Xe/ensure-embed-folder-matches-embed-fs arian:Xe/more-docker-client-programs arian:Xe/add-asset-build-verification-workflow arian:Xe/gh-1252/docker-registry-client-fix arian:Xe/chrome-version-number-deweighing arian:Xe/blog/abuse-reports arian:Xe/unblock-tencent-cloud arian:Xe/fix-serve-robots-txt arian:Xe/analytics-so-i-can-get-grants arian:Xe/fix-open-redirect-subrequest arian:Xe/remove-copilot-instructions arian:Xe/checker.List-and-like arian:Xe/block-tencent-cloud arian:Xe/fix-bbolt-errors arian:Xe/get-started-environments arian:Xe/show-error-state arian:Xe/fix-webcrypto-detection arian:Xe/even-less-paranoid arian:Xe/unflake-lib-package arian:Xe/default-config-macro arian:Xe/preact-deprecate arian:Xe/less-paranoid arian:Xe/wasm3 arian:Xe/double-slash-xess arian:Xe/double-slash-try-3 arian:Xe/fix-cookie-prefix-stutter arian:Xe/metarefresh-randomly-refresh-header arian:Xe/contentLength-in-expressions arian:Xe/ssh-ci-no-uname-av arian:Xe/ssh-ci-arm64 arian:Xe/actorify arian:Xe/log-filters arian:Xe/decaymap-sync-map arian:Xe/use-typescript arian:Xe/containerbuild-support-commas arian:Xe/npmjs-secvuln-fix arian:json/signingnudge arian:Xe/embed-services-folder arian:Xe/demote-temporal-assurance arian:Xe/store-s3 arian:json/requireED25519 arian:fix/multibot arian:json/docs arian:Xe/redirect-domain-wildcard arian:Xe/fix-force-language arian:Xe/anti-assistant arian:Xe/fix-main arian:Xe/enhanced-temporal-reassurance arian:Xe/docker-buildx-bake2 arian:Xe-patch-1 arian:Xe/proof-of-react arian:Xe/decimal-nonce-post arian:Xe/fix-decimal-nonce arian:json/fixspelling arian:copilot/fix-bac27955-bb79-4b41-8954-7463ba8a52db arian:Xe/block-alibaba arian:Xe/block-huawei arian:Xe/1002-challenge-spent-field arian:Xe/funding-update-august-2025 arian:Xe/remove-hack arian:revert-952-dependabot/github_actions/github-actions-246dc3e5c9 arian:Xe/embed-challenge-id-in-generated-pages arian:Xe/silence-http-pipelining-error arian:Xe/remove-json-docs arian:Xe/fix-purejs-and-make-faster arian:Xe/purge-slow arian:Xe/allow-opengraph-response-urls arian:Xe/anubis-custom-logger arian:Xe/default-rules/customasynchttpclient arian:Xe/store-challenge-method-with-challenge arian:Xe/checks-v2 arian:Xe/cel-segments arian:Xe/chore-expose-thoth arian:Xe/test-xff-no-double-comma arian:Xe/nerf-try-again-button arian:Xe/test-palemoon arian:Xe/xss-fix-2 arian:Xe/xss-fix arian:release/v1.21.1 arian:Xe/v1.21.1-blogpost arian:Xe/russian-translation-with-fixes arian:Xe/fix-unknown-challenge-throw-new-challenge arian:Xe/web-event-loop-thrashing arian:Xe/promise-leak arian:revert-873-dependabot/go_modules/gomod-adef35df73 arian:Xe/osiris arian:dependabot/go_modules/gomod-adef35df73 arian:Xe/missing-header-function arian:Xe/smoke-test/caddy-and-unix-socket arian:Xe/ssh-ci/deflake arian:Xe/smoke-test/translations arian:release/v1.21.0 arian:Xe/health-ready-endpoints arian:Xe/ja4h arian:Xe/test-cookie-fix arian:Xe/docs-image-per-commit arian:Xe/smoke-test/git-push arian:Xe/git-server-test arian:Xe/disable-system-load-by-default arian:release/v1.21.0-pre2 arian:Xe/double-slash-try-2 arian:Xe/status-page arian:Xe/double-slash arian:Xe/changelog-mention-migration-breakage arian:Xe/nginx-micro arian:Xe/TI-20250709-0001 arian:Xe/thoth-client-dont-block-on-healthchecks arian:Xe/load-average arian:Xe/docs-remove-proof-of-work-branding arian:Xe/bbolt-cleanup-every-hour arian:Xe/optimize-bbolt arian:Xe/ogtags-use-store arian:Xe/devcontainer-playwright arian:Xe/store-interface arian:Xe/allow-commoncrawl arian:Xe/docs-botstopper arian:Xe/fix-anubis-systemd-runtimedir-instances arian:Xe/checker-registry arian:vic/set-cookies-to-secure arian:json/dup arian:Xe/docker-buildx-bake arian:Xe/valkey-2 arian:Xe/thr1 arian:Xe/v1.19.0-pre1 arian:Xe/thoth arian:Xe/valkey arian:wasm arian:Xe/expressions arian:Xe/go-tool-yeet arian:Xe/pkgserver arian:Xe/yeet-as-tool arian:release/v1.15.x arian:Xe/minimize-logging arian:revert-134-revert-120-Xe/cookie-settings arian:Xe/allow-internet-archive arian:Xe/hyper-galaxy-brain
arian:v1.25.0 arian:v1.24.0 arian:v1.24.0-pre1 arian:v1.23.1 arian:v1.23.0 arian:v1.23.0-pre2 arian:v1.23.0-pre1 arian:v1.22.0 arian:v1.22.0-pre2 arian:v1.22.0-pre1 arian:v1.21.3 arian:v1.21.2 arian:v1.21.1 arian:v1.21.0 arian:v1.21.0-pre3 arian:v1.21.0-pre2 arian:v1.21.0-pre1 arian:v1.20.0 arian:v1.20.0-pre2 arian:v1.20.0-pre1 arian:v1.19.1 arian:v1.19.0 arian:v1.19.0-pre1 arian:v1.18.0 arian:v1.18.0-pre1 arian:v1.17.1 arian:v1.17.0 arian:v1.17.0.signed arian:v1.17.0-beta4 arian:1.17.0-beta2 arian:v1.17.0-beta3 arian:v1.17.0-beta1 arian:v1.16.0 arian:v1.15.2 arian:v1.15.1 arian:v1.15.0 arian:v1.14.2 arian:v1.14.1 arian:v1.14.0 arian:v1.13.0 arian:v1.12.1

2 Commits
main ... Xe/default

Author SHA1 Message Date
Xe Iaso
cf44607f8f Merge branch 'main' into Xe/default-rules/customasynchttpclient 
Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>
 2025-07-26 20:36:43 -04:00
Xe Iaso
de796325bc feat(default-rules): add weight to Custom-AsyncHttpClient 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-25 16:17:17 +00:00
499 changed files with 5141 additions and 19248 deletions
Expand all files Collapse all files

13
.devcontainer/devcontainer.json
View File

@@ -2,7 +2,9 @@
// README at: https://github.com/devcontainers/templates/tree/main/src/debian
{
"name": "Dev",
"dockerComposeFile": ["./docker-compose.yaml"],
"dockerComposeFile": [
"./docker-compose.yaml"
],
"service": "workspace",
"workspaceFolder": "/workspace/anubis",
"postStartCommand": "bash ./.devcontainer/poststart.sh",
@@ -21,12 +23,7 @@
"a-h.templ",
"redhat.vscode-yaml",
"streetsidesoftware.code-spell-checker"
],
"settings": {
"chat.instructionsFilesLocations": {
".github/copilot-instructions.md": true
}
}
]
}
}
}
}

3
.github/FUNDING.yml vendored
View File

@@ -1,3 +1,2 @@
patreon: cadey
github: xe
liberapay: Xe
github: xe

60
.github/ISSUE_TEMPLATE/bug_report.yaml vendored
View File

@@ -1,60 +0,0 @@
name: Bug report
description: Create a report to help us improve
body:
- type: textarea
id: description-of-bug
attributes:
label: Describe the bug
description: A clear and concise description of what the bug is.
placeholder: I can reliably get an error when...
validations:
required: true
- type: textarea
id: steps-to-reproduce
attributes:
label: Steps to reproduce
description: |
Steps to reproduce the behavior.
placeholder: |
1. Go to the following url...
2. Click on...
3. You get the following error: ...
validations:
required: true
- type: textarea
id: expected-behavior
attributes:
label: Expected behavior
description: |
A clear and concise description of what you expected to happen.
Ideally also describe *why* you expect it to happen.
placeholder: Instead of displaying an error, it would...
validations:
required: true
- type: input
id: version-os
attributes:
label: Your operating system and its version.
description: Unsure? Visit https://whatsmyos.com/
placeholder: Android 13
validations:
required: true
- type: input
id: version-browser
attributes:
label: Your browser and its version.
description: Unsure? Visit https://www.whatsmybrowser.org/
placeholder: Firefox 142
validations:
required: true
- type: textarea
id: additional-context
attributes:
label: Additional context
description: Add any other context about the problem here.

5
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@@ -1,5 +0,0 @@
blank_issues_enabled: false
contact_links:
- name: Security
url: https://techaro.lol/contact
about: Do not file security reports here. Email security@techaro.lol.

39
.github/ISSUE_TEMPLATE/feature_request.yaml vendored
View File

@@ -1,39 +0,0 @@
name: Feature request
description: Suggest an idea for this project
title: "[Feature request] "
body:
- type: textarea
id: description-of-bug
attributes:
label: Is your feature request related to a problem? Please describe.
description: A clear and concise description of what the problem is that made you submit this report.
placeholder: I am always frustrated, when...
validations:
required: true
- type: textarea
id: description-of-solution
attributes:
label: Solution you would like.
description: A clear and concise description of what you want to happen.
placeholder: Instead of behaving like this, there should be...
validations:
required: true
- type: textarea
id: alternatives
attributes:
label: Describe alternatives you have considered.
description: A clear and concise description of any alternative solutions or features you have considered.
placeholder: Another workaround that would work, is...
validations:
required: false
- type: textarea
id: additional-context
attributes:
label: Additional context
description: Add any other context (such as mock-ups, proof of concepts or screenshots) about the feature request here.
validations:
required: false

5
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -1,12 +1,11 @@
<!--
delete me and describe your change here, give enough context for a maintainer to understand what and why
See https://github.com/TecharoHQ/anubis/blob/main/CONTRIBUTING.md for more information
See https://anubis.techaro.lol/docs/developer/code-quality for more information
-->
Checklist:
- [ ] Added a description of the changes to the `[Unreleased]` section of docs/docs/CHANGELOG.md
- [ ] Added test cases to [the relevant parts of the codebase](https://github.com/TecharoHQ/anubis/blob/main/CONTRIBUTING.md)
- [ ] Added test cases to [the relevant parts of the codebase](https://anubis.techaro.lol/docs/developer/code-quality)
- [ ] Ran integration tests `npm run test:integration` (unsupported on Windows, please use WSL)
- [ ] All of my commits have [verified signatures](https://anubis.techaro.lol/docs/developer/signed-commits)

24
.github/actions/spelling/README.md vendored
View File

@@ -1,17 +1,17 @@
# check-spelling/check-spelling configuration
| File | Purpose | Format | Info |
| -------------------------------------------------- | -------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| [dictionary.txt](dictionary.txt) | Replacement dictionary (creating this file will override the default dictionary) | one word per line | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary) |
| [allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow) |
| [reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject) |
| [excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes) |
| [only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only) |
| [patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) |
| [candidate.patterns](candidate.patterns) | Patterns that might be worth adding to [patterns.txt](patterns.txt) | perl regular expression with optional comment block introductions (all matches will be suggested) | [candidates](https://github.com/check-spelling/check-spelling/wiki/Feature:-Suggest-patterns) |
| [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) |
| [expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect) |
| [advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice) |
File | Purpose | Format | Info
-|-|-|-
[dictionary.txt](dictionary.txt) | Replacement dictionary (creating this file will override the default dictionary) | one word per line | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary)
[allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow)
[reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject)
[excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes)
[only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only)
[patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
[candidate.patterns](candidate.patterns) | Patterns that might be worth adding to [patterns.txt](patterns.txt) | perl regular expression with optional comment block introductions (all matches will be suggested) | [candidates](https://github.com/check-spelling/check-spelling/wiki/Feature:-Suggest-patterns)
[line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
[expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect)
[advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice)
Note: you can replace any of these files with a directory by the same name (minus the suffix)
and then include multiple files inside that directory (with that suffix) to merge multiple files together.

19
.github/actions/spelling/advice.md vendored
View File

@@ -2,27 +2,30 @@
<details><summary>If the flagged items are :exploding_head: false positives</summary>
If items relate to a ...
- binary file (or some other file you wouldn't want to check at all).
* binary file (or some other file you wouldn't want to check at all).
Please add a file path to the `excludes.txt` file matching the containing file.
File paths are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files.
File paths are Perl 5 Regular Expressions - you can [test](
https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files.
`^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](../tree/HEAD/README.md) (on whichever branch you're using).
`^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](
../tree/HEAD/README.md) (on whichever branch you're using).
- well-formed pattern.
* well-formed pattern.
If you can write a [pattern](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns) that would match it,
If you can write a [pattern](
https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns
) that would match it,
try adding it to the `patterns.txt` file.
Patterns are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines.
Patterns are Perl 5 Regular Expressions - you can [test](
https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines.
Note that patterns can't match multiline strings.
</details>
<!-- adoption information-->
:steam_locomotive: If you're seeing this message and your PR is from a branch that doesn't have check-spelling,
please merge to your PR's base branch to get the version configured for your repository.

32
.github/actions/spelling/allow.txt vendored
View File

@@ -4,34 +4,4 @@ ssh
ubuntu
workarounds
rjack
msgbox
xeact
ABee
tencent
maintnotifications
azurediamond
cooldown
verifyfcrdns
Spintax
spintax
clampip
pseudoprofound
reimagining
iocaine
admins
fout
iplist
NArg
blocklists
rififi
prolocation
Prolocation
Necron
Stargate
FFXIV
uvensys
de
resourced
envoyproxy
unipromos
Samsung
msgbox

11
.github/actions/spelling/excludes.txt vendored
View File

@@ -87,14 +87,9 @@
^docs/docs/user/known-instances.md$
^docs/manifest/.*$
^docs/static/\.nojekyll$
^internal/glob/glob_test.go$
^internal/honeypot/naive/affirmations\.txt$
^internal/honeypot/naive/spintext\.txt$
^internal/honeypot/naive/titles\.txt$
^lib/config/testdata/bad/unparseable\.json$
^lib/localization/.*_test.go$
^lib/localization/locales/.*\.json$
^lib/policy/config/testdata/bad/unparseable\.json$
^test/.*$
ignore$
robots.txt
^lib/localization/locales/.*\.json$
^lib/localization/.*_test.go$
^test/.*$

99
.github/actions/spelling/expect.txt vendored
View File

@@ -1,21 +1,12 @@
acs
Actorified
actorifiedstore
actorify
agentic
Aibrew
alibaba
alrest
amazonbot
anexia
anthro
anubis
anubistest
apnic
APNICRANDNETAU
Applebot
archlinux
arpa
asnc
asnchecker
asns
@@ -26,7 +17,6 @@ badregexes
bbolt
bdba
berr
bezier
bingbot
Bitcoin
bitrate
@@ -39,7 +29,6 @@ botstopper
BPort
Brightbot
broked
buildah
byteslice
Bytespider
cachebuster
@@ -63,24 +52,19 @@ checkresult
chibi
cidranger
ckie
CLAUDE
ckies
cloudflare
cloudsolutions
Codespaces
confd
connnection
containerbuild
containerregistry
coreutils
Cotoyogi
Cromite
crt
Cscript
daemonizing
databento
dayjob
dco
DDOS
ddwrt
Debian
debrpm
decaymap
@@ -92,18 +76,15 @@ distros
dnf
dnsbl
dnserr
DNSTTL
domainhere
dracula
dronebl
droneblresponse
dropin
dsilence
duckduckbot
eerror
ellenjoe
emacs
embe
enbyware
etld
everyones
@@ -115,20 +96,14 @@ externalfetcher
extldflags
facebookgo
Factset
fahedouch
fastcgi
FCr
fcrdns
fediverse
ffprobe
fhdr
financials
finfos
Firecrawl
flagenv
Fordola
forgejo
forwardauth
fsys
fullchain
gaissmai
@@ -136,13 +111,9 @@ Galvus
geoip
geoipchecker
gha
GHSA
Ghz
gipc
gitea
GLM
godotenv
goimports
goland
gomod
goodbot
@@ -153,37 +124,27 @@ goyaml
GPG
GPT
gptbot
Graphene
grpcprom
grw
gzw
Hashcash
hashrate
hdr
headermap
healthcheck
healthz
hec
helpdesk
Hetzner
hmc
homelab
hostable
HSTS
htmlc
htmx
httpdebug
huawei
Huawei
hypertext
iaskspider
iaso
iat
ifm
Imagesift
imgproxy
impressum
inbox
ingressed
inp
internets
IPTo
@@ -194,7 +155,6 @@ isset
ivh
Jenomis
JGit
jhjj
joho
journalctl
jshelter
@@ -210,18 +170,18 @@ lcj
ldflags
letsencrypt
Lexentale
lfc
lgbt
licend
licstart
lightpanda
limsa
Linting
listor
linuxbrew
LLU
loadbalancer
lol
lominsa
maintainership
malware
mcr
memes
@@ -230,43 +190,31 @@ metrix
mimi
Minfilia
mistralai
mnt
Mojeek
mojeekbot
mozilla
myclient
mymaster
mypass
myuser
nbf
nepeat
netsurf
nginx
nicksnyder
nikandfor
nobots
NONINFRINGEMENT
nosleep
nullglob
oci
OCOB
ogtag
oklch
ogtags
omgili
omgilibot
openai
opendns
opengraph
openrc
oswald
pag
pagegen
palemoon
Pangu
parseable
passthrough
Patreon
perplexitybot
pgrep
phrik
pidfile
@@ -275,7 +223,6 @@ pipefail
pki
podkova
podman
Postgre
poststart
prebaked
privkey
@@ -283,7 +230,6 @@ promauto
promhttp
proofofwork
publicsuffix
purejs
pwcmd
pwuser
qualys
@@ -292,23 +238,20 @@ qwantbot
rac
rawler
rcvar
rdb
redhat
redir
redirectscheme
refactors
remoteip
reputational
Rhul
risc
ruleset
runlevels
RUnlock
runtimedir
runtimedirectory
Ryzen
sas
sasl
screenshots
searchbot
searx
sebest
@@ -318,25 +261,19 @@ Seo
setsebool
shellcheck
shirou
shoneypot
shopt
Sidetrade
simprint
sitemap
sls
sni
snipster
Spambot
spammer
sparkline
spyderbot
srcip
srv
stackoverflow
startprecmd
stoppostcmd
storetest
strcmp
subgrid
subr
subrequest
@@ -344,12 +281,10 @@ SVCNAME
tagline
tarballs
tarrif
taviso
tbn
tbr
techaro
techarohq
telegrambot
templ
templruntime
testarea
@@ -358,17 +293,13 @@ thoth
thothmock
Tik
Timpibot
TLog
traefik
trunc
txn
uberspace
Unbreak
unbreakdocker
unifiedjs
unmarshal
unparseable
updown
uvx
UXP
valkey
@@ -376,27 +307,24 @@ Varis
Velen
vendored
vhosts
vkbot
videotest
VKE
vnd
VPS
Vultr
WAIFU
waitloop
weblate
webmaster
webpage
websecure
websites
Webzio
whois
wildbase
withthothmock
wolfbeast
wordpress
workaround
Workaround
workdir
wpbot
XCircle
Xeact
xeiaso
xeserv
xesite
@@ -405,18 +333,15 @@ xff
XForwarded
XNG
XOB
XOriginal
XReal
Y'shtola
yae
YAMLTo
Yda
yeet
yeetfile
yourdomain
yoursite
yyz
Zenos
zizmor
zombocom
zos
zst

6
.github/dependabot.yml vendored
View File

@@ -8,8 +8,6 @@ updates:
github-actions:
patterns:
- "*"
cooldown:
default-days: 7
- package-ecosystem: gomod
directory: /
@@ -19,8 +17,6 @@ updates:
gomod:
patterns:
- "*"
cooldown:
default-days: 7
- package-ecosystem: npm
directory: /
@@ -30,5 +26,3 @@ updates:
npm:
patterns:
- "*"
cooldown:
default-days: 7

72
.github/workflows/asset-verification.yml vendored
View File

@@ -1,72 +0,0 @@
name: Asset Build Verification
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
permissions:
contents: read
jobs:
asset_verification:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: build essential
run: |
sudo apt-get update
sudo apt-get install -y build-essential
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: "24.11.0"
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "1.25.7"
- name: install node deps
run: |
npm ci
- name: Check for uncommitted changes before asset build
id: check-changes-before
run: |
if [[ -n $(git status --porcelain) ]]; then
echo "has_changes=true" >> $GITHUB_OUTPUT
else
echo "has_changes=false" >> $GITHUB_OUTPUT
fi
- name: Fail if there are uncommitted changes before build
if: steps.check-changes-before.outputs.has_changes == 'true'
run: |
echo "There are uncommitted changes before running npm run assets"
git status
exit 1
- name: Run asset build
run: |
npm run assets
- name: Check for uncommitted changes after asset build
id: check-changes-after
run: |
if [[ -n $(git status --porcelain) ]]; then
echo "has_changes=true" >> $GITHUB_OUTPUT
else
echo "has_changes=false" >> $GITHUB_OUTPUT
fi
- name: Fail if assets generated changes
if: steps.check-changes-after.outputs.has_changes == 'true'
run: |
echo "npm run assets generated uncommitted changes. This indicates the repository has outdated generated files."
echo "Please run 'npm run assets' locally and commit the changes."
git status
git diff
exit 1

9
.github/workflows/dco-check.yaml vendored
View File

@@ -1,9 +0,0 @@
name: DCO Check
on: [pull_request]
jobs:
dco_check:
runs-on: ubuntu-latest
steps:
- uses: tisonkun/actions-dco@f1024cd563550b5632e754df11b7d30b73be54a5 # v1.1

40
.github/workflows/docker-pr.yml vendored
View File

@@ -2,7 +2,7 @@ name: Docker image builds (pull requests)
on:
pull_request:
branches: ["main"]
branches: [ "main" ]
env:
DOCKER_METADATA_SET_OUTPUT_ENV: "true"
@@ -15,29 +15,39 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-tags: true
fetch-depth: 0
persist-credentials: false
- name: build essential
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@main
- name: Setup Homebrew cellar cache
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: |
/home/linuxbrew/.linuxbrew/Cellar
/home/linuxbrew/.linuxbrew/bin
/home/linuxbrew/.linuxbrew/etc
/home/linuxbrew/.linuxbrew/include
/home/linuxbrew/.linuxbrew/lib
/home/linuxbrew/.linuxbrew/opt
/home/linuxbrew/.linuxbrew/sbin
/home/linuxbrew/.linuxbrew/share
/home/linuxbrew/.linuxbrew/var
key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
restore-keys: |
${{ runner.os }}-go-homebrew-cellar-
- name: Install Brew dependencies
run: |
sudo apt-get update
sudo apt-get install -y build-essential
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: "24.11.0"
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "stable"
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
brew bundle
- name: Docker meta
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: ghcr.io/${{ github.repository }}

42
.github/workflows/docker.yml vendored
View File

@@ -21,32 +21,42 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-tags: true
fetch-depth: 0
persist-credentials: false
- name: build essential
run: |
sudo apt-get update
sudo apt-get install -y build-essential
- name: Set lowercase image name
run: |
echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: "24.11.0"
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "stable"
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@main
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
- name: Setup Homebrew cellar cache
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: |
/home/linuxbrew/.linuxbrew/Cellar
/home/linuxbrew/.linuxbrew/bin
/home/linuxbrew/.linuxbrew/etc
/home/linuxbrew/.linuxbrew/include
/home/linuxbrew/.linuxbrew/lib
/home/linuxbrew/.linuxbrew/opt
/home/linuxbrew/.linuxbrew/sbin
/home/linuxbrew/.linuxbrew/share
/home/linuxbrew/.linuxbrew/var
key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
restore-keys: |
${{ runner.os }}-go-homebrew-cellar-
- name: Install Brew dependencies
run: |
brew bundle
- name: Log into registry
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -54,7 +64,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: ${{ env.IMAGE }}
@@ -68,7 +78,7 @@ jobs:
SLOG_LEVEL: debug
- name: Generate artifact attestation
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
with:
subject-name: ${{ env.IMAGE }}
subject-digest: ${{ steps.build.outputs.digest }}

14
.github/workflows/docs-deploy.yml vendored
View File

@@ -17,15 +17,15 @@ jobs:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Log into registry
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: techarohq
@@ -33,7 +33,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: ghcr.io/techarohq/anubis/docs
tags: |
@@ -42,7 +42,7 @@ jobs:
- name: Build and push
id: build
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: ./docs
cache-to: type=gha
@@ -53,14 +53,14 @@ jobs:
push: true
- name: Apply k8s manifests to limsa lominsa
uses: actions-hub/kubectl@934aaa4354bbbc3d2176ae8d7cae92d515032dff # v1.35.3
uses: actions-hub/kubectl@b5b19eeb6a0ffde16637e398f8b96ef01eb8fdb7 # v1.33.3
env:
KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }}
with:
args: apply -k docs/manifest
- name: Apply k8s manifests to limsa lominsa
uses: actions-hub/kubectl@934aaa4354bbbc3d2176ae8d7cae92d515032dff # v1.35.3
uses: actions-hub/kubectl@b5b19eeb6a0ffde16637e398f8b96ef01eb8fdb7 # v1.33.3
env:
KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }}
with:

8
.github/workflows/docs-test.yml vendored
View File

@@ -13,16 +13,16 @@ jobs:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Docker meta
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: ghcr.io/techarohq/anubis/docs
tags: |
@@ -31,7 +31,7 @@ jobs:
- name: Build and push
id: build
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: ./docs
cache-to: type=gha

76
.github/workflows/go-mod-tidy-check.yml vendored
View File

@@ -1,76 +0,0 @@
name: Go Mod Tidy Check
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
permissions:
contents: read
jobs:
go_mod_tidy_check:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "stable"
- name: Check go.mod and go.sum in main directory
run: |
# Store original file state
cp go.mod go.mod.orig
cp go.sum go.sum.orig
# Run go mod tidy
go mod tidy
# Check if files changed
if ! diff -q go.mod.orig go.mod > /dev/null 2>&1; then
echo "ERROR: go.mod in main directory has changed after running 'go mod tidy'"
echo "Please run 'go mod tidy' locally and commit the changes"
diff go.mod.orig go.mod
exit 1
fi
if ! diff -q go.sum.orig go.sum > /dev/null 2>&1; then
echo "ERROR: go.sum in main directory has changed after running 'go mod tidy'"
echo "Please run 'go mod tidy' locally and commit the changes"
diff go.sum.orig go.sum
exit 1
fi
echo "SUCCESS: go.mod and go.sum in main directory are tidy"
- name: Check go.mod and go.sum in test directory
run: |
cd test
# Store original file state
cp go.mod go.mod.orig
cp go.sum go.sum.orig
# Run go mod tidy
go mod tidy
# Check if files changed
if ! diff -q go.mod.orig go.mod > /dev/null 2>&1; then
echo "ERROR: go.mod in test directory has changed after running 'go mod tidy'"
echo "Please run 'go mod tidy' locally and commit the changes"
diff go.mod.orig go.mod
exit 1
fi
if ! diff -q go.sum.orig go.sum > /dev/null 2>&1; then
echo "ERROR: go.sum in test directory has changed after running 'go mod tidy'"
echo "Please run 'go mod tidy' locally and commit the changes"
diff go.sum.orig go.sum
exit 1
fi
echo "SUCCESS: go.mod and go.sum in test directory are tidy"

107
.github/workflows/go.yml vendored
View File

@@ -2,9 +2,9 @@ name: Go
on:
push:
branches: ["main"]
branches: [ "main" ]
pull_request:
branches: ["main"]
branches: [ "main" ]
permissions:
contents: read
@@ -15,50 +15,77 @@ jobs:
#runs-on: alrest-techarohq
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: build essential
run: |
sudo apt-get update
sudo apt-get install -y build-essential
- name: build essential
run: |
sudo apt-get update
sudo apt-get install -y build-essential
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: "24.11.0"
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "stable"
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@main
- name: Cache playwright binaries
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
id: playwright-cache
with:
path: |
~/.cache/ms-playwright
key: ${{ runner.os }}-playwright-${{ hashFiles('**/go.sum') }}
- name: Setup Homebrew cellar cache
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: |
/home/linuxbrew/.linuxbrew/Cellar
/home/linuxbrew/.linuxbrew/bin
/home/linuxbrew/.linuxbrew/etc
/home/linuxbrew/.linuxbrew/include
/home/linuxbrew/.linuxbrew/lib
/home/linuxbrew/.linuxbrew/opt
/home/linuxbrew/.linuxbrew/sbin
/home/linuxbrew/.linuxbrew/share
/home/linuxbrew/.linuxbrew/var
key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
restore-keys: |
${{ runner.os }}-go-homebrew-cellar-
- name: install node deps
run: |
npm ci
- name: Install Brew dependencies
run: |
brew bundle
- name: install playwright browsers
run: |
npx --no-install playwright@1.52.0 install --with-deps
npx --no-install playwright@1.52.0 run-server --port 9001 &
- name: Setup Golang caches
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-golang-
- name: Build
run: npm run build
- name: Cache playwright binaries
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
id: playwright-cache
with:
path: |
~/.cache/ms-playwright
key: ${{ runner.os }}-playwright-${{ hashFiles('**/go.sum') }}
- name: Test
run: npm run test
- name: install node deps
run: |
npm ci
- name: Lint with staticcheck
uses: dominikh/staticcheck-action@9716614d4101e79b4340dd97b10e54d68234e431 # v1.4.1
with:
version: "latest"
- name: install playwright browsers
run: |
npx --no-install playwright@1.52.0 install --with-deps
npx --no-install playwright@1.52.0 run-server --port 9001 &
- name: Govulncheck
run: |
go tool govulncheck ./... ||:
- name: Build
run: npm run build
- name: Test
run: npm run test
- name: Lint with staticcheck
uses: dominikh/staticcheck-action@024238d2898c874f26d723e7d0ff4308c35589a2 # v1.4.0
with:
version: "latest"
- name: Govulncheck
run: |
go tool govulncheck ./...

19
.github/workflows/lint-pr-title.yaml vendored
View File

@@ -1,19 +0,0 @@
name: "Lint PR"
on:
pull_request_target:
types:
- opened
- edited
- synchronize
jobs:
lint_pr_title:
name: Validate PR title
runs-on: ubuntu-latest
permissions:
pull-requests: read
steps:
- uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

37
.github/workflows/package-builds-stable.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
#runs-on: alrest-techarohq
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-tags: true
@@ -25,12 +25,39 @@ jobs:
sudo apt-get update
sudo apt-get install -y build-essential
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@main
- name: Setup Homebrew cellar cache
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
node-version: "24.11.0"
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
path: |
/home/linuxbrew/.linuxbrew/Cellar
/home/linuxbrew/.linuxbrew/bin
/home/linuxbrew/.linuxbrew/etc
/home/linuxbrew/.linuxbrew/include
/home/linuxbrew/.linuxbrew/lib
/home/linuxbrew/.linuxbrew/opt
/home/linuxbrew/.linuxbrew/sbin
/home/linuxbrew/.linuxbrew/share
/home/linuxbrew/.linuxbrew/var
key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
restore-keys: |
${{ runner.os }}-go-homebrew-cellar-
- name: Install Brew dependencies
run: |
brew bundle
- name: Setup Golang caches
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
go-version: "stable"
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-golang-
- name: install node deps
run: |

81
.github/workflows/package-builds-unstable.yml vendored
View File

@@ -2,9 +2,9 @@ name: Package builds (unstable)
on:
push:
branches: ["main"]
branches: [ "main" ]
pull_request:
branches: ["main"]
branches: [ "main" ]
permissions:
contents: read
@@ -15,33 +15,60 @@ jobs:
#runs-on: alrest-techarohq
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
fetch-tags: true
fetch-depth: 0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-tags: true
fetch-depth: 0
- name: build essential
run: |
sudo apt-get update
sudo apt-get install -y build-essential
- name: build essential
run: |
sudo apt-get update
sudo apt-get install -y build-essential
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: "24.11.0"
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "stable"
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@main
- name: install node deps
run: |
npm ci
- name: Setup Homebrew cellar cache
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: |
/home/linuxbrew/.linuxbrew/Cellar
/home/linuxbrew/.linuxbrew/bin
/home/linuxbrew/.linuxbrew/etc
/home/linuxbrew/.linuxbrew/include
/home/linuxbrew/.linuxbrew/lib
/home/linuxbrew/.linuxbrew/opt
/home/linuxbrew/.linuxbrew/sbin
/home/linuxbrew/.linuxbrew/share
/home/linuxbrew/.linuxbrew/var
key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
restore-keys: |
${{ runner.os }}-go-homebrew-cellar-
- name: Build Packages
run: |
go tool yeet
- name: Install Brew dependencies
run: |
brew bundle
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: packages
path: var/*
- name: Setup Golang caches
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-golang-
- name: install node deps
run: |
npm ci
- name: Build Packages
run: |
go tool yeet
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: packages
path: var/*

20
.github/workflows/smoke-tests.yml vendored
View File

@@ -14,32 +14,26 @@ jobs:
strategy:
matrix:
test:
- default-config-macro
- docker-registry
- double_slash
- forced-language
- git-clone
- git-push
- healthcheck
- i18n
- log-file
- nginx
- palemoon/amd64
#- palemoon/i386
- robots_txt
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: "24.11.0"
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
node-version: latest
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: "stable"
go-version: stable
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
@@ -57,7 +51,7 @@ jobs:
run: echo "ARTIFACT_NAME=${{ matrix.test }}" | sed 's|/|-|g' >> $GITHUB_ENV
- name: Upload artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
if: always()
with:
name: ${{ env.ARTIFACT_NAME }}

12
.github/workflows/spelling.yml vendored
View File

@@ -59,16 +59,16 @@ name: Check Spelling
on:
push:
branches:
- "**"
- '**'
tags-ignore:
- "**"
- '**'
pull_request:
branches:
- "**"
- '**'
types:
- "opened"
- "reopened"
- "synchronize"
- 'opened'
- 'reopened'
- 'synchronize'
jobs:
spelling:

6
.github/workflows/ssh-ci-runner-cron.yml vendored
View File

@@ -18,19 +18,19 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-tags: true
fetch-depth: 0
persist-credentials: false
- name: Log into registry
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Build and push
run: |
cd ./test/ssh-ci

17
.github/workflows/ssh-ci.yml vendored
View File

@@ -12,33 +12,30 @@ permissions:
jobs:
ssh:
if: github.repository == 'TecharoHQ/anubis'
#runs-on: alrest-techarohq
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
strategy:
matrix:
host:
- riscv64
- ppc64le
#- aarch64-4k
#- aarch64-16k
- ubuntu@riscv64.techaro.lol
- ci@ppc64le.techaro.lol
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-tags: true
fetch-depth: 0
persist-credentials: false
- name: Install CI target SSH key
uses: shimataro/ssh-key-action@6b84f2e793b32fa0b03a379cadadec75cc539391 # v2.8.0
uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2.7.0
with:
key: ${{ secrets.CI_SSH_KEY }}
name: id_rsa
known_hosts: ${{ secrets.CI_SSH_KNOWN_HOSTS }}
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: "stable"
go-version: stable
- name: Run CI
run: go run ./utils/cmd/backoff-retry bash test/ssh-ci/rigging.sh ${{ matrix.host }}

22
.github/workflows/zizmor.yml vendored
View File

@@ -1,12 +1,12 @@
name: zizmor
on:
push:
paths:
- ".github/workflows/*.ya?ml"
pull_request:
paths:
- ".github/workflows/*.ya?ml"
push:
paths:
- '.github/workflows/*.ya?ml'
pull_request:
paths:
- '.github/workflows/*.ya?ml'
jobs:
zizmor:
@@ -16,20 +16,20 @@ jobs:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Install the latest version of uv
uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
uses: astral-sh/setup-uv@7edac99f961f18b581bbd960d59d049f04c0002f # v6.4.1
- name: Run zizmor 🌈
run: uvx zizmor --format sarif . > results.sarif
run: uvx zizmor --format sarif . > results.sarif
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
with:
sarif_file: results.sarif
category: zizmor

8
.husky/commit-msg
View File

@@ -1,8 +0,0 @@
npx --no-install commitlint --edit "$1"
# Check if commit message contains Signed-off-by line
if ! grep -q "^Signed-off-by:" "$1"; then
echo "Commit message must contain a 'Signed-off-by:' line."
echo "Please use 'git commit --signoff' or add a Signed-off-by line to your commit message."
exit 1
fi

2
.husky/pre-commit
View File

@@ -1,2 +0,0 @@
npm run lint
npm run test

18
.ko.yaml
View File

@@ -1,13 +1,13 @@
defaultBaseImage: cgr.dev/chainguard/static
defaultPlatforms:
- linux/arm64
- linux/amd64
- linux/arm/v7
- linux/arm64
- linux/amd64
- linux/arm/v7
builds:
- id: anubis
main: ./cmd/anubis
ldflags:
- -s -w
- -extldflags "-static"
- -X github.com/TecharoHQ/anubis.Version={{.Env.VERSION}}
- id: anubis
main: ./cmd/anubis
ldflags:
- -s -w
- -extldflags "-static"
- -X github.com/TecharoHQ/anubis.Version={{.Env.VERSION}}

4
.prettierignore
View File

@@ -1,4 +0,0 @@
lib/config/testdata/bad/*
*.inc
AGENTS.md
CLAUDE.md

2
.vscode/extensions.json vendored
View File

@@ -8,4 +8,4 @@
"redhat.vscode-yaml",
"streetsidesoftware.code-spell-checker"
]
}
}

2
.vscode/launch.json vendored
View File

@@ -24,4 +24,4 @@
"type": "node-terminal"
}
]
}
}

75
AGENTS.md
View File

@@ -1,75 +0,0 @@
# Agent instructions
Primary agent documentation is in `CONTRIBUTING.md`. You MUST read this file before proceeding.
## Useful Commands
```shell
npm ci # install node dependencies
npm run assets # build JS/CSS (required before any Go build/test)
npm run build # assets + go build -> ./var/anubis
npm run dev # assets + run locally with --use-remote-address
```
## Testing
```shell
npm run test
```
## Linting
```shell
go vet ./...
go tool staticcheck ./...
go tool govulncheck ./...
```
## Commit Messages
Commit messages follow the [**Conventional Commits**](https://www.conventionalcommits.org/en/v1.0.0/) format:
```text
<type>[optional scope]: <description>
[optional body]
[optional footer(s)]
```
**Types**: `feat`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `build`, `ci`, `chore`, `revert`
- Add `!` after type/scope for breaking changes or include `BREAKING CHANGE:` in the footer.
- Keep descriptions concise, imperative, lowercase, and without a trailing period.
- Reference issues/PRs in the footer when applicable.
- **ALL git commits MUST be made with `--signoff`.** This is mandatory.
### Attribution Requirements
AI agents must disclose what tool and model they are using in the "Assisted-by" commit footer:
```text
Assisted-by: [Model Name] via [Tool Name]
```
Example:
```text
Assisted-by: GLM 4.6 via Claude Code
```
## PR Checklist
- Add description of changes to `[Unreleased]` in `docs/docs/CHANGELOG.md`.
- Add test cases for bug fixes and behavior changes.
- Run integration tests: `npm run test:integration`.
- All commits must have verified (signed) signatures.
## Key Conventions
- **Security-first**: This is security software. Code reviews are strict. Always add tests for bug fixes. Consider adversarial inputs.
- **Configuration**: YAML-based policy files. Config structs validate via `Valid() error` methods returning sentinel errors.
- **Store interface**: `lib/store.Interface` abstracts key-value storage.
- **Environment variables**: Parsed from flags via `flagenv`. Use `.env` files locally (loaded by `godotenv/autoload`). Never commit `.env` files.
- **Assets must be built first**: JS/CSS assets are embedded into the Go binary. Always run `npm run assets` before `go test` or `go build`.
- **CEL expressions**: Policy rules support CEL (Common Expression Language) expressions for advanced matching. See `lib/policy/expressions/`.

2
CLAUDE.md
View File

@@ -1,2 +0,0 @@
@AGENTS.md
@CONTRIBUTING.md

144
CONTRIBUTING.md
View File

@@ -1,144 +0,0 @@
# Contributing to Anubis
Anubis is a Web AI Firewall Utility (WAIFU) written in Go. It uses sha256 proof-of-work challenges to protect upstream HTTP resources from scraper bots. This is security software -- correctness matters.
## Build & Run
Prerequisites: Go 1.24+, Node.js (any supported version), esbuild, gzip, zstd, brotli. Install all with `brew bundle` if you are using Homebrew.
```shell
npm ci # install node dependencies
npm run assets # build JS/CSS (required before any Go build/test)
npm run build # assets + go build -> ./var/anubis
npm run dev # assets + run locally with --use-remote-address
```
## Testing
```shell
# Run all unit tests (assets must be built first)
npm run test # or: make test
# Run a single test by name
go test -run TestClampIP ./internal/
# Run a single test file's package
go test ./lib/config/
# Run tests with verbose output
go test -v -run TestBotValid ./lib/config/
```
### Smoke tests
The `tests` folder contains "smoke tests" that are intended to set up Anubis in production-adjacent settings and testing it against real infrastructure tools. A smoke test is a folder with `test.sh` that sets up infrastructure, validates the behaviour, and then tears it down. Smoke tests are run in GitHub actions with `.github/workflows/smoke-tests.yaml`.
## Linting
```shell
go vet ./...
go tool staticcheck ./...
go tool govulncheck ./...
```
## Code Generation
The project uses `go generate` for templ templates and stringer. Always run `npm run generate` (or `make assets`) before building or testing. Generated files include:
- `web/*.templ` -> templ-generated Go code
- `web/static/` -> bundled/minified JS and CSS (with .gz, .zst, .br variants)
## Project Layout
Important folders:
- `cmd/anubis`: Main entrypoint for the project. This is the program that runs on servers.
- `lib/*`: The core library for Anubis and all of its features. This is internal code that is made public for ease of downstream consumption. No API stability is guaranteed. Use at your own risk.
- `internal/*`: Actual internal code that is private to the implementation of Anubis. If you need to use a package in this, please copy it out and manually vendor it in your own project.
- `test/*` Smoke tests (see dedicated section for details).
- `web`: Frontend HTML templates.
- `xess`: Frontend CSS framework and build logic.
## Code Style
### Go
This project follows the idioms of the Go standard library. Generally follow the patterns that upstream Go uses, including:
- Prefer packages from the standard library unless there is no other option.
- Use package import aliases only when package names collide.
- Use `goimports` to format code. Run with `npm run format`.
- Use sentinel errors as package-level variables prefixed with `Err` (such as `ErrBotMustHaveName`). Wrap with `fmt.Errorf("package: small message giving context: %w", err)`.
- Use `log/slog` for structured logging. Pass loggers as arguments to functions. Use `lg.With` to preload with context. Prefer using `slog.Debug` unless you absolutely need to report messages to users, some users have magical thinking about log verbosity.
- Name PublicFunctionsAndTypes in PascalCase. Name privateFunctionsAndTypes in camelCase.
- Acronyms stay uppercase (`URL`, `HTTP`, `IP`, `DNS`, etc.)
- Enumerations should use strong types with validation logic for parsing remote input.
- Be conservative in what you send but liberal in what you accept.
- Anything reading configuration values should use both `json` and `yaml` struct tags. Use pointer values for optional configuration values.
- Use [table-driven tests](https://go.dev/wiki/TableDrivenTests) when writing test code.
- Use [`t.Helper()`](https://pkg.go.dev/testing#T.Helper) in helper code (setup/teardown scaffolding).
- Use [`t.Cleanup()`](https://pkg.go.dev/testing#T.Cleanup) to tear down per-test or per-suite scaffolding.
- Use [`errors.Is`](https://pkg.go.dev/errors#Is) for validating function results against sentinel errors.
- Prefer same-package tests over black-box tests (`_test` packages).
### JavaScript / TypeScript
- Source lives in `web/js/`. Built with esbuild, bundled and minified.
- Uses Preact (not React).
- No linter config. Keep functions small. Use `const` by default.
### Templ Templates
Anubis uses [Templ](https://templ.guide) for generating HTML on the server.
- `.templ` files in `web/` generate Go code. Run `go generate ./...` (or `npm run assets`) after modifying them.
- Templates receive typed Go parameters. Keep logic in Go, not templates.
## Commit Messages
Commit messages follow the [**Conventional Commits**](https://www.conventionalcommits.org/en/v1.0.0/) format:
```text
<type>[optional scope]: <description>
[optional body]
[optional footer(s)]
```
**Types**: `feat`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `build`, `ci`, `chore`, `revert`
- Add `!` after type/scope for breaking changes or include `BREAKING CHANGE:` in the footer.
- Keep descriptions concise, imperative, lowercase, and without a trailing period.
- Reference issues/PRs in the footer when applicable.
- **ALL git commits MUST be made with `--signoff`.** This is mandatory.
### Attribution Requirements
AI agents must disclose what tool and model they are using in the "Assisted-by" commit footer:
```text
Assisted-by: [Model Name] via [Tool Name]
```
Example:
```text
Assisted-by: GLM 4.6 via Claude Code
```
## PR Checklist
- Add description of changes to `[Unreleased]` in `docs/docs/CHANGELOG.md`.
- Add test cases for bug fixes and behavior changes.
- Run integration tests: `npm run test:integration`.
- All commits must have verified (signed) signatures.
## Key Conventions
- **Security-first**: This is security software. Code reviews are strict. Always add tests for bug fixes. Consider adversarial inputs.
- **Configuration**: YAML-based policy files. Config structs validate via `Valid() error` methods returning sentinel errors.
- **Store interface**: `lib/store.Interface` abstracts key-value storage.
- **Environment variables**: Parsed from flags via `flagenv`. Use `.env` files locally (loaded by `godotenv/autoload`). Never commit `.env` files.
- **Assets must be built first**: JS/CSS assets are embedded into the Go binary. Always run `npm run assets` before `go test` or `go build`.
- **CEL expressions**: Policy rules support CEL (Common Expression Language) expressions for advanced matching. See `lib/policy/expressions/`.

3
Makefile
View File

@@ -24,7 +24,8 @@ build: assets
lint: assets
$(GO) vet ./...
$(GO) tool staticcheck ./...
$(GO) tool govulncheck ./...
prebaked-build:
$(GO) build -o ./var/anubis -ldflags "-X 'github.com/TecharoHQ/anubis.Version=$(VERSION)'" ./cmd/anubis
$(GO) build -o ./var/robots2policy -ldflags "-X 'github.com/TecharoHQ/anubis.Version=$(VERSION)'" ./cmd/robots2policy

23
README.md
View File

@@ -20,27 +20,12 @@ Anubis is brought to you by sponsors and donors like:
<a href="https://www.raptorcs.com/content/base/products.html">
<img src="./docs/static/img/sponsors/raptor-computing-logo.webp" alt="Raptor Computing Systems" height=64 />
</a>
<a href="https://databento.com/?utm_source=anubis&utm_medium=sponsor&utm_campaign=anubis">
<img src="./docs/static/img/sponsors/databento-logo.webp" alt="Databento" height="64" />
</a>
### Gold Tier
<a href="https://www.unipromos.com/?utm_campaign=github&utm_medium=referral&utm_content=anubis">
<img src="./docs/static/img/sponsors/unipromos.webp" alt="Unipromos" height="64" />
</a>
<a href="https://uvensys.de/?utm_campaign=github&utm_medium=referral&utm_content=anubis">
<img src="./docs/static/img/sponsors/uvensys.webp" alt="Uvensys" height="64">
</a>
<a href="https://distrust.co?utm_campaign=github&utm_medium=referral&utm_content=anubis">
<img src="./docs/static/img/sponsors/distrust-logo.webp" alt="Distrust" height="64">
</a>
<a href="https://about.gitea.com?utm_campaign=github&utm_medium=referral&utm_content=anubis">
<img src="./docs/static/img/sponsors/gitea-logo.webp" alt="Gitea" height="64">
</a>
<a href="https://prolocation.net?utm_campaign=github&utm_medium=referral&utm_content=anubis">
<img src="./docs/static/img/sponsors/prolocation-logo.svg" alt="Prolocation" height="64">
</a>
<a href="https://terminaltrove.com/?utm_campaign=github&utm_medium=referral&utm_content=anubis&utm_source=abgh">
<img src="./docs/static/img/sponsors/terminal-trove.webp" alt="Terminal Trove" height="64">
</a>
@@ -70,12 +55,6 @@ Anubis is brought to you by sponsors and donors like:
height="64"
/>
</a>
<a href="https://www.anexia.com/">
<img src="./docs/static/img/sponsors/anexia-cloudsolutions-logo.webp" alt="ANEXIA Cloud Solutions" height="64">
</a>
<a href="https://dd-wrt.com/">
<img src="./docs/static/img/sponsors/ddwrt-logo.webp" alt="embeDD GmbH" height="64">
</a>
## Overview
@@ -87,7 +66,7 @@ Anubis is a bit of a nuclear response. This will result in your website being bl
In most cases, you should not need this and can probably get by using Cloudflare to protect a given origin. However, for circumstances where you can't or won't use Cloudflare, Anubis is there for you.
If you want to try this out, visit the Anubis documentation site at [anubis.techaro.lol](https://anubis.techaro.lol).
If you want to try this out, connect to [anubis.techaro.lol](https://anubis.techaro.lol).
## Support

13
SECURITY.md
View File

@@ -1,13 +0,0 @@
# Security Policy
Techaro follows the [Semver 2.0 scheme](https://semver.org/).
## Supported Versions
Techaro strives to support the two most recent minor versions of Anubis. Patches to those versions will be published as patch releases.
## Reporting a Vulnerability
Email security@techaro.lol with details on the vulnerability and reproduction steps. You will get a response as soon as possible.
Please take care to send your email as a mixed plaintext and HTML message. Messages with GPG signatures or that are plaintext only may be blocked by the spam filter.

2
VERSION
View File

@@ -1 +1 @@
1.25.0
1.21.3

8
anubis.go
View File

@@ -11,7 +11,7 @@ var Version = "devel"
// CookieName is the name of the cookie that Anubis uses in order to validate
// access.
var CookieName = "techaro.lol-anubis"
var CookieName = "techaro.lol-anubis-auth"
// TestCookieName is the name of the cookie that Anubis uses in order to check
// if cookies are enabled on the client's browser.
@@ -23,9 +23,6 @@ const CookieDefaultExpirationTime = 7 * 24 * time.Hour
// BasePrefix is a global prefix for all Anubis endpoints. Can be emptied to remove the prefix entirely.
var BasePrefix = ""
// PublicUrl is the externally accessible URL for this Anubis instance.
var PublicUrl = ""
// StaticPath is the location where all static Anubis assets are located.
const StaticPath = "/.within.website/x/cmd/anubis/"
@@ -39,6 +36,3 @@ const DefaultDifficulty = 4
// ForcedLanguage is the language being used instead of the one of the request's Accept-Language header
// if being set.
var ForcedLanguage = ""
// UseSimplifiedExplanation can be set to true for using the simplified explanation
var UseSimplifiedExplanation = false

157
cmd/anubis/main.go
View File

@@ -17,7 +17,6 @@ import (
"net"
"net/http"
"net/http/httputil"
"net/http/pprof"
"net/url"
"os"
"os/signal"
@@ -32,8 +31,8 @@ import (
"github.com/TecharoHQ/anubis/data"
"github.com/TecharoHQ/anubis/internal"
libanubis "github.com/TecharoHQ/anubis/lib"
"github.com/TecharoHQ/anubis/lib/config"
botPolicy "github.com/TecharoHQ/anubis/lib/policy"
"github.com/TecharoHQ/anubis/lib/policy/config"
"github.com/TecharoHQ/anubis/lib/thoth"
"github.com/TecharoHQ/anubis/web"
"github.com/facebookgo/flagenv"
@@ -50,14 +49,11 @@ var (
cookieDomain = flag.String("cookie-domain", "", "if set, the top-level domain that the Anubis cookie will be valid for")
cookieDynamicDomain = flag.Bool("cookie-dynamic-domain", false, "if set, automatically set the cookie Domain value based on the request domain")
cookieExpiration = flag.Duration("cookie-expiration-time", anubis.CookieDefaultExpirationTime, "The amount of time the authorization cookie is valid for")
cookiePrefix = flag.String("cookie-prefix", anubis.CookieName, "prefix for browser cookies created by Anubis")
cookiePrefix = flag.String("cookie-prefix", "techaro.lol-anubis", "prefix for browser cookies created by Anubis")
cookiePartitioned = flag.Bool("cookie-partitioned", false, "if true, sets the partitioned flag on Anubis cookies, enabling CHIPS support")
difficultyInJWT = flag.Bool("difficulty-in-jwt", false, "if true, adds a difficulty field in the JWT claims")
useSimplifiedExplanation = flag.Bool("use-simplified-explanation", false, "if true, replaces the text when clicking \"Why am I seeing this?\" with a more simplified text for a non-tech-savvy audience.")
forcedLanguage = flag.String("forced-language", "", "if set, this language is being used instead of the one from the request's Accept-Language header")
hs512Secret = flag.String("hs512-secret", "", "secret used to sign JWTs, uses ed25519 if not set")
cookieSecure = flag.Bool("cookie-secure", true, "if true, sets the secure flag on Anubis cookies")
cookieSameSite = flag.String("cookie-same-site", "None", "sets the same site option on Anubis cookies, will auto-downgrade None to Lax if cookie-secure is false. Valid values are None, Lax, Strict, and Default.")
ed25519PrivateKeyHex = flag.String("ed25519-private-key-hex", "", "private key used to sign JWTs, if not set a random one will be assigned")
ed25519PrivateKeyHexFile = flag.String("ed25519-private-key-hex-file", "", "file name containing value for ed25519-private-key-hex")
metricsBind = flag.String("metrics-bind", ":9090", "network address to bind metrics to")
@@ -69,10 +65,9 @@ var (
slogLevel = flag.String("slog-level", "INFO", "logging level (see https://pkg.go.dev/log/slog#hdr-Levels)")
stripBasePrefix = flag.Bool("strip-base-prefix", false, "if true, strips the base prefix from requests forwarded to the target server")
target = flag.String("target", "http://localhost:3923", "target to reverse proxy to, set to an empty string to disable proxying when only using auth request")
targetSNI = flag.String("target-sni", "", "if set, TLS handshake hostname when forwarding requests to the target, if set to auto, use Host header")
targetSNI = flag.String("target-sni", "", "if set, the value of the TLS handshake hostname when forwarding requests to the target")
targetHost = flag.String("target-host", "", "if set, the value of the Host header when forwarding requests to the target")
targetInsecureSkipVerify = flag.Bool("target-insecure-skip-verify", false, "if true, skips TLS validation for the backend")
targetDisableKeepAlive = flag.Bool("target-disable-keepalive", false, "if true, disables HTTP keep-alive for the backend")
healthcheck = flag.Bool("healthcheck", false, "run a health check against Anubis")
useRemoteAddress = flag.Bool("use-remote-address", false, "read the client's IP address from the network request, useful for debugging and running Anubis on bare metal")
debugBenchmarkJS = flag.Bool("debug-benchmark-js", false, "respond to every request with a challenge for benchmarking hashrate")
@@ -82,14 +77,11 @@ var (
extractResources = flag.String("extract-resources", "", "if set, extract the static resources to the specified folder")
webmasterEmail = flag.String("webmaster-email", "", "if set, displays webmaster's email on the reject page for appeals")
versionFlag = flag.Bool("version", false, "print Anubis version")
publicUrl = flag.String("public-url", "", "the externally accessible URL for this Anubis instance, used for constructing redirect URLs (e.g., for forwardAuth).")
xffStripPrivate = flag.Bool("xff-strip-private", true, "if set, strip private addresses from X-Forwarded-For")
customRealIPHeader = flag.String("custom-real-ip-header", "", "if set, read remote IP from header of this name (in case your environment doesn't set X-Real-IP header)")
thothInsecure = flag.Bool("thoth-insecure", false, "if set, connect to Thoth over plain HTTP/2, don't enable this unless support told you to")
thothURL = flag.String("thoth-url", "", "if set, URL for Thoth, the IP reputation database for Anubis")
thothToken = flag.String("thoth-token", "", "if set, API token for Thoth, the IP reputation database for Anubis")
jwtRestrictionHeader = flag.String("jwt-restriction-header", "X-Real-IP", "If set, the JWT is only valid if the current value of this header matched the value when the JWT was created")
thothInsecure = flag.Bool("thoth-insecure", false, "if set, connect to Thoth over plain HTTP/2, don't enable this unless support told you to")
thothURL = flag.String("thoth-url", "", "if set, URL for Thoth, the IP reputation database for Anubis")
thothToken = flag.String("thoth-token", "", "if set, API token for Thoth, the IP reputation database for Anubis")
)
func keyFromHex(value string) (ed25519.PrivateKey, error) {
@@ -146,22 +138,6 @@ func parseBindNetFromAddr(address string) (string, string) {
return "", address
}
func parseSameSite(s string) http.SameSite {
switch strings.ToLower(s) {
case "none":
return http.SameSiteNoneMode
case "lax":
return http.SameSiteLaxMode
case "strict":
return http.SameSiteStrictMode
case "default":
return http.SameSiteDefaultMode
default:
log.Fatalf("invalid cookie same-site mode: %s, valid values are None, Lax, Strict, and Default", s)
}
return http.SameSiteDefaultMode
}
func setupListener(network string, address string) (net.Listener, string) {
formattedAddress := ""
@@ -209,7 +185,7 @@ func setupListener(network string, address string) (net.Listener, string) {
return listener, formattedAddress
}
func makeReverseProxy(target string, targetSNI string, targetHost string, insecureSkipVerify bool, targetDisableKeepAlive bool) (http.Handler, error) {
func makeReverseProxy(target string, targetSNI string, targetHost string, insecureSkipVerify bool) (http.Handler, error) {
targetUri, err := url.Parse(target)
if err != nil {
return nil, fmt.Errorf("failed to parse target URL: %w", err)
@@ -217,10 +193,6 @@ func makeReverseProxy(target string, targetSNI string, targetHost string, insecu
transport := http.DefaultTransport.(*http.Transport).Clone()
if targetDisableKeepAlive {
transport.DisableKeepAlives = true
}
// https://github.com/oauth2-proxy/oauth2-proxy/blob/4e2100a2879ef06aea1411790327019c1a09217c/pkg/upstream/http.go#L124
if targetUri.Scheme == "unix" {
// clean path up so we don't use the socket path in proxied requests
@@ -237,28 +209,23 @@ func makeReverseProxy(target string, targetSNI string, targetHost string, insecu
if insecureSkipVerify || targetSNI != "" {
transport.TLSClientConfig = &tls.Config{}
}
if insecureSkipVerify {
slog.Warn("TARGET_INSECURE_SKIP_VERIFY is set to true, TLS certificate validation will not be performed", "target", target)
transport.TLSClientConfig.InsecureSkipVerify = true
}
if targetSNI != "" && targetSNI != "auto" {
transport.TLSClientConfig.ServerName = targetSNI
if insecureSkipVerify {
slog.Warn("TARGET_INSECURE_SKIP_VERIFY is set to true, TLS certificate validation will not be performed", "target", target)
transport.TLSClientConfig.InsecureSkipVerify = true
}
if targetSNI != "" {
transport.TLSClientConfig.ServerName = targetSNI
}
}
rp := httputil.NewSingleHostReverseProxy(targetUri)
rp.Transport = transport
if targetHost != "" || targetSNI == "auto" {
if targetHost != "" {
originalDirector := rp.Director
rp.Director = func(req *http.Request) {
originalDirector(req)
if targetHost != "" {
req.Host = targetHost
}
if targetSNI == "auto" {
transport.TLSClientConfig.ServerName = req.Host
}
req.Host = targetHost
}
}
@@ -274,11 +241,9 @@ func main() {
return
}
internal.InitSlog(*slogLevel)
internal.SetHealth("anubis", healthv1.HealthCheckResponse_NOT_SERVING)
lg := internal.InitSlog(*slogLevel, os.Stderr)
lg.Info("starting up Anubis")
if *healthcheck {
log.Println("running healthcheck")
if err := doHealthCheck(); err != nil {
@@ -306,14 +271,14 @@ func main() {
if *metricsBind != "" {
wg.Add(1)
go metricsServer(ctx, *lg.With("subsystem", "metrics"), wg.Done)
go metricsServer(ctx, wg.Done)
}
var rp http.Handler
// when using anubis via Systemd and environment variables, then it is not possible to set targe to an empty string but only to space
if strings.TrimSpace(*target) != "" {
var err error
rp, err = makeReverseProxy(*target, *targetSNI, *targetHost, *targetInsecureSkipVerify, *targetDisableKeepAlive)
rp, err = makeReverseProxy(*target, *targetSNI, *targetHost, *targetInsecureSkipVerify)
if err != nil {
log.Fatalf("can't make reverse proxy: %v", err)
}
@@ -326,11 +291,11 @@ func main() {
// Thoth configuration
switch {
case *thothURL != "" && *thothToken == "":
lg.Warn("THOTH_URL is set but no THOTH_TOKEN is set")
slog.Warn("THOTH_URL is set but no THOTH_TOKEN is set")
case *thothURL == "" && *thothToken != "":
lg.Warn("THOTH_TOKEN is set but no THOTH_URL is set")
slog.Warn("THOTH_TOKEN is set but no THOTH_URL is set")
case *thothURL != "" && *thothToken != "":
lg.Debug("connecting to Thoth")
slog.Debug("connecting to Thoth")
thothClient, err := thoth.New(ctx, *thothURL, *thothToken, *thothInsecure)
if err != nil {
log.Fatalf("can't dial thoth at %s: %v", *thothURL, err)
@@ -339,24 +304,10 @@ func main() {
ctx = thoth.With(ctx, thothClient)
}
lg.Info("loading policy file", "fname", *policyFname)
policy, err := libanubis.LoadPoliciesOrDefault(ctx, *policyFname, *challengeDifficulty, *slogLevel)
policy, err := libanubis.LoadPoliciesOrDefault(ctx, *policyFname, *challengeDifficulty)
if err != nil {
log.Fatalf("can't parse policy file: %v", err)
}
lg = policy.Logger
lg.Debug("swapped to new logger")
slog.SetDefault(lg)
// Warn if persistent storage is used without a configured signing key
if policy.Store.IsPersistent() {
if *hs512Secret == "" && *ed25519PrivateKeyHex == "" && *ed25519PrivateKeyHexFile == "" {
lg.Warn("[misconfiguration] persistent storage backend is configured, but no private key is set. " +
"Challenges will be invalidated when Anubis restarts. " +
"Set HS512_SECRET, ED25519_PRIVATE_KEY_HEX, or ED25519_PRIVATE_KEY_HEX_FILE to ensure challenges survive service restarts. " +
"See: https://anubis.techaro.lol/docs/admin/installation#key-generation")
}
}
ruleErrorIDs := make(map[string]string)
for _, rule := range policy.Bots {
@@ -414,13 +365,13 @@ func main() {
log.Fatalf("failed to generate ed25519 key: %v", err)
}
lg.Warn("generating random key, Anubis will have strange behavior when multiple instances are behind the same load balancer target, for more information: see https://anubis.techaro.lol/docs/admin/installation#key-generation")
slog.Warn("generating random key, Anubis will have strange behavior when multiple instances are behind the same load balancer target, for more information: see https://anubis.techaro.lol/docs/admin/installation#key-generation")
}
var redirectDomainsList []string
if *redirectDomains != "" {
domains := strings.SplitSeq(*redirectDomains, ",")
for domain := range domains {
domains := strings.Split(*redirectDomains, ",")
for _, domain := range domains {
_, err = url.Parse(domain)
if err != nil {
log.Fatalf("cannot parse redirect-domain %q: %s", domain, err.Error())
@@ -428,13 +379,12 @@ func main() {
redirectDomainsList = append(redirectDomainsList, strings.TrimSpace(domain))
}
} else {
lg.Warn("REDIRECT_DOMAINS is not set, Anubis will redirect to any domain, see https://anubis.techaro.lol/docs/admin/configuration/redirect-domains")
slog.Warn("REDIRECT_DOMAINS is not set, Anubis will only redirect to the same domain a request is coming from, see https://anubis.techaro.lol/docs/admin/configuration/redirect-domains")
}
anubis.CookieName = *cookiePrefix + "-auth"
anubis.TestCookieName = *cookiePrefix + "-cookie-verification"
anubis.ForcedLanguage = *forcedLanguage
anubis.UseSimplifiedExplanation = *useSimplifiedExplanation
// If OpenGraph configuration values are not set in the config file, use the
// values from flags / envvars.
@@ -446,30 +396,22 @@ func main() {
}
s, err := libanubis.New(libanubis.Options{
BasePrefix: *basePrefix,
StripBasePrefix: *stripBasePrefix,
Next: rp,
Policy: policy,
TargetHost: *targetHost,
TargetSNI: *targetSNI,
TargetInsecureSkipVerify: *targetInsecureSkipVerify,
ServeRobotsTXT: *robotsTxt,
ED25519PrivateKey: ed25519Priv,
HS512Secret: []byte(*hs512Secret),
CookieDomain: *cookieDomain,
CookieDynamicDomain: *cookieDynamicDomain,
CookieExpiration: *cookieExpiration,
CookiePartitioned: *cookiePartitioned,
RedirectDomains: redirectDomainsList,
Target: *target,
WebmasterEmail: *webmasterEmail,
OpenGraph: policy.OpenGraph,
CookieSecure: *cookieSecure,
CookieSameSite: parseSameSite(*cookieSameSite),
PublicUrl: *publicUrl,
JWTRestrictionHeader: *jwtRestrictionHeader,
Logger: policy.Logger.With("subsystem", "anubis"),
DifficultyInJWT: *difficultyInJWT,
BasePrefix: *basePrefix,
StripBasePrefix: *stripBasePrefix,
Next: rp,
Policy: policy,
ServeRobotsTXT: *robotsTxt,
ED25519PrivateKey: ed25519Priv,
HS512Secret: []byte(*hs512Secret),
CookieDomain: *cookieDomain,
CookieDynamicDomain: *cookieDynamicDomain,
CookieExpiration: *cookieExpiration,
CookiePartitioned: *cookiePartitioned,
RedirectDomains: redirectDomainsList,
Target: *target,
WebmasterEmail: *webmasterEmail,
OpenGraph: policy.OpenGraph,
CookieSecure: *cookieSecure,
})
if err != nil {
log.Fatalf("can't construct libanubis.Server: %v", err)
@@ -477,7 +419,6 @@ func main() {
var h http.Handler
h = s
h = internal.CustomRealIPHeader(*customRealIPHeader, h)
h = internal.RemoteXRealIP(*useRemoteAddress, *bindNetwork, h)
h = internal.XForwardedForToXRealIP(h)
h = internal.XForwardedForUpdate(*xffStripPrivate, h)
@@ -485,7 +426,7 @@ func main() {
srv := http.Server{Handler: h, ErrorLog: internal.GetFilteredHTTPLogger()}
listener, listenerUrl := setupListener(*bindNetwork, *bind)
lg.Info(
slog.Info(
"listening",
"url", listenerUrl,
"difficulty", *challengeDifficulty,
@@ -499,7 +440,6 @@ func main() {
"base-prefix", *basePrefix,
"cookie-expiration-time", *cookieExpiration,
"rule-error-ids", ruleErrorIDs,
"public-url", *publicUrl,
)
go func() {
@@ -519,15 +459,10 @@ func main() {
wg.Wait()
}
func metricsServer(ctx context.Context, lg slog.Logger, done func()) {
func metricsServer(ctx context.Context, done func()) {
defer done()
mux := http.NewServeMux()
mux.HandleFunc("GET /debug/pprof/", pprof.Index)
mux.HandleFunc("GET /debug/pprof/cmdline", pprof.Cmdline)
mux.HandleFunc("GET /debug/pprof/profile", pprof.Profile)
mux.HandleFunc("GET /debug/pprof/symbol", pprof.Symbol)
mux.HandleFunc("GET /debug/pprof/trace", pprof.Trace)
mux.Handle("/metrics", promhttp.Handler())
mux.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
st, ok := internal.GetHealth("anubis")
@@ -550,7 +485,7 @@ func metricsServer(ctx context.Context, lg slog.Logger, done func()) {
srv := http.Server{Handler: mux, ErrorLog: internal.GetFilteredHTTPLogger()}
listener, metricsUrl := setupListener(*metricsBindNetwork, *metricsBind)
lg.Debug("listening for metrics", "url", metricsUrl)
slog.Debug("listening for metrics", "url", metricsUrl)
go func() {
<-ctx.Done()

12
cmd/containerbuild/main.go
View File

@@ -28,7 +28,7 @@ func main() {
flagenv.Parse()
flag.Parse()
slog.SetDefault(internal.InitSlog(*slogLevel, os.Stderr))
internal.InitSlog(*slogLevel)
koDockerRepo := strings.TrimSuffix(*dockerRepo, "/"+filepath.Base(*dockerRepo))
@@ -46,11 +46,6 @@ func main() {
)
}
if strings.Contains(*dockerTags, ",") {
newTags := strings.Join(strings.Split(*dockerTags, ","), "\n")
dockerTags = &newTags
}
setOutput("docker_image", strings.SplitN(*dockerTags, "\n", 2)[0])
version, err := run("git describe --tags --always --dirty")
@@ -159,8 +154,5 @@ func run(command string) (string, error) {
}
func setOutput(key, val string) {
github_output := os.Getenv("GITHUB_OUTPUT")
f, _ := os.OpenFile(github_output, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0644)
fmt.Fprintf(f, "%s=%s\n", key, val)
f.Close()
fmt.Printf("::set-output name=%s::%s\n", key, val)
}

157
cmd/robots2policy/main.go
View File

@@ -10,10 +10,9 @@ import (
"net/http"
"os"
"regexp"
"slices"
"strings"
"github.com/TecharoHQ/anubis/lib/config"
"github.com/TecharoHQ/anubis/lib/policy/config"
"sigs.k8s.io/yaml"
)
@@ -30,7 +29,7 @@ var (
)
type RobotsRule struct {
UserAgents []string
UserAgent string
Disallows []string
Allows []string
CrawlDelay int
@@ -131,26 +130,10 @@ func main() {
}
}
func createRuleFromAccumulated(userAgents, disallows, allows []string, crawlDelay int) RobotsRule {
rule := RobotsRule{
UserAgents: make([]string, len(userAgents)),
Disallows: make([]string, len(disallows)),
Allows: make([]string, len(allows)),
CrawlDelay: crawlDelay,
}
copy(rule.UserAgents, userAgents)
copy(rule.Disallows, disallows)
copy(rule.Allows, allows)
return rule
}
func parseRobotsTxt(input io.Reader) ([]RobotsRule, error) {
scanner := bufio.NewScanner(input)
var rules []RobotsRule
var currentUserAgents []string
var currentDisallows []string
var currentAllows []string
var currentCrawlDelay int
var currentRule *RobotsRule
for scanner.Scan() {
line := strings.TrimSpace(scanner.Text())
@@ -171,48 +154,47 @@ func parseRobotsTxt(input io.Reader) ([]RobotsRule, error) {
switch directive {
case "user-agent":
// If we have accumulated rules with directives and encounter a new user-agent,
// flush the current rules
if len(currentUserAgents) > 0 && (len(currentDisallows) > 0 || len(currentAllows) > 0 || currentCrawlDelay > 0) {
rule := createRuleFromAccumulated(currentUserAgents, currentDisallows, currentAllows, currentCrawlDelay)
rules = append(rules, rule)
// Reset for next group
currentUserAgents = nil
currentDisallows = nil
currentAllows = nil
currentCrawlDelay = 0
// Start a new rule section
if currentRule != nil {
rules = append(rules, *currentRule)
}
currentRule = &RobotsRule{
UserAgent: value,
Disallows: make([]string, 0),
Allows: make([]string, 0),
}
currentUserAgents = append(currentUserAgents, value)
case "disallow":
if len(currentUserAgents) > 0 && value != "" {
currentDisallows = append(currentDisallows, value)
if currentRule != nil && value != "" {
currentRule.Disallows = append(currentRule.Disallows, value)
}
case "allow":
if len(currentUserAgents) > 0 && value != "" {
currentAllows = append(currentAllows, value)
if currentRule != nil && value != "" {
currentRule.Allows = append(currentRule.Allows, value)
}
case "crawl-delay":
if len(currentUserAgents) > 0 {
if currentRule != nil {
if delay, err := parseIntSafe(value); err == nil {
currentCrawlDelay = delay
currentRule.CrawlDelay = delay
}
}
}
}
// Don't forget the last group of rules
if len(currentUserAgents) > 0 {
rule := createRuleFromAccumulated(currentUserAgents, currentDisallows, currentAllows, currentCrawlDelay)
rules = append(rules, rule)
// Don't forget the last rule
if currentRule != nil {
rules = append(rules, *currentRule)
}
// Mark blacklisted user agents (those with "Disallow: /")
for i := range rules {
if slices.Contains(rules[i].Disallows, "/") {
rules[i].IsBlacklist = true
for _, disallow := range rules[i].Disallows {
if disallow == "/" {
rules[i].IsBlacklist = true
break
}
}
}
@@ -229,11 +211,10 @@ func convertToAnubisRules(robotsRules []RobotsRule) []AnubisRule {
var anubisRules []AnubisRule
ruleCounter := 0
// Process each robots rule individually
for _, robotsRule := range robotsRules {
userAgents := robotsRule.UserAgents
userAgent := robotsRule.UserAgent
// Handle crawl delay
// Handle crawl delay as weight adjustment (do this first before any continues)
if robotsRule.CrawlDelay > 0 && *crawlDelay > 0 {
ruleCounter++
rule := AnubisRule{
@@ -242,32 +223,20 @@ func convertToAnubisRules(robotsRules []RobotsRule) []AnubisRule {
Weight: &config.Weight{Adjust: *crawlDelay},
}
if len(userAgents) == 1 && userAgents[0] == "*" {
if userAgent == "*" {
rule.Expression = &config.ExpressionOrList{
All: []string{"true"}, // Always applies
}
} else if len(userAgents) == 1 {
rule.Expression = &config.ExpressionOrList{
All: []string{fmt.Sprintf("userAgent.contains(%q)", userAgents[0])},
}
} else {
// Multiple user agents - use any block
var expressions []string
for _, ua := range userAgents {
if ua == "*" {
expressions = append(expressions, "true")
} else {
expressions = append(expressions, fmt.Sprintf("userAgent.contains(%q)", ua))
}
}
rule.Expression = &config.ExpressionOrList{
Any: expressions,
All: []string{fmt.Sprintf("userAgent.contains(%q)", userAgent)},
}
}
anubisRules = append(anubisRules, rule)
}
// Handle blacklisted user agents
// Handle blacklisted user agents (complete deny/challenge)
if robotsRule.IsBlacklist {
ruleCounter++
rule := AnubisRule{
@@ -275,36 +244,21 @@ func convertToAnubisRules(robotsRules []RobotsRule) []AnubisRule {
Action: *userAgentDeny,
}
if len(userAgents) == 1 {
userAgent := userAgents[0]
if userAgent == "*" {
// This would block everything - convert to a weight adjustment instead
rule.Name = fmt.Sprintf("%s-global-restriction-%d", *policyName, ruleCounter)
rule.Action = "WEIGH"
rule.Weight = &config.Weight{Adjust: 20} // Increase difficulty significantly
rule.Expression = &config.ExpressionOrList{
All: []string{"true"}, // Always applies
}
} else {
rule.Expression = &config.ExpressionOrList{
All: []string{fmt.Sprintf("userAgent.contains(%q)", userAgent)},
}
if userAgent == "*" {
// This would block everything - convert to a weight adjustment instead
rule.Name = fmt.Sprintf("%s-global-restriction-%d", *policyName, ruleCounter)
rule.Action = "WEIGH"
rule.Weight = &config.Weight{Adjust: 20} // Increase difficulty significantly
rule.Expression = &config.ExpressionOrList{
All: []string{"true"}, // Always applies
}
} else {
// Multiple user agents - use any block
var expressions []string
for _, ua := range userAgents {
if ua == "*" {
expressions = append(expressions, "true")
} else {
expressions = append(expressions, fmt.Sprintf("userAgent.contains(%q)", ua))
}
}
rule.Expression = &config.ExpressionOrList{
Any: expressions,
All: []string{fmt.Sprintf("userAgent.contains(%q)", userAgent)},
}
}
anubisRules = append(anubisRules, rule)
continue
}
// Handle specific disallow rules
@@ -322,33 +276,9 @@ func convertToAnubisRules(robotsRules []RobotsRule) []AnubisRule {
// Build CEL expression
var conditions []string
// Add user agent conditions
if len(userAgents) == 1 && userAgents[0] == "*" {
// Wildcard user agent - no user agent condition needed
} else if len(userAgents) == 1 {
conditions = append(conditions, fmt.Sprintf("userAgent.contains(%q)", userAgents[0]))
} else {
// For multiple user agents, we need to use a more complex expression
// This is a limitation - we can't easily combine any for user agents with all for path
// So we'll create separate rules for each user agent
for _, ua := range userAgents {
if ua == "*" {
continue // Skip wildcard as it's handled separately
}
ruleCounter++
subRule := AnubisRule{
Name: fmt.Sprintf("%s-disallow-%d", *policyName, ruleCounter),
Action: *baseAction,
Expression: &config.ExpressionOrList{
All: []string{
fmt.Sprintf("userAgent.contains(%q)", ua),
buildPathCondition(disallow),
},
},
}
anubisRules = append(anubisRules, subRule)
}
continue
// Add user agent condition if not wildcard
if userAgent != "*" {
conditions = append(conditions, fmt.Sprintf("userAgent.contains(%q)", userAgent))
}
// Add path condition
@@ -361,6 +291,7 @@ func convertToAnubisRules(robotsRules []RobotsRule) []AnubisRule {
anubisRules = append(anubisRules, rule)
}
}
return anubisRules

18
cmd/robots2policy/robots2policy_test.go
View File

@@ -22,9 +22,9 @@ type TestCase struct {
type TestOptions struct {
format string
action string
crawlDelayWeight int
policyName string
deniedAction string
crawlDelayWeight int
}
func TestDataFileConversion(t *testing.T) {
@@ -78,12 +78,6 @@ func TestDataFileConversion(t *testing.T) {
expectedFile: "complex.yaml",
options: TestOptions{format: "yaml", crawlDelayWeight: 5},
},
{
name: "consecutive_user_agents",
robotsFile: "consecutive.robots.txt",
expectedFile: "consecutive.yaml",
options: TestOptions{format: "yaml", crawlDelayWeight: 3},
},
}
for _, tc := range testCases {
@@ -158,8 +152,8 @@ func TestDataFileConversion(t *testing.T) {
}
if strings.ToLower(*outputFormat) == "yaml" {
var actualData []any
var expectedData []any
var actualData []interface{}
var expectedData []interface{}
err = yaml.Unmarshal(actualOutput, &actualData)
if err != nil {
@@ -178,8 +172,8 @@ func TestDataFileConversion(t *testing.T) {
t.Errorf("Output mismatch for %s\nExpected:\n%s\n\nActual:\n%s", tc.name, expectedStr, actualStr)
}
} else {
var actualData []any
var expectedData []any
var actualData []interface{}
var expectedData []interface{}
err = json.Unmarshal(actualOutput, &actualData)
if err != nil {
@@ -419,6 +413,6 @@ Disallow: /`
// compareData performs a deep comparison of two data structures,
// ignoring differences that are semantically equivalent in YAML/JSON
func compareData(actual, expected any) bool {
func compareData(actual, expected interface{}) bool {
return reflect.DeepEqual(actual, expected)
}

6
cmd/robots2policy/testdata/blacklist.yaml vendored
View File

@@ -25,6 +25,6 @@
- action: CHALLENGE
expression:
all:
- userAgent.contains("Googlebot")
- path.startsWith("/search")
name: robots-txt-policy-disallow-7
- userAgent.contains("Googlebot")
- path.startsWith("/search")
name: robots-txt-policy-disallow-7

24
cmd/robots2policy/testdata/complex.yaml vendored
View File

@@ -20,8 +20,8 @@
- action: CHALLENGE
expression:
all:
- userAgent.contains("Googlebot")
- path.startsWith("/search/")
- userAgent.contains("Googlebot")
- path.startsWith("/search/")
name: robots-txt-policy-disallow-6
- action: WEIGH
expression: userAgent.contains("Bingbot")
@@ -31,14 +31,14 @@
- action: CHALLENGE
expression:
all:
- userAgent.contains("Bingbot")
- path.startsWith("/search/")
- userAgent.contains("Bingbot")
- path.startsWith("/search/")
name: robots-txt-policy-disallow-8
- action: CHALLENGE
expression:
all:
- userAgent.contains("Bingbot")
- path.startsWith("/admin/")
- userAgent.contains("Bingbot")
- path.startsWith("/admin/")
name: robots-txt-policy-disallow-9
- action: DENY
expression: userAgent.contains("BadBot")
@@ -54,18 +54,18 @@
- action: CHALLENGE
expression:
all:
- userAgent.contains("TestBot")
- path.matches("^/.*/admin")
- userAgent.contains("TestBot")
- path.matches("^/.*/admin")
name: robots-txt-policy-disallow-13
- action: CHALLENGE
expression:
all:
- userAgent.contains("TestBot")
- path.matches("^/temp.*\\.html")
- userAgent.contains("TestBot")
- path.matches("^/temp.*\\.html")
name: robots-txt-policy-disallow-14
- action: CHALLENGE
expression:
all:
- userAgent.contains("TestBot")
- path.matches("^/file.\\.log")
- userAgent.contains("TestBot")
- path.matches("^/file.\\.log")
name: robots-txt-policy-disallow-15

25
cmd/robots2policy/testdata/consecutive.robots.txt vendored
View File

@@ -1,25 +0,0 @@
# Test consecutive user agents that should be grouped into any: blocks
User-agent: *
Disallow: /admin
Crawl-delay: 10
# Multiple consecutive user agents - should be grouped
User-agent: BadBot
User-agent: SpamBot
User-agent: EvilBot
Disallow: /
# Single user agent - should be separate
User-agent: GoodBot
Disallow: /private
# Multiple consecutive user agents with crawl delay
User-agent: SlowBot1
User-agent: SlowBot2
Crawl-delay: 5
# Multiple consecutive user agents with specific path
User-agent: SearchBot1
User-agent: SearchBot2
User-agent: SearchBot3
Disallow: /search

47
cmd/robots2policy/testdata/consecutive.yaml vendored
View File

@@ -1,47 +0,0 @@
- action: WEIGH
expression: "true"
name: robots-txt-policy-crawl-delay-1
weight:
adjust: 3
- action: CHALLENGE
expression: path.startsWith("/admin")
name: robots-txt-policy-disallow-2
- action: DENY
expression:
any:
- userAgent.contains("BadBot")
- userAgent.contains("SpamBot")
- userAgent.contains("EvilBot")
name: robots-txt-policy-blacklist-3
- action: CHALLENGE
expression:
all:
- userAgent.contains("GoodBot")
- path.startsWith("/private")
name: robots-txt-policy-disallow-4
- action: WEIGH
expression:
any:
- userAgent.contains("SlowBot1")
- userAgent.contains("SlowBot2")
name: robots-txt-policy-crawl-delay-5
weight:
adjust: 3
- action: CHALLENGE
expression:
all:
- userAgent.contains("SearchBot1")
- path.startsWith("/search")
name: robots-txt-policy-disallow-7
- action: CHALLENGE
expression:
all:
- userAgent.contains("SearchBot2")
- path.startsWith("/search")
name: robots-txt-policy-disallow-8
- action: CHALLENGE
expression:
all:
- userAgent.contains("SearchBot3")
- path.startsWith("/search")
name: robots-txt-policy-disallow-9

2
cmd/robots2policy/testdata/empty.yaml vendored
View File

@@ -1 +1 @@
[]
[]

10
cmd/robots2policy/testdata/simple.json vendored
View File

@@ -1,12 +1,12 @@
[
{
"action": "CHALLENGE",
"expression": "path.startsWith(\"/admin/\")",
"name": "robots-txt-policy-disallow-1",
"action": "CHALLENGE"
"name": "robots-txt-policy-disallow-1"
},
{
"action": "CHALLENGE",
"expression": "path.startsWith(\"/private\")",
"name": "robots-txt-policy-disallow-2",
"action": "CHALLENGE"
"name": "robots-txt-policy-disallow-2"
}
]
]

4
data/apps/allow-api-routes.yaml
View File

@@ -2,5 +2,5 @@
action: ALLOW
expression:
all:
- '!(method == "HEAD" || method == "GET")'
- path.startsWith("/api/")
- '!(method == "HEAD" || method == "GET")'
- path.startsWith("/api/")

2
data/apps/gitea-rss-feeds.yaml
View File

@@ -4,4 +4,4 @@
path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.atom$
- name: gitea-feed-rss
action: ALLOW
path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.rss$
path_regex: ^/[.A-Za-z0-9_-]{1,256}?[./A-Za-z0-9_-]*\.rss$

5
data/apps/qualys-ssl-labs.yml
View File

@@ -3,6 +3,5 @@
- name: qualys-ssl-labs
action: ALLOW
remote_addresses:
- 69.67.183.0/24
- 2600:C02:1020:4202::/64
- 2602:fdaa:c6:2::/64
- 64.41.200.0/24
- 2600:C02:1020:4202::/64

4
data/apps/searx-checker.yml
View File

@@ -5,5 +5,5 @@
- name: searx-checker
action: ALLOW
remote_addresses:
- 167.235.158.251/32
- 2a01:4f8:1c1c:8fc2::1/128
- 167.235.158.251/32
- 2a01:4f8:1c1c:8fc2::1/128

29
data/botPolicies.json Normal file
View File

@@ -0,0 +1,29 @@
{
"bots": [
{
"import": "(data)/bots/_deny-pathological.yaml"
},
{
"import": "(data)/meta/ai-block-aggressive.yaml"
},
{
"import": "(data)/crawlers/_allow-good.yaml"
},
{
"import": "(data)/bots/aggressive-brazilian-scrapers.yaml"
},
{
"import": "(data)/common/keep-internet-working.yaml"
},
{
"name": "generic-browser",
"user_agent_regex": "Mozilla|Opera",
"action": "CHALLENGE"
}
],
"dnsbl": false,
"status_codes": {
"CHALLENGE": 200,
"DENY": 200
}
}

29
data/botPolicies.yaml
View File

@@ -11,12 +11,9 @@
## /usr/share/docs/anubis/data or in the tarball you extracted Anubis from.
bots:
# You can import the entire default config with this macro:
# - import: (data)/meta/default-config.yaml
# Pathological bots to deny
- # This correlates to data/bots/_deny-pathological.yaml in the source tree
# https://github.com/TecharoHQ/anubis/blob/main/data/bots/_deny-pathological.yaml
- # This correlates to data/bots/deny-pathological.yaml in the source tree
# https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml
import: (data)/bots/_deny-pathological.yaml
- import: (data)/bots/aggressive-brazilian-scrapers.yaml
@@ -50,7 +47,8 @@ bots:
# user_agent_regex: (?i:bot|crawler)
# action: CHALLENGE
# challenge:
# difficulty: 16 # impossible
# difficulty: 16 # impossible
# report_as: 4 # lie to the operator
# algorithm: slow # intentionally waste CPU cycles and time
# Requires a subscription to Thoth to use, see
@@ -204,6 +202,7 @@ thresholds:
# https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh
algorithm: metarefresh
difficulty: 1
report_as: 1
# For clients that are browser-like but have either gained points from custom rules or
# report as a standard browser.
- name: moderate-suspicion
@@ -216,21 +215,13 @@ thresholds:
# https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
algorithm: fast
difficulty: 2 # two leading zeros, very fast for most clients
- name: mild-proof-of-work
expression:
all:
- weight >= 20
- weight < 30
report_as: 2
# For clients that are browser like and have gained many points from custom rules
- name: extreme-suspicion
expression: weight >= 20
action: CHALLENGE
challenge:
# https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
algorithm: fast
difficulty: 4
# For clients that are browser like and have gained many points from custom rules
- name: extreme-suspicion
expression: weight >= 30
action: CHALLENGE
challenge:
# https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
algorithm: fast
difficulty: 6
report_as: 4

2
data/bots/_deny-pathological.yaml
View File

@@ -2,5 +2,3 @@
- import: (data)/bots/headless-browsers.yaml
- import: (data)/bots/us-ai-scraper.yaml
- import: (data)/bots/custom-async-http-client.yaml
- import: (data)/crawlers/alibaba-cloud.yaml
- import: (data)/crawlers/huawei-cloud.yaml

2
data/bots/ai-robots-txt.yaml
View File

@@ -4,5 +4,5 @@
# CCBot is allowed because if Common Crawl is allowed, then scrapers don't need to scrape to get the data.
- name: "ai-robots-txt"
user_agent_regex: >-
AddSearchBot|AI2Bot|Ai2Bot-Dolma|aiHitBot|Amazonbot|Andibot|anthropic-ai|Applebot|Applebot-Extended|Awario|bedrockbot|bigsur.ai|Brightbot 1.0|Bytespider|CCBot|ChatGPT Agent|ChatGPT-User|Claude-SearchBot|Claude-User|Claude-Web|ClaudeBot|CloudVertexBot|cohere-ai|cohere-training-data-crawler|Cotoyogi|Crawlspace|Datenbank Crawler|Devin|Diffbot|DuckAssistBot|Echobot Bot|EchoboxBot|FacebookBot|facebookexternalhit|Factset_spyderbot|FirecrawlAgent|FriendlyCrawler|Gemini-Deep-Research|Google-CloudVertexBot|Google-Extended|GoogleAgent-Mariner|GoogleOther|GoogleOther-Image|GoogleOther-Video|GPTBot|iaskspider/2.0|ICC-Crawler|ImagesiftBot|img2dataset|ISSCyberRiskCrawler|Kangaroo Bot|LinerBot|meta-externalagent|Meta-ExternalAgent|meta-externalfetcher|Meta-ExternalFetcher|MistralAI-User|MistralAI-User/1.0|MyCentralAIScraperBot|netEstate Imprint Crawler|NovaAct|OAI-SearchBot|omgili|omgilibot|OpenAI|Operator|PanguBot|Panscient|panscient.com|Perplexity-User|PerplexityBot|PetalBot|PhindBot|Poseidon Research Crawler|QualifiedBot|QuillBot|quillbot.com|SBIntuitionsBot|Scrapy|SemrushBot-OCOB|SemrushBot-SWA|Sidetrade indexer bot|Thinkbot|TikTokSpider|Timpibot|VelenPublicWebCrawler|WARDBot|Webzio-Extended|wpbot|YaK|YandexAdditional|YandexAdditionalBot|YouBot
AI2Bot|Ai2Bot-Dolma|aiHitBot|Amazonbot|Andibot|anthropic-ai|Applebot|Applebot-Extended|bedrockbot|Brightbot 1.0|Bytespider|ChatGPT-User|Claude-SearchBot|Claude-User|Claude-Web|ClaudeBot|cohere-ai|cohere-training-data-crawler|Cotoyogi|Crawlspace|Diffbot|DuckAssistBot|EchoboxBot|FacebookBot|facebookexternalhit|Factset_spyderbot|FirecrawlAgent|FriendlyCrawler|Google-CloudVertexBot|Google-Extended|GoogleOther|GoogleOther-Image|GoogleOther-Video|GPTBot|iaskspider/2.0|ICC-Crawler|ImagesiftBot|img2dataset|ISSCyberRiskCrawler|Kangaroo Bot|meta-externalagent|Meta-ExternalAgent|meta-externalfetcher|Meta-ExternalFetcher|MistralAI-User/1.0|MyCentralAIScraperBot|NovaAct|OAI-SearchBot|omgili|omgilibot|Operator|PanguBot|Panscient|panscient.com|Perplexity-User|PerplexityBot|PetalBot|PhindBot|Poseidon Research Crawler|QualifiedBot|QuillBot|quillbot.com|SBIntuitionsBot|Scrapy|SemrushBot|SemrushBot-BA|SemrushBot-CT|SemrushBot-OCOB|SemrushBot-SI|SemrushBot-SWA|Sidetrade indexer bot|TikTokSpider|Timpibot|VelenPublicWebCrawler|Webzio-Extended|wpbot|YandexAdditional|YandexAdditionalBot|YouBot
action: DENY

2
data/bots/headless-browsers.yaml
View File

@@ -6,4 +6,4 @@
action: DENY
- name: headless-chromium
user_agent_regex: HeadlessChromium
action: DENY
action: DENY

8
data/bots/irc-bots/archlinux-phrik.yaml
View File

@@ -3,7 +3,7 @@
action: ALLOW
expression:
all:
- remoteAddress == "159.69.213.214" || remoteAddress == "2a01:4f8:c2c:7bf4::1"
- userAgent == "Mozilla/5.0 (compatible; utils.web Limnoria module)"
- '"X-Http-Version" in headers'
- headers["X-Http-Version"] == "HTTP/1.1"
- remoteAddress == "159.69.213.214" || remoteAddress == "2a01:4f8:c2c:7bf4::1"
- userAgent == "Mozilla/5.0 (compatible; utils.web Limnoria module)"
- '"X-Http-Version" in headers'
- headers["X-Http-Version"] == "HTTP/1.1"

8
data/bots/irc-bots/gentoo-chat.yaml
View File

@@ -3,7 +3,7 @@
action: ALLOW
expression:
all:
- remoteAddress == "45.76.166.57"
- userAgent == "Mozilla/5.0 (Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0"
- '"X-Http-Version" in headers'
- headers["X-Http-Version"] == "HTTP/1.1"
- remoteAddress == "45.76.166.57"
- userAgent == "Mozilla/5.0 (Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0"
- '"X-Http-Version" in headers'
- headers["X-Http-Version"] == "HTTP/1.1"

2
data/bots/us-ai-scraper.yaml
View File

@@ -1,3 +1,3 @@
- name: us-artificial-intelligence-scraper
user_agent_regex: \+https\://github\.com/US-Artificial-Intelligence/scraper
action: DENY
action: DENY

2
data/clients/ai.yaml
View File

@@ -4,5 +4,5 @@
# - Claude-User: No published IP allowlist
- name: "ai-clients"
user_agent_regex: >-
ChatGPT-User|Claude-User|MistralAI-User|Perplexity-User
ChatGPT-User|Claude-User|MistralAI-User
action: DENY

60
data/clients/docker-client.yaml
View File

@@ -1,60 +0,0 @@
- name: allow-docker-client
action: ALLOW
expression:
all:
- path.startsWith("/v2/")
- userAgent.contains("docker/")
- userAgent.contains("git-commit/")
- '"Accept" in headers'
- headers["Accept"].contains("vnd.docker.distribution")
- '"Baggage" in headers'
- headers["Baggage"].contains("trigger")
- name: allow-crane-client
action: ALLOW
expression:
all:
- userAgent.contains("crane/")
- userAgent.contains("go-containerregistry/")
- name: allow-docker-distribution-api-client
action: ALLOW
expression:
all:
- '"Docker-Distribution-Api-Version" in headers'
- '!(userAgent.contains("Mozilla"))'
- name: allow-go-containerregistry-client
action: ALLOW
expression:
all:
- path.startsWith("/v2/")
- userAgent.contains("go-containerregistry/")
- name: allow-buildah
action: ALLOW
expression:
all:
- path.startsWith("/v2/")
- userAgent.contains("Buildah/")
- name: allow-podman
action: ALLOW
expression:
all:
- path.startsWith("/v2/")
- userAgent.contains("containers/")
- name: allow-containerd
action: ALLOW
expression:
all:
- path.startsWith("/v2/")
- userAgent.contains("containerd/")
- name: allow-renovate
action: ALLOW
expression:
all:
- path.startsWith("/v2/")
- userAgent.contains("Renovate/")

26
data/clients/git.yaml
View File

@@ -2,19 +2,13 @@
action: ALLOW
expression:
all:
- >
(
userAgent.startsWith("git/") ||
userAgent.contains("libgit") ||
userAgent.startsWith("go-git") ||
userAgent.startsWith("JGit/") ||
userAgent.startsWith("JGit-")
)
- '"Accept" in headers'
- headers["Accept"] == "*/*"
- '"Cache-Control" in headers'
- headers["Cache-Control"] == "no-cache"
- '"Pragma" in headers'
- headers["Pragma"] == "no-cache"
- '"Accept-Encoding" in headers'
- headers["Accept-Encoding"].contains("gzip")
- >
(
userAgent.startsWith("git/") ||
userAgent.contains("libgit") ||
userAgent.startsWith("go-git") ||
userAgent.startsWith("JGit/") ||
userAgent.startsWith("JGit-")
)
- '"Git-Protocol" in headers'
- headers["Git-Protocol"] == "version=2"

6
data/clients/go-get.yaml
View File

@@ -2,6 +2,6 @@
action: ALLOW
expression:
all:
- userAgent.startsWith("Go-http-client/")
- '"go-get" in query'
- query["go-get"] == "1"
- userAgent.startsWith("Go-http-client/")
- '"go-get" in query'
- query["go-get"] == "1"

5
data/clients/mistral-mistralai-user.yaml
View File

@@ -4,4 +4,7 @@
user_agent_regex: MistralAI-User/.+; \+https\://docs\.mistral\.ai/robots
action: ALLOW
# https://mistral.ai/mistralai-user-ips.json
remote_addresses: ["20.240.160.161/32", "20.240.160.1/32"]
remote_addresses: [
"20.240.160.161/32",
"20.240.160.1/32",
]

173
data/clients/openai-chatgpt-user.yaml
View File

@@ -5,90 +5,89 @@
action: ALLOW
# https://openai.com/chatgpt-user.json
# curl 'https://openai.com/chatgpt-user.json' | jq '.prefixes.[].ipv4Prefix' | sed 's/$/,/'
remote_addresses:
[
"13.65.138.112/28",
"23.98.179.16/28",
"13.65.138.96/28",
"172.183.222.128/28",
"20.102.212.144/28",
"40.116.73.208/28",
"172.183.143.224/28",
"52.190.190.16/28",
"13.83.237.176/28",
"51.8.155.64/28",
"74.249.86.176/28",
"51.8.155.48/28",
"20.55.229.144/28",
"135.237.131.208/28",
"135.237.133.48/28",
"51.8.155.112/28",
"135.237.133.112/28",
"52.159.249.96/28",
"52.190.137.16/28",
"52.255.111.112/28",
"40.84.181.32/28",
"172.178.141.112/28",
"52.190.142.64/28",
"172.178.140.144/28",
"52.190.137.144/28",
"172.178.141.128/28",
"57.154.187.32/28",
"4.196.118.112/28",
"20.193.50.32/28",
"20.215.188.192/28",
"20.215.214.16/28",
"4.197.22.112/28",
"4.197.115.112/28",
"172.213.21.16/28",
"172.213.11.144/28",
"172.213.12.112/28",
"172.213.21.144/28",
"20.90.7.144/28",
"57.154.175.0/28",
"57.154.174.112/28",
"52.236.94.144/28",
"137.135.191.176/28",
"23.98.186.192/28",
"23.98.186.96/28",
"23.98.186.176/28",
"23.98.186.64/28",
"68.221.67.192/28",
"68.221.67.160/28",
"13.83.167.128/28",
"20.228.106.176/28",
"52.159.227.32/28",
"68.220.57.64/28",
"172.213.21.112/28",
"68.221.67.224/28",
"68.221.75.16/28",
"20.97.189.96/28",
"52.252.113.240/28",
"52.230.163.32/28",
"172.212.159.64/28",
"52.255.111.80/28",
"52.255.111.0/28",
"4.151.241.240/28",
"52.255.111.32/28",
"52.255.111.48/28",
"52.255.111.16/28",
"52.230.164.176/28",
"52.176.139.176/28",
"52.173.234.16/28",
"4.151.71.176/28",
"4.151.119.48/28",
"52.255.109.112/28",
"52.255.109.80/28",
"20.161.75.208/28",
"68.154.28.96/28",
"52.255.109.128/28",
"52.225.75.208/28",
"52.190.139.48/28",
"68.221.67.240/28",
"52.156.77.144/28",
"52.148.129.32/28",
"40.84.221.208/28",
"104.210.139.224/28",
"40.84.221.224/28",
"104.210.139.192/28",
]
remote_addresses: [
"13.65.138.112/28",
"23.98.179.16/28",
"13.65.138.96/28",
"172.183.222.128/28",
"20.102.212.144/28",
"40.116.73.208/28",
"172.183.143.224/28",
"52.190.190.16/28",
"13.83.237.176/28",
"51.8.155.64/28",
"74.249.86.176/28",
"51.8.155.48/28",
"20.55.229.144/28",
"135.237.131.208/28",
"135.237.133.48/28",
"51.8.155.112/28",
"135.237.133.112/28",
"52.159.249.96/28",
"52.190.137.16/28",
"52.255.111.112/28",
"40.84.181.32/28",
"172.178.141.112/28",
"52.190.142.64/28",
"172.178.140.144/28",
"52.190.137.144/28",
"172.178.141.128/28",
"57.154.187.32/28",
"4.196.118.112/28",
"20.193.50.32/28",
"20.215.188.192/28",
"20.215.214.16/28",
"4.197.22.112/28",
"4.197.115.112/28",
"172.213.21.16/28",
"172.213.11.144/28",
"172.213.12.112/28",
"172.213.21.144/28",
"20.90.7.144/28",
"57.154.175.0/28",
"57.154.174.112/28",
"52.236.94.144/28",
"137.135.191.176/28",
"23.98.186.192/28",
"23.98.186.96/28",
"23.98.186.176/28",
"23.98.186.64/28",
"68.221.67.192/28",
"68.221.67.160/28",
"13.83.167.128/28",
"20.228.106.176/28",
"52.159.227.32/28",
"68.220.57.64/28",
"172.213.21.112/28",
"68.221.67.224/28",
"68.221.75.16/28",
"20.97.189.96/28",
"52.252.113.240/28",
"52.230.163.32/28",
"172.212.159.64/28",
"52.255.111.80/28",
"52.255.111.0/28",
"4.151.241.240/28",
"52.255.111.32/28",
"52.255.111.48/28",
"52.255.111.16/28",
"52.230.164.176/28",
"52.176.139.176/28",
"52.173.234.16/28",
"4.151.71.176/28",
"4.151.119.48/28",
"52.255.109.112/28",
"52.255.109.80/28",
"20.161.75.208/28",
"68.154.28.96/28",
"52.255.109.128/28",
"52.225.75.208/28",
"52.190.139.48/28",
"68.221.67.240/28",
"52.156.77.144/28",
"52.148.129.32/28",
"40.84.221.208/28",
"104.210.139.224/28",
"40.84.221.224/28",
"104.210.139.192/28",
]

8
data/clients/perplexity-user.yaml
View File

@@ -1,8 +0,0 @@
# Acts on behalf of user requests
# https://docs.perplexity.ai/guides/bots
- name: perplexity-user
user_agent_regex: Perplexity-User/.+; \+https\://perplexity\.ai/perplexity-user
action: ALLOW
# https://www.perplexity.com/perplexity-user.json
remote_addresses:
["44.208.221.197/32", "34.193.163.52/32", "18.97.21.0/30", "18.97.43.80/29"]

6
data/clients/telegram-preview.yaml
View File

@@ -1,6 +0,0 @@
- name: telegrambot
action: ALLOW
expression:
all:
- userAgent.matches("TelegramBot")
- verifyFCrDNS(remoteAddress, "ptr\\.telegram\\.org$")

6
data/clients/vk-preview.yaml
View File

@@ -1,6 +0,0 @@
- name: vkbot
action: ALLOW
expression:
all:
- userAgent.matches("vkShare[^+]+\\+http\\://vk\\.com/dev/Share")
- verifyFCrDNS(remoteAddress, "^snipster\\d+\\.go\\.mail\\.ru$")

55
data/common/acts-like-browser.yaml
View File

@@ -1,55 +0,0 @@
# Assert behaviour that only genuine browsers display. This ensures that modern Chrome
# or Firefox versions will get through without a challenge.
#
# These rules have been known to be bypassed by some of the worst automated scrapers.
# Use at your own risk.
- name: realistic-browser-catchall
expression:
all:
- '"User-Agent" in headers'
- '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
- '"Accept" in headers'
- '"Sec-Fetch-Dest" in headers'
- '"Sec-Fetch-Mode" in headers'
- '"Sec-Fetch-Site" in headers'
- '"Accept-Encoding" in headers'
- '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
- '"Accept-Language" in headers'
action: WEIGH
weight:
adjust: -10
# The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
- name: upgrade-insecure-requests
expression: '"Upgrade-Insecure-Requests" in headers'
action: WEIGH
weight:
adjust: -2
# Chrome should behave like Chrome
- name: chrome-is-proper
expression:
all:
- userAgent.contains("Chrome")
- '"Sec-Ch-Ua" in headers'
- 'headers["Sec-Ch-Ua"].contains("Chromium")'
- '"Sec-Ch-Ua-Mobile" in headers'
- '"Sec-Ch-Ua-Platform" in headers'
action: WEIGH
weight:
adjust: -5
- name: should-have-accept
expression: '!("Accept" in headers)'
action: WEIGH
weight:
adjust: 5
# Generic catchall rule
- name: generic-browser
user_agent_regex: >-
Mozilla|Opera
action: WEIGH
weight:
adjust: 10

4
data/common/allow-api-like.yaml
View File

@@ -2,5 +2,5 @@
action: ALLOW
expression:
all:
- '!(method == "HEAD" || method == "GET")'
- path.startsWith("/api/")
- '!(method == "HEAD" || method == "GET")'
- path.startsWith("/api/")

2
data/common/json-api.yaml
View File

@@ -4,4 +4,4 @@
all:
- '"Accept" in headers'
- 'headers["Accept"] == "application/json"'
- 'path.startsWith("/api/")'
- 'path.startsWith("/api/")'

10
data/common/keep-internet-working.yaml
View File

@@ -1,13 +1,13 @@
# Common "keeping the internet working" routes
- name: well-known
path_regex: ^/\.well-known/.*$
path_regex: ^/.well-known/.*$
action: ALLOW
- name: favicon
path_regex: ^/favicon\.(?:ico|png|gif|jpg|jpeg|svg)$
path_regex: ^/favicon.ico$
action: ALLOW
- name: robots-txt
path_regex: ^/robots\.txt$
path_regex: ^/robots.txt$
action: ALLOW
- name: sitemap
path_regex: ^/sitemap\.xml$
action: ALLOW
path_regex: ^/sitemap.xml$
action: ALLOW

2
data/common/rfc-violations.yaml
View File

@@ -1,3 +1,3 @@
- name: no-user-agent-string
action: DENY
expression: userAgent == ""
expression: userAgent == ""

2
data/crawlers/_allow-good.yaml
View File

@@ -8,5 +8,3 @@
- import: (data)/crawlers/marginalia.yaml
- import: (data)/crawlers/mojeekbot.yaml
- import: (data)/crawlers/commoncrawl.yaml
- import: (data)/crawlers/wikimedia-citoid.yaml
- import: (data)/crawlers/yandexbot.yaml

2
data/crawlers/ai-search.yaml
View File

@@ -4,5 +4,5 @@
# - Claude-SearchBot: No published IP allowlist
- name: "ai-crawlers-search"
user_agent_regex: >-
OAI-SearchBot|Claude-SearchBot|PerplexityBot
OAI-SearchBot|Claude-SearchBot
action: DENY

881
data/crawlers/alibaba-cloud.yaml
View File

@@ -1,881 +0,0 @@
- name: alibaba-cloud
action: DENY
# Updated 2025-08-20 from IP addresses for AS45102
remote_addresses:
- 103.81.186.0/23
- 110.76.21.0/24
- 110.76.23.0/24
- 116.251.64.0/18
- 139.95.0.0/23
- 139.95.10.0/23
- 139.95.12.0/23
- 139.95.14.0/23
- 139.95.16.0/23
- 139.95.18.0/23
- 139.95.2.0/23
- 139.95.4.0/23
- 139.95.6.0/23
- 139.95.64.0/24
- 139.95.8.0/23
- 14.1.112.0/22
- 14.1.115.0/24
- 140.205.1.0/24
- 140.205.122.0/24
- 147.139.0.0/17
- 147.139.0.0/18
- 147.139.128.0/17
- 147.139.128.0/18
- 147.139.155.0/24
- 147.139.192.0/18
- 147.139.64.0/18
- 149.129.0.0/20
- 149.129.0.0/21
- 149.129.16.0/23
- 149.129.192.0/18
- 149.129.192.0/19
- 149.129.224.0/19
- 149.129.32.0/19
- 149.129.64.0/18
- 149.129.64.0/19
- 149.129.8.0/21
- 149.129.96.0/19
- 156.227.20.0/24
- 156.236.12.0/24
- 156.236.17.0/24
- 156.240.76.0/23
- 156.245.1.0/24
- 161.117.0.0/16
- 161.117.0.0/17
- 161.117.126.0/24
- 161.117.127.0/24
- 161.117.128.0/17
- 161.117.128.0/24
- 161.117.129.0/24
- 161.117.138.0/24
- 161.117.143.0/24
- 170.33.104.0/24
- 170.33.105.0/24
- 170.33.106.0/24
- 170.33.107.0/24
- 170.33.136.0/24
- 170.33.137.0/24
- 170.33.138.0/24
- 170.33.20.0/24
- 170.33.21.0/24
- 170.33.22.0/24
- 170.33.23.0/24
- 170.33.24.0/24
- 170.33.29.0/24
- 170.33.30.0/24
- 170.33.31.0/24
- 170.33.32.0/24
- 170.33.33.0/24
- 170.33.34.0/24
- 170.33.35.0/24
- 170.33.64.0/24
- 170.33.65.0/24
- 170.33.66.0/24
- 170.33.68.0/24
- 170.33.69.0/24
- 170.33.72.0/24
- 170.33.73.0/24
- 170.33.76.0/24
- 170.33.77.0/24
- 170.33.78.0/24
- 170.33.79.0/24
- 170.33.80.0/24
- 170.33.81.0/24
- 170.33.82.0/24
- 170.33.83.0/24
- 170.33.84.0/24
- 170.33.85.0/24
- 170.33.86.0/24
- 170.33.88.0/24
- 170.33.90.0/24
- 170.33.92.0/24
- 170.33.93.0/24
- 185.78.106.0/23
- 198.11.128.0/18
- 198.11.137.0/24
- 198.11.184.0/21
- 202.144.199.0/24
- 203.107.64.0/24
- 203.107.65.0/24
- 203.107.66.0/24
- 203.107.67.0/24
- 203.107.68.0/24
- 205.204.102.0/23
- 205.204.111.0/24
- 205.204.117.0/24
- 205.204.125.0/24
- 205.204.96.0/19
- 223.5.5.0/24
- 223.6.6.0/24
- 2400:3200::/48
- 2400:3200:baba::/48
- 2400:b200:4100::/48
- 2400:b200:4101::/48
- 2400:b200:4102::/48
- 2400:b200:4103::/48
- 2401:8680:4100::/48
- 2401:b180:4100::/48
- 2404:2280:1000::/36
- 2404:2280:1000::/37
- 2404:2280:1800::/37
- 2404:2280:2000::/36
- 2404:2280:2000::/37
- 2404:2280:2800::/37
- 2404:2280:3000::/36
- 2404:2280:3000::/37
- 2404:2280:3800::/37
- 2404:2280:4000::/36
- 2404:2280:4000::/37
- 2404:2280:4800::/37
- 2408:4000:1000::/48
- 2408:4009:500::/48
- 240b:4000::/32
- 240b:4000::/33
- 240b:4000:8000::/33
- 240b:4000:fffe::/48
- 240b:4001::/32
- 240b:4001::/33
- 240b:4001:8000::/33
- 240b:4002::/32
- 240b:4002::/33
- 240b:4002:8000::/33
- 240b:4004::/32
- 240b:4004::/33
- 240b:4004:8000::/33
- 240b:4005::/32
- 240b:4005::/33
- 240b:4005:8000::/33
- 240b:4006::/48
- 240b:4006:1000::/44
- 240b:4006:1000::/45
- 240b:4006:1000::/47
- 240b:4006:1002::/47
- 240b:4006:1008::/45
- 240b:4006:1010::/44
- 240b:4006:1010::/45
- 240b:4006:1018::/45
- 240b:4006:1020::/44
- 240b:4006:1020::/45
- 240b:4006:1028::/45
- 240b:4007::/32
- 240b:4007::/33
- 240b:4007:8000::/33
- 240b:4009::/32
- 240b:4009::/33
- 240b:4009:8000::/33
- 240b:400b::/32
- 240b:400b::/33
- 240b:400b:8000::/33
- 240b:400c::/32
- 240b:400c::/33
- 240b:400c::/40
- 240b:400c::/41
- 240b:400c:100::/40
- 240b:400c:100::/41
- 240b:400c:180::/41
- 240b:400c:80::/41
- 240b:400c:8000::/33
- 240b:400c:f00::/48
- 240b:400c:f01::/48
- 240b:400c:ffff::/48
- 240b:400d::/32
- 240b:400d::/33
- 240b:400d:8000::/33
- 240b:400e::/32
- 240b:400e::/33
- 240b:400e:8000::/33
- 240b:400f::/32
- 240b:400f::/33
- 240b:400f:8000::/33
- 240b:4011::/32
- 240b:4011::/33
- 240b:4011:8000::/33
- 240b:4012::/48
- 240b:4013::/32
- 240b:4013::/33
- 240b:4013:8000::/33
- 240b:4014::/32
- 240b:4014::/33
- 240b:4014:8000::/33
- 43.100.0.0/15
- 43.100.0.0/16
- 43.101.0.0/16
- 43.102.0.0/20
- 43.102.112.0/20
- 43.102.16.0/20
- 43.102.32.0/20
- 43.102.48.0/20
- 43.102.64.0/20
- 43.102.80.0/20
- 43.102.96.0/20
- 43.103.0.0/17
- 43.103.0.0/18
- 43.103.64.0/18
- 43.104.0.0/15
- 43.104.0.0/16
- 43.105.0.0/16
- 43.108.0.0/17
- 43.108.0.0/18
- 43.108.64.0/18
- 43.91.0.0/16
- 43.91.0.0/17
- 43.91.128.0/17
- 43.96.10.0/24
- 43.96.100.0/24
- 43.96.101.0/24
- 43.96.102.0/24
- 43.96.104.0/24
- 43.96.11.0/24
- 43.96.20.0/24
- 43.96.21.0/24
- 43.96.23.0/24
- 43.96.24.0/24
- 43.96.25.0/24
- 43.96.3.0/24
- 43.96.32.0/24
- 43.96.33.0/24
- 43.96.34.0/24
- 43.96.35.0/24
- 43.96.4.0/24
- 43.96.40.0/24
- 43.96.5.0/24
- 43.96.52.0/24
- 43.96.6.0/24
- 43.96.66.0/24
- 43.96.67.0/24
- 43.96.68.0/24
- 43.96.69.0/24
- 43.96.7.0/24
- 43.96.70.0/24
- 43.96.71.0/24
- 43.96.72.0/24
- 43.96.73.0/24
- 43.96.74.0/24
- 43.96.75.0/24
- 43.96.8.0/24
- 43.96.80.0/24
- 43.96.81.0/24
- 43.96.84.0/24
- 43.96.85.0/24
- 43.96.86.0/24
- 43.96.88.0/24
- 43.96.9.0/24
- 43.96.96.0/24
- 43.98.0.0/16
- 43.98.0.0/17
- 43.98.128.0/17
- 43.99.0.0/16
- 43.99.0.0/17
- 43.99.128.0/17
- 45.199.179.0/24
- 47.235.0.0/22
- 47.235.0.0/23
- 47.235.1.0/24
- 47.235.10.0/23
- 47.235.10.0/24
- 47.235.11.0/24
- 47.235.12.0/23
- 47.235.12.0/24
- 47.235.13.0/24
- 47.235.16.0/23
- 47.235.16.0/24
- 47.235.18.0/23
- 47.235.18.0/24
- 47.235.19.0/24
- 47.235.2.0/23
- 47.235.20.0/24
- 47.235.21.0/24
- 47.235.22.0/24
- 47.235.23.0/24
- 47.235.24.0/22
- 47.235.24.0/23
- 47.235.26.0/23
- 47.235.28.0/23
- 47.235.28.0/24
- 47.235.29.0/24
- 47.235.30.0/24
- 47.235.31.0/24
- 47.235.4.0/24
- 47.235.5.0/24
- 47.235.6.0/23
- 47.235.6.0/24
- 47.235.7.0/24
- 47.235.8.0/24
- 47.235.9.0/24
- 47.236.0.0/15
- 47.236.0.0/16
- 47.237.0.0/16
- 47.237.32.0/20
- 47.237.34.0/24
- 47.238.0.0/15
- 47.238.0.0/16
- 47.239.0.0/16
- 47.240.0.0/16
- 47.240.0.0/17
- 47.240.128.0/17
- 47.241.0.0/16
- 47.241.0.0/17
- 47.241.128.0/17
- 47.242.0.0/15
- 47.242.0.0/16
- 47.243.0.0/16
- 47.244.0.0/16
- 47.244.0.0/17
- 47.244.128.0/17
- 47.244.73.0/24
- 47.245.0.0/18
- 47.245.0.0/19
- 47.245.128.0/17
- 47.245.128.0/18
- 47.245.192.0/18
- 47.245.32.0/19
- 47.245.64.0/18
- 47.245.64.0/19
- 47.245.96.0/19
- 47.246.100.0/22
- 47.246.104.0/21
- 47.246.104.0/22
- 47.246.108.0/22
- 47.246.120.0/24
- 47.246.122.0/24
- 47.246.123.0/24
- 47.246.124.0/24
- 47.246.125.0/24
- 47.246.128.0/22
- 47.246.128.0/23
- 47.246.130.0/23
- 47.246.132.0/22
- 47.246.132.0/23
- 47.246.134.0/23
- 47.246.136.0/21
- 47.246.136.0/22
- 47.246.140.0/22
- 47.246.144.0/23
- 47.246.144.0/24
- 47.246.145.0/24
- 47.246.146.0/23
- 47.246.146.0/24
- 47.246.147.0/24
- 47.246.150.0/23
- 47.246.150.0/24
- 47.246.151.0/24
- 47.246.152.0/23
- 47.246.152.0/24
- 47.246.153.0/24
- 47.246.154.0/24
- 47.246.155.0/24
- 47.246.156.0/22
- 47.246.156.0/23
- 47.246.158.0/23
- 47.246.160.0/20
- 47.246.160.0/21
- 47.246.168.0/21
- 47.246.176.0/20
- 47.246.176.0/21
- 47.246.184.0/21
- 47.246.192.0/22
- 47.246.192.0/23
- 47.246.194.0/23
- 47.246.196.0/22
- 47.246.196.0/23
- 47.246.198.0/23
- 47.246.32.0/22
- 47.246.66.0/24
- 47.246.67.0/24
- 47.246.68.0/23
- 47.246.68.0/24
- 47.246.69.0/24
- 47.246.72.0/21
- 47.246.72.0/22
- 47.246.76.0/22
- 47.246.80.0/24
- 47.246.82.0/23
- 47.246.82.0/24
- 47.246.83.0/24
- 47.246.84.0/22
- 47.246.84.0/23
- 47.246.86.0/23
- 47.246.88.0/22
- 47.246.88.0/23
- 47.246.90.0/23
- 47.246.92.0/23
- 47.246.92.0/24
- 47.246.93.0/24
- 47.246.96.0/21
- 47.246.96.0/22
- 47.250.0.0/17
- 47.250.0.0/18
- 47.250.128.0/17
- 47.250.128.0/18
- 47.250.192.0/18
- 47.250.64.0/18
- 47.250.99.0/24
- 47.251.0.0/16
- 47.251.0.0/17
- 47.251.128.0/17
- 47.251.224.0/22
- 47.252.0.0/17
- 47.252.0.0/18
- 47.252.128.0/17
- 47.252.128.0/18
- 47.252.192.0/18
- 47.252.64.0/18
- 47.252.67.0/24
- 47.253.0.0/16
- 47.253.0.0/17
- 47.253.128.0/17
- 47.254.0.0/17
- 47.254.0.0/18
- 47.254.113.0/24
- 47.254.128.0/18
- 47.254.128.0/19
- 47.254.160.0/19
- 47.254.192.0/18
- 47.254.192.0/19
- 47.254.224.0/19
- 47.254.64.0/18
- 47.52.0.0/16
- 47.52.0.0/17
- 47.52.128.0/17
- 47.56.0.0/15
- 47.56.0.0/16
- 47.57.0.0/16
- 47.74.0.0/18
- 47.74.0.0/19
- 47.74.0.0/21
- 47.74.128.0/17
- 47.74.128.0/18
- 47.74.192.0/18
- 47.74.32.0/19
- 47.74.64.0/18
- 47.74.64.0/19
- 47.74.96.0/19
- 47.75.0.0/16
- 47.75.0.0/17
- 47.75.128.0/17
- 47.76.0.0/16
- 47.76.0.0/17
- 47.76.128.0/17
- 47.77.0.0/22
- 47.77.0.0/23
- 47.77.104.0/21
- 47.77.12.0/22
- 47.77.128.0/17
- 47.77.128.0/18
- 47.77.128.0/21
- 47.77.136.0/21
- 47.77.144.0/21
- 47.77.152.0/21
- 47.77.16.0/21
- 47.77.16.0/22
- 47.77.192.0/18
- 47.77.2.0/23
- 47.77.20.0/22
- 47.77.24.0/22
- 47.77.24.0/23
- 47.77.26.0/23
- 47.77.32.0/19
- 47.77.32.0/20
- 47.77.4.0/22
- 47.77.4.0/23
- 47.77.48.0/20
- 47.77.6.0/23
- 47.77.64.0/19
- 47.77.64.0/20
- 47.77.8.0/21
- 47.77.8.0/22
- 47.77.80.0/20
- 47.77.96.0/20
- 47.77.96.0/21
- 47.78.0.0/17
- 47.78.128.0/17
- 47.79.0.0/20
- 47.79.0.0/21
- 47.79.104.0/21
- 47.79.112.0/20
- 47.79.128.0/19
- 47.79.128.0/20
- 47.79.144.0/20
- 47.79.16.0/20
- 47.79.16.0/21
- 47.79.192.0/18
- 47.79.192.0/19
- 47.79.224.0/19
- 47.79.24.0/21
- 47.79.32.0/20
- 47.79.32.0/21
- 47.79.40.0/21
- 47.79.48.0/20
- 47.79.48.0/21
- 47.79.52.0/23
- 47.79.54.0/23
- 47.79.56.0/21
- 47.79.56.0/23
- 47.79.58.0/23
- 47.79.60.0/23
- 47.79.62.0/23
- 47.79.64.0/20
- 47.79.64.0/21
- 47.79.72.0/21
- 47.79.8.0/21
- 47.79.80.0/20
- 47.79.80.0/21
- 47.79.83.0/24
- 47.79.88.0/21
- 47.79.96.0/19
- 47.79.96.0/20
- 47.80.0.0/18
- 47.80.0.0/19
- 47.80.128.0/17
- 47.80.128.0/18
- 47.80.192.0/18
- 47.80.32.0/19
- 47.80.64.0/18
- 47.80.64.0/19
- 47.80.96.0/19
- 47.81.0.0/18
- 47.81.0.0/19
- 47.81.128.0/17
- 47.81.128.0/18
- 47.81.192.0/18
- 47.81.32.0/19
- 47.81.64.0/18
- 47.81.64.0/19
- 47.81.96.0/19
- 47.82.0.0/18
- 47.82.0.0/19
- 47.82.10.0/23
- 47.82.12.0/23
- 47.82.128.0/17
- 47.82.128.0/18
- 47.82.14.0/23
- 47.82.192.0/18
- 47.82.32.0/19
- 47.82.32.0/21
- 47.82.40.0/21
- 47.82.48.0/21
- 47.82.56.0/21
- 47.82.64.0/18
- 47.82.64.0/19
- 47.82.8.0/23
- 47.82.96.0/19
- 47.83.0.0/16
- 47.83.0.0/17
- 47.83.128.0/17
- 47.83.32.0/21
- 47.83.40.0/21
- 47.83.48.0/21
- 47.83.56.0/21
- 47.84.0.0/16
- 47.84.0.0/17
- 47.84.128.0/17
- 47.84.144.0/21
- 47.84.152.0/21
- 47.84.160.0/21
- 47.84.168.0/21
- 47.85.0.0/16
- 47.85.0.0/17
- 47.85.112.0/22
- 47.85.112.0/23
- 47.85.114.0/23
- 47.85.128.0/17
- 47.86.0.0/16
- 47.86.0.0/17
- 47.86.128.0/17
- 47.87.0.0/18
- 47.87.0.0/19
- 47.87.128.0/18
- 47.87.128.0/19
- 47.87.160.0/19
- 47.87.192.0/22
- 47.87.192.0/23
- 47.87.194.0/23
- 47.87.196.0/22
- 47.87.196.0/23
- 47.87.198.0/23
- 47.87.200.0/22
- 47.87.200.0/23
- 47.87.202.0/23
- 47.87.204.0/22
- 47.87.204.0/23
- 47.87.206.0/23
- 47.87.208.0/22
- 47.87.208.0/23
- 47.87.210.0/23
- 47.87.212.0/22
- 47.87.212.0/23
- 47.87.214.0/23
- 47.87.216.0/22
- 47.87.216.0/23
- 47.87.218.0/23
- 47.87.220.0/22
- 47.87.220.0/23
- 47.87.222.0/23
- 47.87.224.0/22
- 47.87.224.0/23
- 47.87.226.0/23
- 47.87.228.0/22
- 47.87.228.0/23
- 47.87.230.0/23
- 47.87.232.0/22
- 47.87.232.0/23
- 47.87.234.0/23
- 47.87.236.0/22
- 47.87.236.0/23
- 47.87.238.0/23
- 47.87.240.0/22
- 47.87.240.0/23
- 47.87.242.0/23
- 47.87.32.0/19
- 47.87.64.0/18
- 47.87.64.0/19
- 47.87.96.0/19
- 47.88.0.0/17
- 47.88.0.0/18
- 47.88.109.0/24
- 47.88.128.0/17
- 47.88.128.0/18
- 47.88.135.0/24
- 47.88.192.0/18
- 47.88.41.0/24
- 47.88.42.0/24
- 47.88.43.0/24
- 47.88.64.0/18
- 47.89.0.0/18
- 47.89.0.0/19
- 47.89.100.0/24
- 47.89.101.0/24
- 47.89.102.0/24
- 47.89.103.0/24
- 47.89.104.0/21
- 47.89.104.0/22
- 47.89.108.0/22
- 47.89.122.0/24
- 47.89.123.0/24
- 47.89.124.0/23
- 47.89.124.0/24
- 47.89.125.0/24
- 47.89.128.0/18
- 47.89.128.0/19
- 47.89.160.0/19
- 47.89.192.0/18
- 47.89.192.0/19
- 47.89.221.0/24
- 47.89.224.0/19
- 47.89.32.0/19
- 47.89.72.0/22
- 47.89.72.0/23
- 47.89.74.0/23
- 47.89.76.0/22
- 47.89.76.0/23
- 47.89.78.0/23
- 47.89.80.0/23
- 47.89.82.0/23
- 47.89.84.0/24
- 47.89.88.0/22
- 47.89.88.0/23
- 47.89.90.0/23
- 47.89.92.0/22
- 47.89.92.0/23
- 47.89.94.0/23
- 47.89.96.0/24
- 47.89.97.0/24
- 47.89.98.0/23
- 47.89.99.0/24
- 47.90.0.0/17
- 47.90.0.0/18
- 47.90.128.0/17
- 47.90.128.0/18
- 47.90.172.0/24
- 47.90.173.0/24
- 47.90.174.0/24
- 47.90.175.0/24
- 47.90.192.0/18
- 47.90.64.0/18
- 47.91.0.0/19
- 47.91.0.0/20
- 47.91.112.0/20
- 47.91.128.0/17
- 47.91.128.0/18
- 47.91.16.0/20
- 47.91.192.0/18
- 47.91.32.0/19
- 47.91.32.0/20
- 47.91.48.0/20
- 47.91.64.0/19
- 47.91.64.0/20
- 47.91.80.0/20
- 47.91.96.0/19
- 47.91.96.0/20
- 5.181.224.0/23
- 59.82.136.0/23
- 8.208.0.0/16
- 8.208.0.0/17
- 8.208.0.0/18
- 8.208.0.0/19
- 8.208.128.0/17
- 8.208.141.0/24
- 8.208.32.0/19
- 8.209.0.0/19
- 8.209.0.0/20
- 8.209.128.0/18
- 8.209.128.0/19
- 8.209.16.0/20
- 8.209.160.0/19
- 8.209.192.0/18
- 8.209.192.0/19
- 8.209.224.0/19
- 8.209.36.0/23
- 8.209.36.0/24
- 8.209.37.0/24
- 8.209.38.0/23
- 8.209.38.0/24
- 8.209.39.0/24
- 8.209.40.0/22
- 8.209.40.0/23
- 8.209.42.0/23
- 8.209.44.0/22
- 8.209.44.0/23
- 8.209.46.0/23
- 8.209.48.0/20
- 8.209.48.0/21
- 8.209.56.0/21
- 8.209.64.0/18
- 8.209.64.0/19
- 8.209.96.0/19
- 8.210.0.0/16
- 8.210.0.0/17
- 8.210.128.0/17
- 8.210.240.0/24
- 8.211.0.0/17
- 8.211.0.0/18
- 8.211.104.0/21
- 8.211.128.0/18
- 8.211.128.0/19
- 8.211.160.0/19
- 8.211.192.0/18
- 8.211.192.0/19
- 8.211.224.0/19
- 8.211.226.0/24
- 8.211.64.0/18
- 8.211.80.0/21
- 8.211.88.0/21
- 8.211.96.0/21
- 8.212.0.0/17
- 8.212.0.0/18
- 8.212.128.0/18
- 8.212.128.0/19
- 8.212.160.0/19
- 8.212.192.0/18
- 8.212.192.0/19
- 8.212.224.0/19
- 8.212.64.0/18
- 8.213.0.0/17
- 8.213.0.0/18
- 8.213.128.0/19
- 8.213.128.0/20
- 8.213.144.0/20
- 8.213.160.0/21
- 8.213.160.0/22
- 8.213.164.0/22
- 8.213.176.0/20
- 8.213.176.0/21
- 8.213.184.0/21
- 8.213.192.0/18
- 8.213.192.0/19
- 8.213.224.0/19
- 8.213.251.0/24
- 8.213.252.0/24
- 8.213.253.0/24
- 8.213.64.0/18
- 8.214.0.0/16
- 8.214.0.0/17
- 8.214.128.0/17
- 8.215.0.0/16
- 8.215.0.0/17
- 8.215.128.0/17
- 8.215.160.0/24
- 8.215.162.0/23
- 8.215.168.0/24
- 8.215.169.0/24
- 8.216.0.0/17
- 8.216.0.0/18
- 8.216.128.0/17
- 8.216.128.0/18
- 8.216.148.0/24
- 8.216.192.0/18
- 8.216.64.0/18
- 8.216.69.0/24
- 8.216.74.0/24
- 8.217.0.0/16
- 8.217.0.0/17
- 8.217.128.0/17
- 8.218.0.0/16
- 8.218.0.0/17
- 8.218.128.0/17
- 8.219.0.0/16
- 8.219.0.0/17
- 8.219.128.0/17
- 8.219.40.0/21
- 8.220.116.0/24
- 8.220.128.0/18
- 8.220.128.0/19
- 8.220.147.0/24
- 8.220.160.0/19
- 8.220.192.0/18
- 8.220.192.0/19
- 8.220.224.0/19
- 8.220.229.0/24
- 8.220.64.0/18
- 8.220.64.0/19
- 8.220.96.0/19
- 8.221.0.0/17
- 8.221.0.0/18
- 8.221.0.0/21
- 8.221.128.0/17
- 8.221.128.0/18
- 8.221.184.0/22
- 8.221.188.0/22
- 8.221.192.0/18
- 8.221.192.0/21
- 8.221.200.0/21
- 8.221.208.0/21
- 8.221.216.0/21
- 8.221.48.0/21
- 8.221.56.0/21
- 8.221.64.0/18
- 8.221.8.0/21
- 8.222.0.0/20
- 8.222.0.0/21
- 8.222.112.0/20
- 8.222.128.0/17
- 8.222.128.0/18
- 8.222.16.0/20
- 8.222.16.0/21
- 8.222.192.0/18
- 8.222.24.0/21
- 8.222.32.0/20
- 8.222.32.0/21
- 8.222.40.0/21
- 8.222.48.0/20
- 8.222.48.0/21
- 8.222.56.0/21
- 8.222.64.0/20
- 8.222.64.0/21
- 8.222.72.0/21
- 8.222.8.0/21
- 8.222.80.0/20
- 8.222.80.0/21
- 8.222.88.0/21
- 8.222.96.0/19
- 8.222.96.0/20
- 8.223.0.0/17
- 8.223.0.0/18
- 8.223.128.0/17
- 8.223.128.0/18
- 8.223.192.0/18
- 8.223.64.0/18

29
data/crawlers/applebot.yaml
View File

@@ -4,18 +4,17 @@
user_agent_regex: Applebot
action: ALLOW
# https://search.developer.apple.com/applebot.json
remote_addresses:
[
"17.241.208.160/27",
"17.241.193.160/27",
"17.241.200.160/27",
"17.22.237.0/24",
"17.22.245.0/24",
"17.22.253.0/24",
"17.241.75.0/24",
"17.241.219.0/24",
"17.241.227.0/24",
"17.246.15.0/24",
"17.246.19.0/24",
"17.246.23.0/24",
]
remote_addresses: [
"17.241.208.160/27",
"17.241.193.160/27",
"17.241.200.160/27",
"17.22.237.0/24",
"17.22.245.0/24",
"17.22.253.0/24",
"17.241.75.0/24",
"17.241.219.0/24",
"17.241.227.0/24",
"17.246.15.0/24",
"17.246.19.0/24",
"17.246.23.0/24",
]

61
data/crawlers/bingbot.yaml
View File

@@ -2,34 +2,33 @@
user_agent_regex: \+http\://www\.bing\.com/bingbot\.htm
action: ALLOW
# https://www.bing.com/toolbox/bingbot.json
remote_addresses:
[
"157.55.39.0/24",
"207.46.13.0/24",
"40.77.167.0/24",
"13.66.139.0/24",
"13.66.144.0/24",
"52.167.144.0/24",
"13.67.10.16/28",
"13.69.66.240/28",
"13.71.172.224/28",
"139.217.52.0/28",
"191.233.204.224/28",
"20.36.108.32/28",
"20.43.120.16/28",
"40.79.131.208/28",
"40.79.186.176/28",
"52.231.148.0/28",
"20.79.107.240/28",
"51.105.67.0/28",
"20.125.163.80/28",
"40.77.188.0/22",
"65.55.210.0/24",
"199.30.24.0/23",
"40.77.202.0/24",
"40.77.139.0/25",
"20.74.197.0/28",
"20.15.133.160/27",
"40.77.177.0/24",
"40.77.178.0/23",
]
remote_addresses: [
"157.55.39.0/24",
"207.46.13.0/24",
"40.77.167.0/24",
"13.66.139.0/24",
"13.66.144.0/24",
"52.167.144.0/24",
"13.67.10.16/28",
"13.69.66.240/28",
"13.71.172.224/28",
"139.217.52.0/28",
"191.233.204.224/28",
"20.36.108.32/28",
"20.43.120.16/28",
"40.79.131.208/28",
"40.79.186.176/28",
"52.231.148.0/28",
"20.79.107.240/28",
"51.105.67.0/28",
"20.125.163.80/28",
"40.77.188.0/22",
"65.55.210.0/24",
"199.30.24.0/23",
"40.77.202.0/24",
"40.77.139.0/25",
"20.74.197.0/28",
"20.15.133.160/27",
"40.77.177.0/24",
"40.77.178.0/23"
]

543
data/crawlers/duckduckbot.yaml
View File

@@ -2,275 +2,274 @@
user_agent_regex: DuckDuckBot/1\.1; \(\+http\://duckduckgo\.com/duckduckbot\.html\)
action: ALLOW
# https://duckduckgo.com/duckduckgo-help-pages/results/duckduckbot
remote_addresses:
[
"57.152.72.128/32",
"51.8.253.152/32",
"40.80.242.63/32",
"20.12.141.99/32",
"20.49.136.28/32",
"51.116.131.221/32",
"51.107.40.209/32",
"20.40.133.240/32",
"20.50.168.91/32",
"51.120.48.122/32",
"20.193.45.113/32",
"40.76.173.151/32",
"40.76.163.7/32",
"20.185.79.47/32",
"52.142.26.175/32",
"20.185.79.15/32",
"52.142.24.149/32",
"40.76.162.208/32",
"40.76.163.23/32",
"40.76.162.191/32",
"40.76.162.247/32",
"40.88.21.235/32",
"20.191.45.212/32",
"52.146.59.12/32",
"52.146.59.156/32",
"52.146.59.154/32",
"52.146.58.236/32",
"20.62.224.44/32",
"51.104.180.53/32",
"51.104.180.47/32",
"51.104.180.26/32",
"51.104.146.225/32",
"51.104.146.235/32",
"20.73.202.147/32",
"20.73.132.240/32",
"20.71.12.143/32",
"20.56.197.58/32",
"20.56.197.63/32",
"20.43.150.93/32",
"20.43.150.85/32",
"20.44.222.1/32",
"40.89.243.175/32",
"13.89.106.77/32",
"52.143.242.6/32",
"52.143.241.111/32",
"52.154.60.82/32",
"20.197.209.11/32",
"20.197.209.27/32",
"20.226.133.105/32",
"191.234.216.4/32",
"191.234.216.178/32",
"20.53.92.211/32",
"20.53.91.2/32",
"20.207.99.197/32",
"20.207.97.190/32",
"40.81.250.205/32",
"40.64.106.11/32",
"40.64.105.247/32",
"20.72.242.93/32",
"20.99.255.235/32",
"20.113.3.121/32",
"52.224.16.221/32",
"52.224.21.53/32",
"52.224.20.204/32",
"52.224.21.19/32",
"52.224.20.249/32",
"52.224.20.203/32",
"52.224.20.190/32",
"52.224.16.229/32",
"52.224.21.20/32",
"52.146.63.80/32",
"52.224.20.227/32",
"52.224.20.193/32",
"52.190.37.160/32",
"52.224.21.23/32",
"52.224.20.223/32",
"52.224.20.181/32",
"52.224.21.49/32",
"52.224.21.55/32",
"52.224.21.61/32",
"52.224.19.152/32",
"52.224.20.186/32",
"52.224.21.27/32",
"52.224.21.51/32",
"52.224.20.174/32",
"52.224.21.4/32",
"51.104.164.109/32",
"51.104.167.71/32",
"51.104.160.177/32",
"51.104.162.149/32",
"51.104.167.95/32",
"51.104.167.54/32",
"51.104.166.111/32",
"51.104.167.88/32",
"51.104.161.32/32",
"51.104.163.250/32",
"51.104.164.189/32",
"51.104.167.19/32",
"51.104.160.167/32",
"51.104.167.110/32",
"20.191.44.119/32",
"51.104.167.104/32",
"20.191.44.234/32",
"51.104.164.215/32",
"51.104.167.52/32",
"20.191.44.22/32",
"51.104.167.87/32",
"51.104.167.96/32",
"20.191.44.16/32",
"51.104.167.61/32",
"51.104.164.147/32",
"20.50.48.159/32",
"40.114.182.172/32",
"20.50.50.130/32",
"20.50.50.163/32",
"20.50.50.46/32",
"40.114.182.153/32",
"20.50.50.118/32",
"20.50.49.55/32",
"20.50.49.25/32",
"40.114.183.251/32",
"20.50.50.123/32",
"20.50.49.237/32",
"20.50.48.192/32",
"20.50.50.134/32",
"51.138.90.233/32",
"40.114.183.196/32",
"20.50.50.146/32",
"40.114.183.88/32",
"20.50.50.145/32",
"20.50.50.121/32",
"20.50.49.40/32",
"51.138.90.206/32",
"40.114.182.45/32",
"51.138.90.161/32",
"20.50.49.0/32",
"40.119.232.215/32",
"104.43.55.167/32",
"40.119.232.251/32",
"40.119.232.50/32",
"40.119.232.146/32",
"40.119.232.218/32",
"104.43.54.127/32",
"104.43.55.117/32",
"104.43.55.116/32",
"104.43.55.166/32",
"52.154.169.50/32",
"52.154.171.70/32",
"52.154.170.229/32",
"52.154.170.113/32",
"52.154.171.44/32",
"52.154.172.2/32",
"52.143.244.81/32",
"52.154.171.87/32",
"52.154.171.250/32",
"52.154.170.28/32",
"52.154.170.122/32",
"52.143.243.117/32",
"52.143.247.235/32",
"52.154.171.235/32",
"52.154.171.196/32",
"52.154.171.0/32",
"52.154.170.243/32",
"52.154.170.26/32",
"52.154.169.200/32",
"52.154.170.96/32",
"52.154.170.88/32",
"52.154.171.150/32",
"52.154.171.205/32",
"52.154.170.117/32",
"52.154.170.209/32",
"191.235.202.48/32",
"191.233.3.202/32",
"191.235.201.214/32",
"191.233.3.197/32",
"191.235.202.38/32",
"20.53.78.144/32",
"20.193.24.10/32",
"20.53.78.236/32",
"20.53.78.138/32",
"20.53.78.123/32",
"20.53.78.106/32",
"20.193.27.215/32",
"20.193.25.197/32",
"20.193.12.126/32",
"20.193.24.251/32",
"20.204.242.101/32",
"20.207.72.113/32",
"20.204.242.19/32",
"20.219.45.67/32",
"20.207.72.11/32",
"20.219.45.190/32",
"20.204.243.55/32",
"20.204.241.148/32",
"20.207.72.110/32",
"20.204.240.172/32",
"20.207.72.21/32",
"20.204.246.81/32",
"20.207.107.181/32",
"20.204.246.254/32",
"20.219.43.246/32",
"52.149.25.43/32",
"52.149.61.51/32",
"52.149.58.139/32",
"52.149.60.38/32",
"52.148.165.38/32",
"52.143.95.162/32",
"52.149.56.151/32",
"52.149.30.45/32",
"52.149.58.173/32",
"52.143.95.204/32",
"52.149.28.83/32",
"52.149.58.69/32",
"52.148.161.87/32",
"52.149.58.27/32",
"52.149.28.18/32",
"20.79.226.26/32",
"20.79.239.66/32",
"20.79.238.198/32",
"20.113.14.159/32",
"20.75.144.152/32",
"20.43.172.120/32",
"20.53.134.160/32",
"20.201.15.208/32",
"20.93.28.24/32",
"20.61.34.40/32",
"52.242.224.168/32",
"20.80.129.80/32",
"20.195.108.47/32",
"4.195.133.120/32",
"4.228.76.163/32",
"4.182.131.108/32",
"4.209.224.56/32",
"108.141.83.74/32",
"4.213.46.14/32",
"172.169.17.165/32",
"51.8.71.117/32",
"20.3.1.178/32",
"52.149.56.151/32",
"52.149.30.45/32",
"52.149.58.173/32",
"52.143.95.204/32",
"52.149.28.83/32",
"52.149.58.69/32",
"52.148.161.87/32",
"52.149.58.27/32",
"52.149.28.18/32",
"20.79.226.26/32",
"20.79.239.66/32",
"20.79.238.198/32",
"20.113.14.159/32",
"20.75.144.152/32",
"20.43.172.120/32",
"20.53.134.160/32",
"20.201.15.208/32",
"20.93.28.24/32",
"20.61.34.40/32",
"52.242.224.168/32",
"20.80.129.80/32",
"20.195.108.47/32",
"4.195.133.120/32",
"4.228.76.163/32",
"4.182.131.108/32",
"4.209.224.56/32",
"108.141.83.74/32",
"4.213.46.14/32",
"172.169.17.165/32",
"51.8.71.117/32",
"20.3.1.178/32",
]
remote_addresses: [
"57.152.72.128/32",
"51.8.253.152/32",
"40.80.242.63/32",
"20.12.141.99/32",
"20.49.136.28/32",
"51.116.131.221/32",
"51.107.40.209/32",
"20.40.133.240/32",
"20.50.168.91/32",
"51.120.48.122/32",
"20.193.45.113/32",
"40.76.173.151/32",
"40.76.163.7/32",
"20.185.79.47/32",
"52.142.26.175/32",
"20.185.79.15/32",
"52.142.24.149/32",
"40.76.162.208/32",
"40.76.163.23/32",
"40.76.162.191/32",
"40.76.162.247/32",
"40.88.21.235/32",
"20.191.45.212/32",
"52.146.59.12/32",
"52.146.59.156/32",
"52.146.59.154/32",
"52.146.58.236/32",
"20.62.224.44/32",
"51.104.180.53/32",
"51.104.180.47/32",
"51.104.180.26/32",
"51.104.146.225/32",
"51.104.146.235/32",
"20.73.202.147/32",
"20.73.132.240/32",
"20.71.12.143/32",
"20.56.197.58/32",
"20.56.197.63/32",
"20.43.150.93/32",
"20.43.150.85/32",
"20.44.222.1/32",
"40.89.243.175/32",
"13.89.106.77/32",
"52.143.242.6/32",
"52.143.241.111/32",
"52.154.60.82/32",
"20.197.209.11/32",
"20.197.209.27/32",
"20.226.133.105/32",
"191.234.216.4/32",
"191.234.216.178/32",
"20.53.92.211/32",
"20.53.91.2/32",
"20.207.99.197/32",
"20.207.97.190/32",
"40.81.250.205/32",
"40.64.106.11/32",
"40.64.105.247/32",
"20.72.242.93/32",
"20.99.255.235/32",
"20.113.3.121/32",
"52.224.16.221/32",
"52.224.21.53/32",
"52.224.20.204/32",
"52.224.21.19/32",
"52.224.20.249/32",
"52.224.20.203/32",
"52.224.20.190/32",
"52.224.16.229/32",
"52.224.21.20/32",
"52.146.63.80/32",
"52.224.20.227/32",
"52.224.20.193/32",
"52.190.37.160/32",
"52.224.21.23/32",
"52.224.20.223/32",
"52.224.20.181/32",
"52.224.21.49/32",
"52.224.21.55/32",
"52.224.21.61/32",
"52.224.19.152/32",
"52.224.20.186/32",
"52.224.21.27/32",
"52.224.21.51/32",
"52.224.20.174/32",
"52.224.21.4/32",
"51.104.164.109/32",
"51.104.167.71/32",
"51.104.160.177/32",
"51.104.162.149/32",
"51.104.167.95/32",
"51.104.167.54/32",
"51.104.166.111/32",
"51.104.167.88/32",
"51.104.161.32/32",
"51.104.163.250/32",
"51.104.164.189/32",
"51.104.167.19/32",
"51.104.160.167/32",
"51.104.167.110/32",
"20.191.44.119/32",
"51.104.167.104/32",
"20.191.44.234/32",
"51.104.164.215/32",
"51.104.167.52/32",
"20.191.44.22/32",
"51.104.167.87/32",
"51.104.167.96/32",
"20.191.44.16/32",
"51.104.167.61/32",
"51.104.164.147/32",
"20.50.48.159/32",
"40.114.182.172/32",
"20.50.50.130/32",
"20.50.50.163/32",
"20.50.50.46/32",
"40.114.182.153/32",
"20.50.50.118/32",
"20.50.49.55/32",
"20.50.49.25/32",
"40.114.183.251/32",
"20.50.50.123/32",
"20.50.49.237/32",
"20.50.48.192/32",
"20.50.50.134/32",
"51.138.90.233/32",
"40.114.183.196/32",
"20.50.50.146/32",
"40.114.183.88/32",
"20.50.50.145/32",
"20.50.50.121/32",
"20.50.49.40/32",
"51.138.90.206/32",
"40.114.182.45/32",
"51.138.90.161/32",
"20.50.49.0/32",
"40.119.232.215/32",
"104.43.55.167/32",
"40.119.232.251/32",
"40.119.232.50/32",
"40.119.232.146/32",
"40.119.232.218/32",
"104.43.54.127/32",
"104.43.55.117/32",
"104.43.55.116/32",
"104.43.55.166/32",
"52.154.169.50/32",
"52.154.171.70/32",
"52.154.170.229/32",
"52.154.170.113/32",
"52.154.171.44/32",
"52.154.172.2/32",
"52.143.244.81/32",
"52.154.171.87/32",
"52.154.171.250/32",
"52.154.170.28/32",
"52.154.170.122/32",
"52.143.243.117/32",
"52.143.247.235/32",
"52.154.171.235/32",
"52.154.171.196/32",
"52.154.171.0/32",
"52.154.170.243/32",
"52.154.170.26/32",
"52.154.169.200/32",
"52.154.170.96/32",
"52.154.170.88/32",
"52.154.171.150/32",
"52.154.171.205/32",
"52.154.170.117/32",
"52.154.170.209/32",
"191.235.202.48/32",
"191.233.3.202/32",
"191.235.201.214/32",
"191.233.3.197/32",
"191.235.202.38/32",
"20.53.78.144/32",
"20.193.24.10/32",
"20.53.78.236/32",
"20.53.78.138/32",
"20.53.78.123/32",
"20.53.78.106/32",
"20.193.27.215/32",
"20.193.25.197/32",
"20.193.12.126/32",
"20.193.24.251/32",
"20.204.242.101/32",
"20.207.72.113/32",
"20.204.242.19/32",
"20.219.45.67/32",
"20.207.72.11/32",
"20.219.45.190/32",
"20.204.243.55/32",
"20.204.241.148/32",
"20.207.72.110/32",
"20.204.240.172/32",
"20.207.72.21/32",
"20.204.246.81/32",
"20.207.107.181/32",
"20.204.246.254/32",
"20.219.43.246/32",
"52.149.25.43/32",
"52.149.61.51/32",
"52.149.58.139/32",
"52.149.60.38/32",
"52.148.165.38/32",
"52.143.95.162/32",
"52.149.56.151/32",
"52.149.30.45/32",
"52.149.58.173/32",
"52.143.95.204/32",
"52.149.28.83/32",
"52.149.58.69/32",
"52.148.161.87/32",
"52.149.58.27/32",
"52.149.28.18/32",
"20.79.226.26/32",
"20.79.239.66/32",
"20.79.238.198/32",
"20.113.14.159/32",
"20.75.144.152/32",
"20.43.172.120/32",
"20.53.134.160/32",
"20.201.15.208/32",
"20.93.28.24/32",
"20.61.34.40/32",
"52.242.224.168/32",
"20.80.129.80/32",
"20.195.108.47/32",
"4.195.133.120/32",
"4.228.76.163/32",
"4.182.131.108/32",
"4.209.224.56/32",
"108.141.83.74/32",
"4.213.46.14/32",
"172.169.17.165/32",
"51.8.71.117/32",
"20.3.1.178/32",
"52.149.56.151/32",
"52.149.30.45/32",
"52.149.58.173/32",
"52.143.95.204/32",
"52.149.28.83/32",
"52.149.58.69/32",
"52.148.161.87/32",
"52.149.58.27/32",
"52.149.28.18/32",
"20.79.226.26/32",
"20.79.239.66/32",
"20.79.238.198/32",
"20.113.14.159/32",
"20.75.144.152/32",
"20.43.172.120/32",
"20.53.134.160/32",
"20.201.15.208/32",
"20.93.28.24/32",
"20.61.34.40/32",
"52.242.224.168/32",
"20.80.129.80/32",
"20.195.108.47/32",
"4.195.133.120/32",
"4.228.76.163/32",
"4.182.131.108/32",
"4.209.224.56/32",
"108.141.83.74/32",
"4.213.46.14/32",
"172.169.17.165/32",
"51.8.71.117/32",
"20.3.1.178/32"
]

519
data/crawlers/googlebot.yaml
View File

@@ -2,263 +2,262 @@
user_agent_regex: \+http\://www\.google\.com/bot\.html
action: ALLOW
# https://developers.google.com/static/search/apis/ipranges/googlebot.json
remote_addresses:
[
"2001:4860:4801:10::/64",
"2001:4860:4801:11::/64",
"2001:4860:4801:12::/64",
"2001:4860:4801:13::/64",
"2001:4860:4801:14::/64",
"2001:4860:4801:15::/64",
"2001:4860:4801:16::/64",
"2001:4860:4801:17::/64",
"2001:4860:4801:18::/64",
"2001:4860:4801:19::/64",
"2001:4860:4801:1a::/64",
"2001:4860:4801:1b::/64",
"2001:4860:4801:1c::/64",
"2001:4860:4801:1d::/64",
"2001:4860:4801:1e::/64",
"2001:4860:4801:1f::/64",
"2001:4860:4801:20::/64",
"2001:4860:4801:21::/64",
"2001:4860:4801:22::/64",
"2001:4860:4801:23::/64",
"2001:4860:4801:24::/64",
"2001:4860:4801:25::/64",
"2001:4860:4801:26::/64",
"2001:4860:4801:27::/64",
"2001:4860:4801:28::/64",
"2001:4860:4801:29::/64",
"2001:4860:4801:2::/64",
"2001:4860:4801:2a::/64",
"2001:4860:4801:2b::/64",
"2001:4860:4801:2c::/64",
"2001:4860:4801:2d::/64",
"2001:4860:4801:2e::/64",
"2001:4860:4801:2f::/64",
"2001:4860:4801:31::/64",
"2001:4860:4801:32::/64",
"2001:4860:4801:33::/64",
"2001:4860:4801:34::/64",
"2001:4860:4801:35::/64",
"2001:4860:4801:36::/64",
"2001:4860:4801:37::/64",
"2001:4860:4801:38::/64",
"2001:4860:4801:39::/64",
"2001:4860:4801:3a::/64",
"2001:4860:4801:3b::/64",
"2001:4860:4801:3c::/64",
"2001:4860:4801:3d::/64",
"2001:4860:4801:3e::/64",
"2001:4860:4801:40::/64",
"2001:4860:4801:41::/64",
"2001:4860:4801:42::/64",
"2001:4860:4801:43::/64",
"2001:4860:4801:44::/64",
"2001:4860:4801:45::/64",
"2001:4860:4801:46::/64",
"2001:4860:4801:47::/64",
"2001:4860:4801:48::/64",
"2001:4860:4801:49::/64",
"2001:4860:4801:4a::/64",
"2001:4860:4801:4b::/64",
"2001:4860:4801:4c::/64",
"2001:4860:4801:50::/64",
"2001:4860:4801:51::/64",
"2001:4860:4801:52::/64",
"2001:4860:4801:53::/64",
"2001:4860:4801:54::/64",
"2001:4860:4801:55::/64",
"2001:4860:4801:56::/64",
"2001:4860:4801:60::/64",
"2001:4860:4801:61::/64",
"2001:4860:4801:62::/64",
"2001:4860:4801:63::/64",
"2001:4860:4801:64::/64",
"2001:4860:4801:65::/64",
"2001:4860:4801:66::/64",
"2001:4860:4801:67::/64",
"2001:4860:4801:68::/64",
"2001:4860:4801:69::/64",
"2001:4860:4801:6a::/64",
"2001:4860:4801:6b::/64",
"2001:4860:4801:6c::/64",
"2001:4860:4801:6d::/64",
"2001:4860:4801:6e::/64",
"2001:4860:4801:6f::/64",
"2001:4860:4801:70::/64",
"2001:4860:4801:71::/64",
"2001:4860:4801:72::/64",
"2001:4860:4801:73::/64",
"2001:4860:4801:74::/64",
"2001:4860:4801:75::/64",
"2001:4860:4801:76::/64",
"2001:4860:4801:77::/64",
"2001:4860:4801:78::/64",
"2001:4860:4801:79::/64",
"2001:4860:4801:80::/64",
"2001:4860:4801:81::/64",
"2001:4860:4801:82::/64",
"2001:4860:4801:83::/64",
"2001:4860:4801:84::/64",
"2001:4860:4801:85::/64",
"2001:4860:4801:86::/64",
"2001:4860:4801:87::/64",
"2001:4860:4801:88::/64",
"2001:4860:4801:90::/64",
"2001:4860:4801:91::/64",
"2001:4860:4801:92::/64",
"2001:4860:4801:93::/64",
"2001:4860:4801:94::/64",
"2001:4860:4801:95::/64",
"2001:4860:4801:96::/64",
"2001:4860:4801:a0::/64",
"2001:4860:4801:a1::/64",
"2001:4860:4801:a2::/64",
"2001:4860:4801:a3::/64",
"2001:4860:4801:a4::/64",
"2001:4860:4801:a5::/64",
"2001:4860:4801:c::/64",
"2001:4860:4801:f::/64",
"192.178.5.0/27",
"192.178.6.0/27",
"192.178.6.128/27",
"192.178.6.160/27",
"192.178.6.192/27",
"192.178.6.32/27",
"192.178.6.64/27",
"192.178.6.96/27",
"34.100.182.96/28",
"34.101.50.144/28",
"34.118.254.0/28",
"34.118.66.0/28",
"34.126.178.96/28",
"34.146.150.144/28",
"34.147.110.144/28",
"34.151.74.144/28",
"34.152.50.64/28",
"34.154.114.144/28",
"34.155.98.32/28",
"34.165.18.176/28",
"34.175.160.64/28",
"34.176.130.16/28",
"34.22.85.0/27",
"34.64.82.64/28",
"34.65.242.112/28",
"34.80.50.80/28",
"34.88.194.0/28",
"34.89.10.80/28",
"34.89.198.80/28",
"34.96.162.48/28",
"35.247.243.240/28",
"66.249.64.0/27",
"66.249.64.128/27",
"66.249.64.160/27",
"66.249.64.224/27",
"66.249.64.32/27",
"66.249.64.64/27",
"66.249.64.96/27",
"66.249.65.0/27",
"66.249.65.128/27",
"66.249.65.160/27",
"66.249.65.192/27",
"66.249.65.224/27",
"66.249.65.32/27",
"66.249.65.64/27",
"66.249.65.96/27",
"66.249.66.0/27",
"66.249.66.128/27",
"66.249.66.160/27",
"66.249.66.192/27",
"66.249.66.224/27",
"66.249.66.32/27",
"66.249.66.64/27",
"66.249.66.96/27",
"66.249.68.0/27",
"66.249.68.128/27",
"66.249.68.32/27",
"66.249.68.64/27",
"66.249.68.96/27",
"66.249.69.0/27",
"66.249.69.128/27",
"66.249.69.160/27",
"66.249.69.192/27",
"66.249.69.224/27",
"66.249.69.32/27",
"66.249.69.64/27",
"66.249.69.96/27",
"66.249.70.0/27",
"66.249.70.128/27",
"66.249.70.160/27",
"66.249.70.192/27",
"66.249.70.224/27",
"66.249.70.32/27",
"66.249.70.64/27",
"66.249.70.96/27",
"66.249.71.0/27",
"66.249.71.128/27",
"66.249.71.160/27",
"66.249.71.192/27",
"66.249.71.224/27",
"66.249.71.32/27",
"66.249.71.64/27",
"66.249.71.96/27",
"66.249.72.0/27",
"66.249.72.128/27",
"66.249.72.160/27",
"66.249.72.192/27",
"66.249.72.224/27",
"66.249.72.32/27",
"66.249.72.64/27",
"66.249.72.96/27",
"66.249.73.0/27",
"66.249.73.128/27",
"66.249.73.160/27",
"66.249.73.192/27",
"66.249.73.224/27",
"66.249.73.32/27",
"66.249.73.64/27",
"66.249.73.96/27",
"66.249.74.0/27",
"66.249.74.128/27",
"66.249.74.160/27",
"66.249.74.192/27",
"66.249.74.32/27",
"66.249.74.64/27",
"66.249.74.96/27",
"66.249.75.0/27",
"66.249.75.128/27",
"66.249.75.160/27",
"66.249.75.192/27",
"66.249.75.224/27",
"66.249.75.32/27",
"66.249.75.64/27",
"66.249.75.96/27",
"66.249.76.0/27",
"66.249.76.128/27",
"66.249.76.160/27",
"66.249.76.192/27",
"66.249.76.224/27",
"66.249.76.32/27",
"66.249.76.64/27",
"66.249.76.96/27",
"66.249.77.0/27",
"66.249.77.128/27",
"66.249.77.160/27",
"66.249.77.192/27",
"66.249.77.224/27",
"66.249.77.32/27",
"66.249.77.64/27",
"66.249.77.96/27",
"66.249.78.0/27",
"66.249.78.32/27",
"66.249.79.0/27",
"66.249.79.128/27",
"66.249.79.160/27",
"66.249.79.192/27",
"66.249.79.224/27",
"66.249.79.32/27",
"66.249.79.64/27",
"66.249.79.96/27",
]
remote_addresses: [
"2001:4860:4801:10::/64",
"2001:4860:4801:11::/64",
"2001:4860:4801:12::/64",
"2001:4860:4801:13::/64",
"2001:4860:4801:14::/64",
"2001:4860:4801:15::/64",
"2001:4860:4801:16::/64",
"2001:4860:4801:17::/64",
"2001:4860:4801:18::/64",
"2001:4860:4801:19::/64",
"2001:4860:4801:1a::/64",
"2001:4860:4801:1b::/64",
"2001:4860:4801:1c::/64",
"2001:4860:4801:1d::/64",
"2001:4860:4801:1e::/64",
"2001:4860:4801:1f::/64",
"2001:4860:4801:20::/64",
"2001:4860:4801:21::/64",
"2001:4860:4801:22::/64",
"2001:4860:4801:23::/64",
"2001:4860:4801:24::/64",
"2001:4860:4801:25::/64",
"2001:4860:4801:26::/64",
"2001:4860:4801:27::/64",
"2001:4860:4801:28::/64",
"2001:4860:4801:29::/64",
"2001:4860:4801:2::/64",
"2001:4860:4801:2a::/64",
"2001:4860:4801:2b::/64",
"2001:4860:4801:2c::/64",
"2001:4860:4801:2d::/64",
"2001:4860:4801:2e::/64",
"2001:4860:4801:2f::/64",
"2001:4860:4801:31::/64",
"2001:4860:4801:32::/64",
"2001:4860:4801:33::/64",
"2001:4860:4801:34::/64",
"2001:4860:4801:35::/64",
"2001:4860:4801:36::/64",
"2001:4860:4801:37::/64",
"2001:4860:4801:38::/64",
"2001:4860:4801:39::/64",
"2001:4860:4801:3a::/64",
"2001:4860:4801:3b::/64",
"2001:4860:4801:3c::/64",
"2001:4860:4801:3d::/64",
"2001:4860:4801:3e::/64",
"2001:4860:4801:40::/64",
"2001:4860:4801:41::/64",
"2001:4860:4801:42::/64",
"2001:4860:4801:43::/64",
"2001:4860:4801:44::/64",
"2001:4860:4801:45::/64",
"2001:4860:4801:46::/64",
"2001:4860:4801:47::/64",
"2001:4860:4801:48::/64",
"2001:4860:4801:49::/64",
"2001:4860:4801:4a::/64",
"2001:4860:4801:4b::/64",
"2001:4860:4801:4c::/64",
"2001:4860:4801:50::/64",
"2001:4860:4801:51::/64",
"2001:4860:4801:52::/64",
"2001:4860:4801:53::/64",
"2001:4860:4801:54::/64",
"2001:4860:4801:55::/64",
"2001:4860:4801:56::/64",
"2001:4860:4801:60::/64",
"2001:4860:4801:61::/64",
"2001:4860:4801:62::/64",
"2001:4860:4801:63::/64",
"2001:4860:4801:64::/64",
"2001:4860:4801:65::/64",
"2001:4860:4801:66::/64",
"2001:4860:4801:67::/64",
"2001:4860:4801:68::/64",
"2001:4860:4801:69::/64",
"2001:4860:4801:6a::/64",
"2001:4860:4801:6b::/64",
"2001:4860:4801:6c::/64",
"2001:4860:4801:6d::/64",
"2001:4860:4801:6e::/64",
"2001:4860:4801:6f::/64",
"2001:4860:4801:70::/64",
"2001:4860:4801:71::/64",
"2001:4860:4801:72::/64",
"2001:4860:4801:73::/64",
"2001:4860:4801:74::/64",
"2001:4860:4801:75::/64",
"2001:4860:4801:76::/64",
"2001:4860:4801:77::/64",
"2001:4860:4801:78::/64",
"2001:4860:4801:79::/64",
"2001:4860:4801:80::/64",
"2001:4860:4801:81::/64",
"2001:4860:4801:82::/64",
"2001:4860:4801:83::/64",
"2001:4860:4801:84::/64",
"2001:4860:4801:85::/64",
"2001:4860:4801:86::/64",
"2001:4860:4801:87::/64",
"2001:4860:4801:88::/64",
"2001:4860:4801:90::/64",
"2001:4860:4801:91::/64",
"2001:4860:4801:92::/64",
"2001:4860:4801:93::/64",
"2001:4860:4801:94::/64",
"2001:4860:4801:95::/64",
"2001:4860:4801:96::/64",
"2001:4860:4801:a0::/64",
"2001:4860:4801:a1::/64",
"2001:4860:4801:a2::/64",
"2001:4860:4801:a3::/64",
"2001:4860:4801:a4::/64",
"2001:4860:4801:a5::/64",
"2001:4860:4801:c::/64",
"2001:4860:4801:f::/64",
"192.178.5.0/27",
"192.178.6.0/27",
"192.178.6.128/27",
"192.178.6.160/27",
"192.178.6.192/27",
"192.178.6.32/27",
"192.178.6.64/27",
"192.178.6.96/27",
"34.100.182.96/28",
"34.101.50.144/28",
"34.118.254.0/28",
"34.118.66.0/28",
"34.126.178.96/28",
"34.146.150.144/28",
"34.147.110.144/28",
"34.151.74.144/28",
"34.152.50.64/28",
"34.154.114.144/28",
"34.155.98.32/28",
"34.165.18.176/28",
"34.175.160.64/28",
"34.176.130.16/28",
"34.22.85.0/27",
"34.64.82.64/28",
"34.65.242.112/28",
"34.80.50.80/28",
"34.88.194.0/28",
"34.89.10.80/28",
"34.89.198.80/28",
"34.96.162.48/28",
"35.247.243.240/28",
"66.249.64.0/27",
"66.249.64.128/27",
"66.249.64.160/27",
"66.249.64.224/27",
"66.249.64.32/27",
"66.249.64.64/27",
"66.249.64.96/27",
"66.249.65.0/27",
"66.249.65.128/27",
"66.249.65.160/27",
"66.249.65.192/27",
"66.249.65.224/27",
"66.249.65.32/27",
"66.249.65.64/27",
"66.249.65.96/27",
"66.249.66.0/27",
"66.249.66.128/27",
"66.249.66.160/27",
"66.249.66.192/27",
"66.249.66.224/27",
"66.249.66.32/27",
"66.249.66.64/27",
"66.249.66.96/27",
"66.249.68.0/27",
"66.249.68.128/27",
"66.249.68.32/27",
"66.249.68.64/27",
"66.249.68.96/27",
"66.249.69.0/27",
"66.249.69.128/27",
"66.249.69.160/27",
"66.249.69.192/27",
"66.249.69.224/27",
"66.249.69.32/27",
"66.249.69.64/27",
"66.249.69.96/27",
"66.249.70.0/27",
"66.249.70.128/27",
"66.249.70.160/27",
"66.249.70.192/27",
"66.249.70.224/27",
"66.249.70.32/27",
"66.249.70.64/27",
"66.249.70.96/27",
"66.249.71.0/27",
"66.249.71.128/27",
"66.249.71.160/27",
"66.249.71.192/27",
"66.249.71.224/27",
"66.249.71.32/27",
"66.249.71.64/27",
"66.249.71.96/27",
"66.249.72.0/27",
"66.249.72.128/27",
"66.249.72.160/27",
"66.249.72.192/27",
"66.249.72.224/27",
"66.249.72.32/27",
"66.249.72.64/27",
"66.249.72.96/27",
"66.249.73.0/27",
"66.249.73.128/27",
"66.249.73.160/27",
"66.249.73.192/27",
"66.249.73.224/27",
"66.249.73.32/27",
"66.249.73.64/27",
"66.249.73.96/27",
"66.249.74.0/27",
"66.249.74.128/27",
"66.249.74.160/27",
"66.249.74.192/27",
"66.249.74.32/27",
"66.249.74.64/27",
"66.249.74.96/27",
"66.249.75.0/27",
"66.249.75.128/27",
"66.249.75.160/27",
"66.249.75.192/27",
"66.249.75.224/27",
"66.249.75.32/27",
"66.249.75.64/27",
"66.249.75.96/27",
"66.249.76.0/27",
"66.249.76.128/27",
"66.249.76.160/27",
"66.249.76.192/27",
"66.249.76.224/27",
"66.249.76.32/27",
"66.249.76.64/27",
"66.249.76.96/27",
"66.249.77.0/27",
"66.249.77.128/27",
"66.249.77.160/27",
"66.249.77.192/27",
"66.249.77.224/27",
"66.249.77.32/27",
"66.249.77.64/27",
"66.249.77.96/27",
"66.249.78.0/27",
"66.249.78.32/27",
"66.249.79.0/27",
"66.249.79.128/27",
"66.249.79.160/27",
"66.249.79.192/27",
"66.249.79.224/27",
"66.249.79.32/27",
"66.249.79.64/27",
"66.249.79.96/27"
]

617
data/crawlers/huawei-cloud.yaml
View File

@@ -1,617 +0,0 @@
- name: huawei-cloud
action: DENY
# Updated 2025-08-20 from IP addresses for AS136907
remote_addresses:
- 1.178.32.0/20
- 1.178.48.0/20
- 101.44.0.0/20
- 101.44.144.0/20
- 101.44.16.0/20
- 101.44.160.0/20
- 101.44.173.0/24
- 101.44.176.0/20
- 101.44.192.0/20
- 101.44.208.0/22
- 101.44.212.0/22
- 101.44.216.0/22
- 101.44.220.0/22
- 101.44.224.0/22
- 101.44.228.0/22
- 101.44.232.0/22
- 101.44.236.0/22
- 101.44.240.0/22
- 101.44.244.0/22
- 101.44.248.0/22
- 101.44.252.0/24
- 101.44.253.0/24
- 101.44.254.0/24
- 101.44.255.0/24
- 101.44.32.0/20
- 101.44.48.0/20
- 101.44.64.0/20
- 101.44.80.0/20
- 101.44.96.0/20
- 101.46.0.0/20
- 101.46.128.0/21
- 101.46.136.0/21
- 101.46.144.0/21
- 101.46.152.0/21
- 101.46.160.0/21
- 101.46.168.0/21
- 101.46.176.0/21
- 101.46.184.0/21
- 101.46.192.0/21
- 101.46.200.0/21
- 101.46.208.0/21
- 101.46.216.0/21
- 101.46.224.0/22
- 101.46.232.0/22
- 101.46.236.0/22
- 101.46.240.0/22
- 101.46.244.0/22
- 101.46.248.0/22
- 101.46.252.0/24
- 101.46.253.0/24
- 101.46.254.0/24
- 101.46.255.0/24
- 101.46.32.0/20
- 101.46.48.0/20
- 101.46.64.0/20
- 101.46.80.0/20
- 103.198.203.0/24
- 103.215.0.0/24
- 103.215.1.0/24
- 103.215.3.0/24
- 103.240.156.0/22
- 103.240.157.0/24
- 103.255.60.0/22
- 103.255.60.0/24
- 103.255.61.0/24
- 103.255.62.0/24
- 103.255.63.0/24
- 103.40.100.0/23
- 103.84.110.0/24
- 110.238.100.0/22
- 110.238.104.0/21
- 110.238.112.0/21
- 110.238.120.0/22
- 110.238.124.0/22
- 110.238.64.0/21
- 110.238.72.0/21
- 110.238.80.0/20
- 110.238.96.0/24
- 110.238.98.0/24
- 110.238.99.0/24
- 110.239.127.0/24
- 110.239.184.0/22
- 110.239.188.0/23
- 110.239.190.0/23
- 110.239.64.0/19
- 110.239.96.0/19
- 110.41.208.0/24
- 110.41.209.0/24
- 110.41.210.0/24
- 111.119.192.0/20
- 111.119.208.0/20
- 111.119.224.0/20
- 111.119.240.0/20
- 111.91.0.0/20
- 111.91.112.0/20
- 111.91.16.0/20
- 111.91.32.0/20
- 111.91.48.0/20
- 111.91.64.0/20
- 111.91.80.0/20
- 111.91.96.0/20
- 114.119.128.0/19
- 114.119.160.0/21
- 114.119.168.0/24
- 114.119.169.0/24
- 114.119.170.0/24
- 114.119.171.0/24
- 114.119.172.0/22
- 114.119.176.0/20
- 115.30.32.0/20
- 115.30.48.0/20
- 119.12.160.0/20
- 119.13.112.0/20
- 119.13.160.0/24
- 119.13.161.0/24
- 119.13.162.0/23
- 119.13.163.0/24
- 119.13.164.0/22
- 119.13.168.0/21
- 119.13.168.0/24
- 119.13.169.0/24
- 119.13.170.0/24
- 119.13.172.0/24
- 119.13.173.0/24
- 119.13.32.0/22
- 119.13.36.0/22
- 119.13.64.0/24
- 119.13.65.0/24
- 119.13.66.0/23
- 119.13.68.0/22
- 119.13.72.0/22
- 119.13.76.0/22
- 119.13.80.0/21
- 119.13.88.0/22
- 119.13.92.0/22
- 119.13.96.0/20
- 119.8.0.0/21
- 119.8.128.0/24
- 119.8.129.0/24
- 119.8.130.0/23
- 119.8.132.0/22
- 119.8.136.0/21
- 119.8.144.0/20
- 119.8.160.0/19
- 119.8.18.0/24
- 119.8.192.0/20
- 119.8.192.0/21
- 119.8.200.0/21
- 119.8.208.0/20
- 119.8.21.0/24
- 119.8.22.0/24
- 119.8.224.0/24
- 119.8.227.0/24
- 119.8.228.0/22
- 119.8.23.0/24
- 119.8.232.0/21
- 119.8.24.0/21
- 119.8.240.0/23
- 119.8.242.0/23
- 119.8.244.0/24
- 119.8.245.0/24
- 119.8.246.0/24
- 119.8.247.0/24
- 119.8.248.0/24
- 119.8.249.0/24
- 119.8.250.0/24
- 119.8.253.0/24
- 119.8.254.0/23
- 119.8.32.0/19
- 119.8.4.0/24
- 119.8.64.0/22
- 119.8.68.0/24
- 119.8.69.0/24
- 119.8.70.0/24
- 119.8.71.0/24
- 119.8.72.0/21
- 119.8.8.0/21
- 119.8.80.0/20
- 119.8.96.0/19
- 121.91.152.0/21
- 121.91.168.0/21
- 121.91.200.0/21
- 121.91.200.0/24
- 121.91.201.0/24
- 121.91.204.0/24
- 121.91.205.0/24
- 122.8.128.0/20
- 122.8.144.0/20
- 122.8.160.0/20
- 122.8.176.0/21
- 122.8.184.0/22
- 122.8.188.0/22
- 124.243.128.0/18
- 124.243.156.0/24
- 124.243.157.0/24
- 124.243.158.0/24
- 124.243.159.0/24
- 124.71.248.0/24
- 124.71.249.0/24
- 124.71.250.0/24
- 124.71.252.0/24
- 124.71.253.0/24
- 124.81.0.0/20
- 124.81.112.0/20
- 124.81.128.0/20
- 124.81.144.0/20
- 124.81.16.0/20
- 124.81.160.0/20
- 124.81.176.0/20
- 124.81.192.0/20
- 124.81.208.0/20
- 124.81.224.0/20
- 124.81.240.0/20
- 124.81.32.0/20
- 124.81.48.0/20
- 124.81.64.0/20
- 124.81.80.0/20
- 124.81.96.0/20
- 139.9.98.0/24
- 139.9.99.0/24
- 14.137.132.0/22
- 14.137.136.0/22
- 14.137.140.0/22
- 14.137.152.0/24
- 14.137.153.0/24
- 14.137.154.0/24
- 14.137.155.0/24
- 14.137.156.0/24
- 14.137.157.0/24
- 14.137.161.0/24
- 14.137.163.0/24
- 14.137.169.0/24
- 14.137.170.0/23
- 14.137.172.0/22
- 146.174.128.0/20
- 146.174.144.0/20
- 146.174.160.0/20
- 146.174.176.0/20
- 148.145.160.0/20
- 148.145.192.0/20
- 148.145.208.0/20
- 148.145.224.0/23
- 148.145.234.0/23
- 148.145.236.0/23
- 148.145.238.0/23
- 149.232.128.0/20
- 149.232.144.0/20
- 150.40.128.0/20
- 150.40.144.0/20
- 150.40.160.0/20
- 150.40.176.0/20
- 150.40.182.0/24
- 150.40.192.0/20
- 150.40.208.0/20
- 150.40.224.0/20
- 150.40.240.0/20
- 154.220.192.0/19
- 154.81.16.0/20
- 154.83.0.0/23
- 154.86.32.0/20
- 154.86.48.0/20
- 154.93.100.0/23
- 154.93.104.0/23
- 156.227.22.0/23
- 156.230.32.0/21
- 156.230.40.0/21
- 156.230.64.0/18
- 156.232.16.0/20
- 156.240.128.0/18
- 156.249.32.0/20
- 156.253.16.0/20
- 157.254.211.0/24
- 157.254.212.0/24
- 159.138.0.0/20
- 159.138.112.0/21
- 159.138.114.0/24
- 159.138.120.0/22
- 159.138.124.0/24
- 159.138.125.0/24
- 159.138.126.0/23
- 159.138.128.0/20
- 159.138.144.0/20
- 159.138.152.0/21
- 159.138.16.0/22
- 159.138.160.0/20
- 159.138.176.0/23
- 159.138.178.0/24
- 159.138.179.0/24
- 159.138.180.0/24
- 159.138.181.0/24
- 159.138.182.0/23
- 159.138.188.0/23
- 159.138.190.0/23
- 159.138.192.0/20
- 159.138.20.0/22
- 159.138.208.0/21
- 159.138.216.0/22
- 159.138.220.0/23
- 159.138.224.0/20
- 159.138.24.0/21
- 159.138.240.0/20
- 159.138.32.0/20
- 159.138.48.0/20
- 159.138.64.0/21
- 159.138.67.0/24
- 159.138.76.0/24
- 159.138.77.0/24
- 159.138.78.0/24
- 159.138.79.0/24
- 159.138.80.0/20
- 159.138.96.0/20
- 166.108.192.0/20
- 166.108.208.0/20
- 166.108.224.0/20
- 166.108.240.0/20
- 176.52.128.0/20
- 176.52.144.0/20
- 180.87.192.0/20
- 180.87.208.0/20
- 180.87.224.0/20
- 180.87.240.0/20
- 182.160.0.0/20
- 182.160.16.0/24
- 182.160.17.0/24
- 182.160.18.0/23
- 182.160.20.0/22
- 182.160.20.0/24
- 182.160.24.0/21
- 182.160.36.0/22
- 182.160.49.0/24
- 182.160.52.0/22
- 182.160.56.0/21
- 182.160.56.0/24
- 182.160.57.0/24
- 182.160.58.0/24
- 182.160.59.0/24
- 182.160.60.0/24
- 182.160.61.0/24
- 182.160.62.0/24
- 183.87.112.0/20
- 183.87.128.0/20
- 183.87.144.0/20
- 183.87.32.0/20
- 183.87.48.0/20
- 183.87.64.0/20
- 183.87.80.0/20
- 183.87.96.0/20
- 188.119.192.0/20
- 188.119.208.0/20
- 188.119.224.0/20
- 188.119.240.0/20
- 188.239.0.0/20
- 188.239.16.0/20
- 188.239.32.0/20
- 188.239.48.0/20
- 189.1.192.0/20
- 189.1.208.0/20
- 189.1.224.0/20
- 189.1.240.0/20
- 189.28.112.0/20
- 189.28.96.0/20
- 190.92.192.0/19
- 190.92.224.0/19
- 190.92.248.0/24
- 190.92.252.0/24
- 190.92.253.0/24
- 190.92.254.0/24
- 201.77.32.0/20
- 202.170.88.0/21
- 202.76.128.0/20
- 202.76.144.0/20
- 202.76.160.0/20
- 202.76.176.0/20
- 203.123.80.0/20
- 203.167.20.0/23
- 203.167.22.0/24
- 212.34.192.0/20
- 212.34.208.0/20
- 213.250.128.0/20
- 213.250.144.0/20
- 213.250.160.0/20
- 213.250.176.0/21
- 213.250.184.0/21
- 219.83.0.0/20
- 219.83.112.0/22
- 219.83.116.0/23
- 219.83.118.0/23
- 219.83.121.0/24
- 219.83.122.0/24
- 219.83.123.0/24
- 219.83.124.0/24
- 219.83.16.0/20
- 219.83.32.0/20
- 219.83.76.0/23
- 2404:a140:43::/48
- 2405:f080::/39
- 2405:f080:1::/48
- 2405:f080:1000::/39
- 2405:f080:1200::/39
- 2405:f080:1400::/48
- 2405:f080:1401::/48
- 2405:f080:1402::/48
- 2405:f080:1403::/48
- 2405:f080:1500::/40
- 2405:f080:1600::/48
- 2405:f080:1602::/48
- 2405:f080:1603::/48
- 2405:f080:1800::/39
- 2405:f080:1800::/44
- 2405:f080:1810::/48
- 2405:f080:1811::/48
- 2405:f080:1812::/48
- 2405:f080:1813::/48
- 2405:f080:1814::/48
- 2405:f080:1815::/48
- 2405:f080:1900::/40
- 2405:f080:1e02::/47
- 2405:f080:1e04::/47
- 2405:f080:1e06::/47
- 2405:f080:1e1e::/47
- 2405:f080:1e20::/47
- 2405:f080:200::/48
- 2405:f080:2000::/39
- 2405:f080:201::/48
- 2405:f080:202::/48
- 2405:f080:2040::/48
- 2405:f080:2200::/39
- 2405:f080:2280::/48
- 2405:f080:2281::/48
- 2405:f080:2282::/48
- 2405:f080:2283::/48
- 2405:f080:2284::/48
- 2405:f080:2285::/48
- 2405:f080:2286::/48
- 2405:f080:2287::/48
- 2405:f080:2288::/48
- 2405:f080:2289::/48
- 2405:f080:228a::/48
- 2405:f080:228b::/48
- 2405:f080:228c::/48
- 2405:f080:228d::/48
- 2405:f080:228e::/48
- 2405:f080:228f::/48
- 2405:f080:2400::/39
- 2405:f080:2600::/39
- 2405:f080:2800::/48
- 2405:f080:2a00::/48
- 2405:f080:2e00::/47
- 2405:f080:3000::/38
- 2405:f080:3000::/40
- 2405:f080:3100::/40
- 2405:f080:3200::/48
- 2405:f080:3201::/48
- 2405:f080:3202::/48
- 2405:f080:3203::/48
- 2405:f080:3204::/48
- 2405:f080:3205::/48
- 2405:f080:3400::/38
- 2405:f080:3400::/40
- 2405:f080:3500::/40
- 2405:f080:3600::/48
- 2405:f080:3601::/48
- 2405:f080:3602::/48
- 2405:f080:3603::/48
- 2405:f080:3604::/48
- 2405:f080:3605::/48
- 2405:f080:400::/39
- 2405:f080:4000::/40
- 2405:f080:4100::/48
- 2405:f080:4102::/48
- 2405:f080:4103::/48
- 2405:f080:4104::/48
- 2405:f080:4200::/40
- 2405:f080:4300::/40
- 2405:f080:600::/48
- 2405:f080:800::/40
- 2405:f080:810::/44
- 2405:f080:a00::/39
- 2405:f080:a11::/48
- 2405:f080:e02::/48
- 2405:f080:e03::/48
- 2405:f080:e04::/47
- 2405:f080:e05::/48
- 2405:f080:e06::/48
- 2405:f080:e07::/48
- 2405:f080:e0e::/47
- 2405:f080:e10::/47
- 2405:f080:edff::/48
- 27.106.0.0/20
- 27.106.112.0/20
- 27.106.16.0/20
- 27.106.32.0/20
- 27.106.48.0/20
- 27.106.64.0/20
- 27.106.80.0/20
- 27.106.96.0/20
- 27.255.0.0/23
- 27.255.10.0/23
- 27.255.12.0/23
- 27.255.14.0/23
- 27.255.16.0/23
- 27.255.18.0/23
- 27.255.2.0/23
- 27.255.20.0/23
- 27.255.22.0/23
- 27.255.26.0/23
- 27.255.28.0/23
- 27.255.30.0/23
- 27.255.32.0/23
- 27.255.34.0/23
- 27.255.36.0/23
- 27.255.38.0/23
- 27.255.4.0/23
- 27.255.40.0/23
- 27.255.42.0/23
- 27.255.44.0/23
- 27.255.46.0/23
- 27.255.48.0/23
- 27.255.50.0/23
- 27.255.52.0/23
- 27.255.54.0/23
- 27.255.58.0/23
- 27.255.6.0/23
- 27.255.60.0/23
- 27.255.62.0/23
- 27.255.8.0/23
- 42.201.128.0/20
- 42.201.144.0/20
- 42.201.160.0/20
- 42.201.176.0/20
- 42.201.192.0/20
- 42.201.208.0/20
- 42.201.224.0/20
- 42.201.240.0/20
- 43.225.140.0/22
- 43.255.104.0/22
- 45.194.104.0/21
- 45.199.144.0/22
- 45.202.128.0/19
- 45.202.160.0/20
- 45.202.176.0/21
- 45.202.184.0/21
- 45.203.40.0/21
- 46.250.160.0/20
- 46.250.176.0/20
- 49.0.192.0/21
- 49.0.200.0/21
- 49.0.224.0/22
- 49.0.228.0/22
- 49.0.232.0/21
- 49.0.240.0/20
- 62.245.0.0/20
- 62.245.16.0/20
- 80.238.128.0/22
- 80.238.132.0/22
- 80.238.136.0/22
- 80.238.140.0/22
- 80.238.144.0/22
- 80.238.148.0/22
- 80.238.152.0/22
- 80.238.156.0/22
- 80.238.164.0/22
- 80.238.164.0/24
- 80.238.165.0/24
- 80.238.168.0/22
- 80.238.168.0/24
- 80.238.169.0/24
- 80.238.170.0/24
- 80.238.171.0/24
- 80.238.172.0/22
- 80.238.176.0/22
- 80.238.180.0/24
- 80.238.181.0/24
- 80.238.183.0/24
- 80.238.184.0/24
- 80.238.185.0/24
- 80.238.186.0/24
- 80.238.190.0/24
- 80.238.192.0/20
- 80.238.208.0/20
- 80.238.224.0/20
- 80.238.240.0/20
- 83.101.0.0/21
- 83.101.104.0/21
- 83.101.16.0/21
- 83.101.24.0/21
- 83.101.32.0/21
- 83.101.48.0/21
- 83.101.56.0/23
- 83.101.58.0/23
- 83.101.64.0/21
- 83.101.72.0/21
- 83.101.8.0/23
- 83.101.80.0/21
- 83.101.88.0/24
- 83.101.89.0/24
- 83.101.96.0/21
- 87.119.12.0/24
- 89.150.192.0/20
- 89.150.208.0/20
- 94.244.128.0/20
- 94.244.144.0/20
- 94.244.160.0/20
- 94.244.176.0/20
- 94.45.160.0/19
- 94.45.160.0/24
- 94.45.161.0/24
- 94.45.163.0/24
- 94.74.112.0/21
- 94.74.120.0/21
- 94.74.64.0/20
- 94.74.80.0/20
- 94.74.96.0/20

6
data/crawlers/internet-archive.yaml
View File

@@ -1,4 +1,8 @@
- name: internet-archive
action: ALLOW
# https://ipinfo.io/AS7941
remote_addresses: ["207.241.224.0/20", "208.70.24.0/21", "2620:0:9c0::/48"]
remote_addresses: [
"207.241.224.0/20",
"208.70.24.0/21",
"2620:0:9c0::/48"
]

13
data/crawlers/kagibot.yaml
View File

@@ -2,10 +2,9 @@
user_agent_regex: \+https\://kagi\.com/bot
action: ALLOW
# https://kagi.com/bot
remote_addresses:
[
"216.18.205.234/32",
"35.212.27.76/32",
"104.254.65.50/32",
"209.151.156.194/32",
]
remote_addresses: [
"216.18.205.234/32",
"35.212.27.76/32",
"104.254.65.50/32",
"209.151.156.194/32"
]

15
data/crawlers/marginalia.yaml
View File

@@ -2,11 +2,10 @@
user_agent_regex: search\.marginalia\.nu
action: ALLOW
# Received directly over email
remote_addresses:
[
"193.183.0.162/31",
"193.183.0.164/30",
"193.183.0.168/30",
"193.183.0.172/31",
"193.183.0.174/32",
]
remote_addresses: [
"193.183.0.162/31",
"193.183.0.164/30",
"193.183.0.168/30",
"193.183.0.172/31",
"193.183.0.174/32"
]

2
data/crawlers/mojeekbot.yaml
View File

@@ -2,4 +2,4 @@
user_agent_regex: \+https\://www\.mojeek\.com/bot\.html
action: ALLOW
# https://www.mojeek.com/bot.html
remote_addresses: ["5.102.173.71/32"]
remote_addresses: [ "5.102.173.71/32" ]

21
data/crawlers/openai-gptbot.yaml
View File

@@ -4,14 +4,13 @@
user_agent_regex: GPTBot/1\.1; \+https\://openai\.com/gptbot
action: ALLOW
# https://openai.com/gptbot.json
remote_addresses:
[
"52.230.152.0/24",
"20.171.206.0/24",
"20.171.207.0/24",
"4.227.36.0/25",
"20.125.66.80/28",
"172.182.204.0/24",
"172.182.214.0/24",
"172.182.215.0/24",
]
remote_addresses: [
"52.230.152.0/24",
"20.171.206.0/24",
"20.171.207.0/24",
"4.227.36.0/25",
"20.125.66.80/28",
"172.182.204.0/24",
"172.182.214.0/24",
"172.182.215.0/24",
]

15
data/crawlers/openai-searchbot.yaml
View File

@@ -4,11 +4,10 @@
user_agent_regex: OAI-SearchBot/1\.0; \+https\://openai\.com/searchbot
action: ALLOW
# https://openai.com/searchbot.json
remote_addresses:
[
"20.42.10.176/28",
"172.203.190.128/28",
"104.210.140.128/28",
"51.8.102.0/24",
"135.234.64.0/24",
]
remote_addresses: [
"20.42.10.176/28",
"172.203.190.128/28",
"104.210.140.128/28",
"51.8.102.0/24",
"135.234.64.0/24"
]

17
data/crawlers/perplexitybot.yaml
View File

@@ -1,17 +0,0 @@
# Indexing for search, does not collect training data
# https://docs.perplexity.ai/guides/bots
- name: perplexitybot
user_agent_regex: PerplexityBot/.+; \+https\://perplexity\.ai/perplexitybot
action: ALLOW
# https://www.perplexity.com/perplexitybot.json
remote_addresses:
[
"107.20.236.150/32",
"3.224.62.45/32",
"18.210.92.235/32",
"3.222.232.239/32",
"3.211.124.183/32",
"3.231.139.107/32",
"18.97.1.228/30",
"18.97.9.96/29",
]

2
data/crawlers/qwantbot.yaml
View File

@@ -2,4 +2,4 @@
user_agent_regex: \+https\://help\.qwant\.com/bot/
action: ALLOW
# https://help.qwant.com/wp-content/uploads/sites/2/2025/01/qwantbot.json
remote_addresses: ["91.242.162.0/24"]
remote_addresses: [ "91.242.162.0/24" ]

165
data/crawlers/tencent-cloud.yaml
View File

@@ -1,165 +0,0 @@
# Tencent Cloud crawler IP ranges
- name: tencent-cloud
action: DENY
remote_addresses:
- 101.32.0.0/17
- 101.32.176.0/20
- 101.32.192.0/18
- 101.33.116.0/22
- 101.33.120.0/21
- 101.33.16.0/20
- 101.33.2.0/23
- 101.33.32.0/19
- 101.33.4.0/22
- 101.33.64.0/19
- 101.33.8.0/21
- 101.33.96.0/20
- 119.28.28.0/24
- 119.29.29.0/24
- 124.156.0.0/16
- 129.226.0.0/18
- 129.226.128.0/18
- 129.226.224.0/19
- 129.226.96.0/19
- 150.109.0.0/18
- 150.109.128.0/20
- 150.109.160.0/19
- 150.109.192.0/18
- 150.109.64.0/20
- 150.109.80.0/21
- 150.109.88.0/22
- 150.109.96.0/19
- 162.14.60.0/22
- 162.62.0.0/18
- 162.62.128.0/20
- 162.62.144.0/21
- 162.62.152.0/22
- 162.62.172.0/22
- 162.62.176.0/20
- 162.62.192.0/19
- 162.62.255.0/24
- 162.62.80.0/20
- 162.62.96.0/19
- 170.106.0.0/16
- 43.128.0.0/14
- 43.132.0.0/22
- 43.132.12.0/22
- 43.132.128.0/17
- 43.132.16.0/22
- 43.132.28.0/22
- 43.132.32.0/22
- 43.132.40.0/22
- 43.132.52.0/22
- 43.132.60.0/24
- 43.132.64.0/22
- 43.132.69.0/24
- 43.132.70.0/23
- 43.132.72.0/21
- 43.132.80.0/21
- 43.132.88.0/22
- 43.132.92.0/23
- 43.132.96.0/19
- 43.133.0.0/16
- 43.134.0.0/16
- 43.135.0.0/17
- 43.135.128.0/18
- 43.135.192.0/19
- 43.152.0.0/21
- 43.152.11.0/24
- 43.152.12.0/22
- 43.152.128.0/22
- 43.152.133.0/24
- 43.152.134.0/23
- 43.152.136.0/21
- 43.152.144.0/20
- 43.152.160.0/22
- 43.152.16.0/21
- 43.152.164.0/23
- 43.152.166.0/24
- 43.152.168.0/21
- 43.152.178.0/23
- 43.152.180.0/22
- 43.152.184.0/21
- 43.152.192.0/18
- 43.152.24.0/22
- 43.152.31.0/24
- 43.152.32.0/23
- 43.152.35.0/24
- 43.152.36.0/22
- 43.152.40.0/21
- 43.152.48.0/20
- 43.152.74.0/23
- 43.152.76.0/22
- 43.152.80.0/22
- 43.152.8.0/23
- 43.152.92.0/23
- 43.153.0.0/16
- 43.154.0.0/15
- 43.156.0.0/15
- 43.158.0.0/16
- 43.159.0.0/20
- 43.159.128.0/17
- 43.159.64.0/23
- 43.159.70.0/23
- 43.159.72.0/21
- 43.159.81.0/24
- 43.159.82.0/23
- 43.159.85.0/24
- 43.159.86.0/23
- 43.159.88.0/21
- 43.159.96.0/19
- 43.160.0.0/15
- 43.162.0.0/16
- 43.163.0.0/17
- 43.163.128.0/18
- 43.163.192.255/32
- 43.163.193.0/24
- 43.163.194.0/23
- 43.163.196.0/22
- 43.163.200.0/21
- 43.163.208.0/20
- 43.163.224.0/19
- 43.164.0.0/18
- 43.164.128.0/17
- 43.165.0.0/16
- 43.166.128.0/18
- 43.166.224.0/19
- 43.168.0.0/20
- 43.168.16.0/21
- 43.168.24.0/22
- 43.168.255.0/24
- 43.168.32.0/19
- 43.168.64.0/20
- 43.168.80.0/22
- 43.169.0.0/16
- 43.170.0.0/16
- 43.174.0.0/18
- 43.174.128.0/17
- 43.174.64.0/22
- 43.174.68.0/23
- 43.174.71.0/24
- 43.174.74.0/23
- 43.174.76.0/22
- 43.174.80.0/20
- 43.174.96.0/19
- 43.175.0.0/20
- 43.175.113.0/24
- 43.175.114.0/23
- 43.175.116.0/22
- 43.175.120.0/21
- 43.175.128.0/18
- 43.175.16.0/22
- 43.175.192.0/20
- 43.175.20.0/23
- 43.175.208.0/21
- 43.175.216.0/22
- 43.175.220.0/23
- 43.175.22.0/24
- 43.175.222.0/24
- 43.175.224.0/20
- 43.175.25.0/24
- 43.175.26.0/23
- 43.175.28.0/22
- 43.175.32.0/19
- 43.175.64.0/19
- 43.175.96.0/20

18
data/crawlers/wikimedia-citoid.yaml
View File

@@ -1,18 +0,0 @@
# Wikimedia Foundation citation services
# https://www.mediawiki.org/wiki/Citoid
- name: wikimedia-citoid
user_agent_regex: "Citoid/WMF"
action: ALLOW
remote_addresses: [
"208.80.152.0/22",
"2620:0:860::/46",
]
- name: wikimedia-zotero-translation-server
user_agent_regex: "ZoteroTranslationServer/WMF"
action: ALLOW
remote_addresses: [
"208.80.152.0/22",
"2620:0:860::/46",
]

6
data/crawlers/yandexbot.yaml
View File

@@ -1,6 +0,0 @@
- name: yandexbot
action: ALLOW
expression:
all:
- userAgent.matches("\\+http\\://yandex\\.com/bots")
- verifyFCrDNS(remoteAddress, "^.*\\.yandex\\.(ru|com|net)$")

2
data/embed.go
View File

@@ -3,6 +3,6 @@ package data
import "embed"
var (
//go:embed botPolicies.yaml all:apps all:bots all:clients all:common all:crawlers all:meta all:services
//go:embed botPolicies.yaml botPolicies.json all:apps all:bots all:clients all:common all:crawlers all:meta
BotPolicies embed.FS
)

38
data/embed_test.go
View File

@@ -1,38 +0,0 @@
package data
import (
"path/filepath"
"strings"
"testing"
)
// TestBotPoliciesEmbed ensures all YAML files in the directory tree
// are accessible in the embedded BotPolicies filesystem.
func TestBotPoliciesEmbed(t *testing.T) {
yamlFiles, err := filepath.Glob("./**/*.yaml")
if err != nil {
t.Fatalf("Failed to glob YAML files: %v", err)
}
if len(yamlFiles) == 0 {
t.Fatal("No YAML files found in directory tree")
}
t.Logf("Found %d YAML files to verify", len(yamlFiles))
for _, filePath := range yamlFiles {
embeddedPath := strings.TrimPrefix(filePath, "./")
t.Run(embeddedPath, func(t *testing.T) {
content, err := BotPolicies.ReadFile(embeddedPath)
if err != nil {
t.Errorf("Failed to read %s from embedded filesystem: %v", embeddedPath, err)
return
}
if len(content) == 0 {
t.Errorf("File %s exists in embedded filesystem but is empty", embeddedPath)
}
})
}
}

2
data/meta/README.md
View File

@@ -2,4 +2,4 @@
Contains policies that exclusively reference policies in _multiple_ other data folders.
Akin to "stances" that the administrator can take, with reference to various topics, such as AI/LLM systems.
Akin to "stances" that the administrator can take, with reference to various topics, such as AI/LLM systems.

Some files were not shown because too many files have changed in this diff Show More