cmd/anubis: delete example RSS reader rule (#67)

The example/default bot policy document had a rule to allow RSS readers
through based on paths that end with ".rss", ".xml", ".atom", or
".json". Frameworks like Rails will treat these specially, meaning that
going to /things/12345-whateverhaha.json could bypass Anubis.

I checked the history of this rule and it was present in the original
example policy file in Xe/x. This rule is likely a mistake and it has
been removed. I think it was for making my blog still work with RSS
readers.

Thanks to Graham Sutherland for reporting this over email.

Signed-off-by: Xe Iaso <me@xeiaso.net>

VERSION

@@ -1 +1 @@
-1.14.1
+1.14.2

cmd/anubis/botPolicies.json

@@ -335,6 +335,14 @@
         "193.183.0.174/32"
       ]
     },
+    {
+      "name": "mojeekbot",
+      "user_agent_regex": "http\\://www\\.mojeek\\.com/bot\\.html",
+      "action": "ALLOW",
+      "remote_addresses": [
+        "5.102.173.71/32"
+      ]
+    },
     {
       "name": "us-artificial-intelligence-scraper",
       "user_agent_regex": "\\+https\\:\\/\\/github\\.com\\/US-Artificial-Intelligence\\/scraper",
@@ -355,11 +363,6 @@
       "path_regex": "^/robots.txt$",
       "action": "ALLOW"
     },
-    {
-      "name": "rss-readers",
-      "path_regex": ".*\\.(rss|xml|atom|json)$",
-      "action": "ALLOW"
-    },
     {
       "name": "lightpanda",
       "user_agent_regex": "^Lightpanda/.*$",
@@ -392,4 +395,4 @@
     }
   ],
   "dnsbl": true
-}
+}

docs/docs/CHANGELOG.md

@@ -11,6 +11,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## v1.14.2
+
+Livia sas Junius: Echo 2
+
+- Remove default RSS reader rule as it may allow for a targeted attack against rails apps
+  [#67](https://github.com/TecharoHQ/anubis/pull/67)
+- Whitelist MojeekBot in botPolicies [#47](https://github.com/TecharoHQ/anubis/issues/47)
+
 ## v1.14.1
 
 Livia sas Junius: Echo 1