mirror of
https://github.com/TecharoHQ/anubis.git
synced 2026-04-09 18:18:49 +00:00
4ead3ed16e
* fix(config): deprecate the report_as field for challenges This was a bad idea when it was added and it is irresponsible to continue to have it. It causes more UX problems than it fixes with slight of hand. Closes: #1310 Closes: #1307 Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(policy): use the new logger for config validation messages Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(admin/thresholds): remove this report_as setting Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
137 lines
2.8 KiB
Plaintext
137 lines
2.8 KiB
Plaintext
# Weight Threshold Configuration
|
|
|
|
Anubis offers the ability to assign "weight" to requests. This is a custom level of suspicion that rules can add to or remove from. For example, here's how you assign 10 weight points to anything that might be a browser:
|
|
|
|
```yaml
|
|
# botPolicies.yaml
|
|
|
|
bots:
|
|
- name: generic-browser
|
|
user_agent_regex: >-
|
|
Mozilla|Opera
|
|
action: WEIGH
|
|
weight:
|
|
adjust: 10
|
|
```
|
|
|
|
Thresholds let you take this per-request weight value and take actions in response to it. Thresholds are defined alongside your bot configuration in `botPolicies.yaml`.
|
|
|
|
:::note
|
|
|
|
Thresholds DO NOT apply when a request matches a bot rule with the CHALLENGE action. Thresholds only apply when requests don't match any terminal bot rules.
|
|
|
|
:::
|
|
|
|
```yaml
|
|
# botPolicies.yaml
|
|
|
|
bots: ...
|
|
|
|
thresholds:
|
|
- name: minimal-suspicion
|
|
expression: weight < 0
|
|
action: ALLOW
|
|
|
|
- name: mild-suspicion
|
|
expression:
|
|
all:
|
|
- weight >= 0
|
|
- weight < 10
|
|
action: CHALLENGE
|
|
challenge:
|
|
algorithm: metarefresh
|
|
difficulty: 1
|
|
|
|
- name: moderate-suspicion
|
|
expression:
|
|
all:
|
|
- weight >= 10
|
|
- weight < 20
|
|
action: CHALLENGE
|
|
challenge:
|
|
algorithm: fast
|
|
difficulty: 2
|
|
|
|
- name: extreme-suspicion
|
|
expression: weight >= 20
|
|
action: CHALLENGE
|
|
challenge:
|
|
algorithm: fast
|
|
difficulty: 4
|
|
```
|
|
|
|
This defines a suite of 4 thresholds:
|
|
|
|
1. If the request weight is less than zero, allow it through.
|
|
2. If the request weight is greater than or equal to zero, but less than ten: give it [a very lightweight challenge](./challenges/metarefresh.mdx).
|
|
3. If the request weight is greater than or equal to ten, but less than twenty: give it [a slightly heavier challenge](./challenges/proof-of-work.mdx).
|
|
4. Otherwise, give it [the heaviest challenge](./challenges/proof-of-work.mdx).
|
|
|
|
Thresholds can be configured with the following options:
|
|
|
|
<table>
|
|
<thead>
|
|
<tr>
|
|
<th>Name</th>
|
|
<th>Description</th>
|
|
<th>Example</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>`name`</td>
|
|
<td>The human-readable name for this threshold.</td>
|
|
<td>
|
|
|
|
```yaml
|
|
name: extreme-suspicion
|
|
```
|
|
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>`expression`</td>
|
|
<td>A [CEL](https://cel.dev/) expression taking the request weight and returning true or false</td>
|
|
<td>
|
|
|
|
To check if the request weight is less than zero:
|
|
|
|
```yaml
|
|
expression: weight < 0
|
|
```
|
|
|
|
To check if it's between 0 and 10 (inclusive):
|
|
|
|
```yaml
|
|
expression:
|
|
all:
|
|
- weight >= 0
|
|
- weight < 10
|
|
```
|
|
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>`action`</td>
|
|
<td>The Anubis action to apply: `ALLOW`, `CHALLENGE`, or `DENY`</td>
|
|
<td>
|
|
|
|
```yaml
|
|
action: ALLOW
|
|
```
|
|
|
|
If you set the CHALLENGE action, you must set challenge details:
|
|
|
|
```yaml
|
|
action: CHALLENGE
|
|
challenge:
|
|
algorithm: metarefresh
|
|
difficulty: 1
|
|
```
|
|
|
|
</td>
|
|
</tr>
|
|
|
|
</tbody>
|
|
</table>
|