diff options
| author | Xe Iaso <me@xeiaso.net> | 2025-03-21 17:20:17 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-21 17:20:17 -0400 |
| commit | 5f7942faca06e844996cbaa0c342fc39d9bc121d (patch) | |
| tree | 23d4af3daaad2e7a25ddaaa77fc016b1a6e940cd /cmd | |
| parent | 869e46a4cc80a63d62e73d384b066b305049c935 (diff) | |
| download | anubis-5f7942faca06e844996cbaa0c342fc39d9bc121d.tar.xz anubis-5f7942faca06e844996cbaa0c342fc39d9bc121d.zip | |
cmd/anubis: delete example RSS reader rule (#67)v1.14.2
The example/default bot policy document had a rule to allow RSS readers
through based on paths that end with ".rss", ".xml", ".atom", or
".json". Frameworks like Rails will treat these specially, meaning that
going to /things/12345-whateverhaha.json could bypass Anubis.
I checked the history of this rule and it was present in the original
example policy file in Xe/x. This rule is likely a mistake and it has
been removed. I think it was for making my blog still work with RSS
readers.
Thanks to Graham Sutherland for reporting this over email.
Signed-off-by: Xe Iaso <me@xeiaso.net>
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/anubis/botPolicies.json | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/cmd/anubis/botPolicies.json b/cmd/anubis/botPolicies.json index 2785d87..aad2e9e 100644 --- a/cmd/anubis/botPolicies.json +++ b/cmd/anubis/botPolicies.json @@ -364,11 +364,6 @@ "action": "ALLOW" }, { - "name": "rss-readers", - "path_regex": ".*\\.(rss|xml|atom|json)$", - "action": "ALLOW" - }, - { "name": "lightpanda", "user_agent_regex": "^Lightpanda/.*$", "action": "DENY" |