| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
I'm gonna be honest, this is an extreme galaxy brain strategy and I'm
not entirely sure if this will pan out. However I got the idea when
reading [a community post][0]
If this works, that would be so much funnier than just using "Mozilla"
in the rules. I think that this could greatly backfire though, which is
why I'm making a pull request and opening this for feedback from the
community.
It would be absolutely hilarious if this works though.
[0]: https://github.com/TecharoHQ/anubis/discussions/68#discussioncomment-12583134
|
|
|
|
Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) from 5.2.1 to 5.2.2.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2)
---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
The example/default bot policy document had a rule to allow RSS readers
through based on paths that end with ".rss", ".xml", ".atom", or
".json". Frameworks like Rails will treat these specially, meaning that
going to /things/12345-whateverhaha.json could bypass Anubis.
I checked the history of this rule and it was present in the original
example policy file in Xe/x. This rule is likely a mistake and it has
been removed. I think it was for making my blog still work with RSS
readers.
Thanks to Graham Sutherland for reporting this over email.
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* Add MojeekBot
* Update docs/docs/CHANGELOG.md
Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Dennis ten Hoove <36002865+dennis1248@users.noreply.github.com>
---------
Signed-off-by: Dennis ten Hoove <36002865+dennis1248@users.noreply.github.com>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
This triggers a SHAME release[0].
[0]: https://pridever.org/
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* cmd/anubis: use golang-jwt to check expiry date
Also:
* check parse error
* require strict base64 decoding
* ignore always nil sha256sum error to simplify codeflow
Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
* cmd/anubis: handle unlikely case when token claims aren't the right go type
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
|
hash.Write never returns error so removing it from
the results simplifies usage and eliminates dead error handling.
Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* Added the possibility to define rules for remote addresses
* Added change in changelog
* Added check for X-Real-Ip and X-Forwarded-For when checking for remote address filtering
* cmd/anubis: refine IP filtering logic
* Optimize the configuration so that the IP trie is created once at
application start instead of dynamically being created every request.
* Document the changes in the changelog and docs site.
* Allow pure IP range filtering.
* Allow user agent based IP range filtering.
* Allow path based IP range filtering.
* Create --debug-x-real-ip-default flag for testing Anubis locally
without a HTTP load balancer.
---------
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
* cmd/anubis: explain why users are seeing Anubis
Closes #25
Closes #38
Also includes the beginnings of a "user guides" section in the docs for
user-facing documentation.
* Update docs/docs/user/known-broken-extensions.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>
* cmd/anubis: fix indentation in index.templ
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
|
Closes #30
Introduces the "challenge" field in bot rule definitions:
```json
{
"name": "generic-bot-catchall",
"user_agent_regex": "(?i:bot|crawler)",
"action": "CHALLENGE",
"challenge": {
"difficulty": 16,
"report_as": 4,
"algorithm": "slow"
}
}
```
This makes Anubis return a challenge page for every user agent with
"bot" or "crawler" in it (case-insensitively) with difficulty 16 using
the old "slow" algorithm but reporting in the client as difficulty 4.
This is useful when you want to make certain clients in particular
suffer.
Additional validation and testing logic has been added to make sure
that users do not define "impossible" challenge settings.
If no algorithm is specified, Anubis defaults to the "fast" algorithm.
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* Add kagibot
Signed-off-by: makeworld <25111343+makew0rld@users.noreply.github.com>
* Update CHANGELOG.md
Signed-off-by: makeworld <25111343+makew0rld@users.noreply.github.com>
---------
Signed-off-by: makeworld <25111343+makew0rld@users.noreply.github.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* feat: allow binding to unix domain sockets
this is useful when the user does not want to expose more tcp ports than
needed. also simplifes configuration in some situation, like with nixos
modules as the socket paths can be automatically configured.
docs updated with additional configuration flags.
Signed-off-by: Cassie Cheung <me@soopy.moe>
* feat: graceful shutdown and cleanup on signal
this is needed to clean up left-over unix sockets, else on the next boot
listener panics with `address already in use`.
Co-authored-by: cat <cat@gensokyo.uk>
Signed-off-by: Cassie Cheung <me@soopy.moe>
* feat: support unix socket upstream targets
adds support for proxying unix socket upstreams, essentially allowing
anubis to run without listening on tcp sockets at all*.
*for metrics, neither prometheus and victoriametrics supports scraping
from unix sockets. if metrics are desired, tcp sockets are still needed.
Co-authored-by: cat <cat@gensokyo.uk>
Signed-off-by: Cassie Cheung <me@soopy.moe>
* docs: add changelog entry
---------
Signed-off-by: Cassie Cheung <me@soopy.moe>
Co-authored-by: cat <cat@gensokyo.uk>
|
|
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* cmd/containerbuild: default to ttl.sh for third party contributions
Closes #48
Signed-off-by: Xe Iaso <me@xeiaso.net>
* track comment tags
Signed-off-by: Xe Iaso <me@xeiaso.net>
* empty commit to make sure double-commenting doesn't work
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* Explicitely define image sources
Explicitely refering to docker.io will make the build succeed on software such as podman which does not default to docker.io as the standard image source
* Dockerfiles: use the full legal docker.io/library name just in case
Signed-off-by: Xe Iaso <me@xeiaso.net>
* update CHANGELOG
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
* Ensure content flows and stays centered on small screens
Fixes #18
* Do not overflow image, instead resize with page
* update CHANGELOG
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* fix: no duplicate work when exceeding that 1xxx number
* run go generate and update CHANGELOG
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
* Fix: Removed several visible AI artifacts (e.g., 6 fingers)
* Add an entry to docs/docs/CHANGELOG.md
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* add docs site based on docusarus
Closes #2
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: deploy to aeacus
Signed-off-by: Xe Iaso <me@xeiaso.net>
* ready for merge
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: fix anubis port
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* cmd/anubis: drastically optimize proof of work
Closes #12
Closes #17
This drastically optimizes the proof of work check by removing the
stringify call at every iteration. Additionally, this optimizes the
checks by running them in parallel for as many threads as the browser
has available (according to navigator.hardwareConcurrency).
This also changes the redirect lag to 250 milliseconds instead of 2000
milliseconds in order to be perceptually faster. This is below the
reaction time threshold of many people, so this will make the post-check
success phase perceptually instant.
Testing on an iPhone 7 Plus has shown that this can clear a difficulty 4
check in 3.4 seconds.
This actually optimizes the check so much it may be a logistical concern
for operators.
* cmd/anubis/js: fix happy cachebuster logic
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
commit (#15)
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Try using ko to build images
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
make docker image for Anubis
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Closes Xe/x#701
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
