From 5f7942faca06e844996cbaa0c342fc39d9bc121d Mon Sep 17 00:00:00 2001
From: Xe Iaso <me@xeiaso.net>
Date: Fri, 21 Mar 2025 17:20:17 -0400
Subject: cmd/anubis: delete example RSS reader rule (#67)

The example/default bot policy document had a rule to allow RSS readers
through based on paths that end with ".rss", ".xml", ".atom", or
".json". Frameworks like Rails will treat these specially, meaning that
going to /things/12345-whateverhaha.json could bypass Anubis.

I checked the history of this rule and it was present in the original
example policy file in Xe/x. This rule is likely a mistake and it has
been removed. I think it was for making my blog still work with RSS
readers.

Thanks to Graham Sutherland for reporting this over email.

Signed-off-by: Xe Iaso <me@xeiaso.net>
---
 cmd/anubis/botPolicies.json | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'cmd')

diff --git a/cmd/anubis/botPolicies.json b/cmd/anubis/botPolicies.json
index 2785d87..aad2e9e 100644
--- a/cmd/anubis/botPolicies.json
+++ b/cmd/anubis/botPolicies.json
@@ -363,11 +363,6 @@
       "path_regex": "^/robots.txt$",
       "action": "ALLOW"
     },
-    {
-      "name": "rss-readers",
-      "path_regex": ".*\\.(rss|xml|atom|json)$",
-      "action": "ALLOW"
-    },
     {
       "name": "lightpanda",
       "user_agent_regex": "^Lightpanda/.*$",
-- 
cgit v1.2.3