|
|
|
|
@@ -0,0 +1,225 @@
|
|
|
|
|
## Anubis has the ability to let you import snippets of configuration into the main
|
|
|
|
|
## configuration file. This allows you to break up your config into smaller parts
|
|
|
|
|
## that get logically assembled into one big file.
|
|
|
|
|
##
|
|
|
|
|
## Of note, a bot rule can either have inline bot configuration or import a
|
|
|
|
|
## bot config snippet. You cannot do both in a single bot rule.
|
|
|
|
|
##
|
|
|
|
|
## Import paths can either be prefixed with (data) to import from the common/shared
|
|
|
|
|
## rules in the data folder in the Anubis source tree or will point to absolute/relative
|
|
|
|
|
## paths in your filesystem. If you don't have access to the Anubis source tree, check
|
|
|
|
|
## /usr/share/docs/anubis/data or in the tarball you extracted Anubis from.
|
|
|
|
|
|
|
|
|
|
bots:
|
|
|
|
|
- import: (data)/crawlers/commoncrawl.yaml
|
|
|
|
|
# Pathological bots to deny
|
|
|
|
|
- # This correlates to data/bots/deny-pathological.yaml in the source tree
|
|
|
|
|
# https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml
|
|
|
|
|
import: (data)/bots/_deny-pathological.yaml
|
|
|
|
|
- import: (data)/bots/aggressive-brazilian-scrapers.yaml
|
|
|
|
|
|
|
|
|
|
# Aggressively block AI/LLM related bots/agents by default
|
|
|
|
|
- import: (data)/meta/ai-block-aggressive.yaml
|
|
|
|
|
|
|
|
|
|
# Consider replacing the aggressive AI policy with more selective policies:
|
|
|
|
|
# - import: (data)/meta/ai-block-moderate.yaml
|
|
|
|
|
# - import: (data)/meta/ai-block-permissive.yaml
|
|
|
|
|
|
|
|
|
|
# Search engine crawlers to allow, defaults to:
|
|
|
|
|
# - Google (so they don't try to bypass Anubis)
|
|
|
|
|
# - Apple
|
|
|
|
|
# - Bing
|
|
|
|
|
# - DuckDuckGo
|
|
|
|
|
# - Qwant
|
|
|
|
|
# - The Internet Archive
|
|
|
|
|
# - Kagi
|
|
|
|
|
# - Marginalia
|
|
|
|
|
# - Mojeek
|
|
|
|
|
- import: (data)/crawlers/_allow-good.yaml
|
|
|
|
|
# Challenge Firefox AI previews
|
|
|
|
|
- import: (data)/clients/x-firefox-ai.yaml
|
|
|
|
|
|
|
|
|
|
# Gitea
|
|
|
|
|
- import: (data)/apps/gitea-rss-feeds.yaml
|
|
|
|
|
# - import: (data)/clients/git.yaml
|
|
|
|
|
- name: git-clients
|
|
|
|
|
action: ALLOW
|
|
|
|
|
expression:
|
|
|
|
|
all:
|
|
|
|
|
- >
|
|
|
|
|
(
|
|
|
|
|
userAgent.startsWith("git/") ||
|
|
|
|
|
userAgent.contains("libgit") ||
|
|
|
|
|
userAgent.startsWith("go-git") ||
|
|
|
|
|
userAgent.startsWith("JGit/") ||
|
|
|
|
|
userAgent.startsWith("JGit-")
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Allow common "keeping the internet working" routes (well-known, favicon, robots.txt)
|
|
|
|
|
- import: (data)/common/keep-internet-working.yaml
|
|
|
|
|
|
|
|
|
|
# # Punish any bot with "bot" in the user-agent string
|
|
|
|
|
# # This is known to have a high false-positive rate, use at your own risk
|
|
|
|
|
# - name: generic-bot-catchall
|
|
|
|
|
# user_agent_regex: (?i:bot|crawler)
|
|
|
|
|
# action: CHALLENGE
|
|
|
|
|
# challenge:
|
|
|
|
|
# difficulty: 16 # impossible
|
|
|
|
|
# report_as: 4 # lie to the operator
|
|
|
|
|
# algorithm: slow # intentionally waste CPU cycles and time
|
|
|
|
|
|
|
|
|
|
- name: rss-feed-blog
|
|
|
|
|
action: ALLOW
|
|
|
|
|
expression:
|
|
|
|
|
any:
|
|
|
|
|
- path.startsWith("/blog/atom.")
|
|
|
|
|
- path.startsWith("/blog/rss.")
|
|
|
|
|
|
|
|
|
|
# Generic catchall rule
|
|
|
|
|
- name: base-weight
|
|
|
|
|
expression: "true"
|
|
|
|
|
action: WEIGH
|
|
|
|
|
weight:
|
|
|
|
|
adjust: 10
|
|
|
|
|
|
|
|
|
|
- name: http2-client-protocol
|
|
|
|
|
expression:
|
|
|
|
|
all:
|
|
|
|
|
- '"X-Http-Protocol" in headers'
|
|
|
|
|
- headers["X-Http-Protocol"] == "HTTP/2.0"
|
|
|
|
|
action: WEIGH
|
|
|
|
|
weight:
|
|
|
|
|
adjust: -5
|
|
|
|
|
|
|
|
|
|
# The weight thresholds for when to trigger individual challenges. Any
|
|
|
|
|
# CHALLENGE will take precedence over this.
|
|
|
|
|
#
|
|
|
|
|
# A threshold has four configuration options:
|
|
|
|
|
#
|
|
|
|
|
# - name: the name that is reported down the stack and used for metrics
|
|
|
|
|
# - expression: A CEL expression with the request weight in the variable
|
|
|
|
|
# weight
|
|
|
|
|
# - action: the Anubis action to apply, similar to in a bot policy
|
|
|
|
|
# - challenge: which challenge to send to the user, similar to in a bot policy
|
|
|
|
|
#
|
|
|
|
|
# See https://anubis.techaro.lol/docs/admin/configuration/thresholds for more
|
|
|
|
|
# information.
|
|
|
|
|
thresholds:
|
|
|
|
|
# By default Anubis ships with the following thresholds:
|
|
|
|
|
- name: minimal-suspicion # This client is likely fine, its soul is lighter than a feather
|
|
|
|
|
expression: weight <= 0 # a feather weighs zero units
|
|
|
|
|
action: ALLOW # Allow the traffic through
|
|
|
|
|
# For clients that had some weight reduced through custom rules, give them a
|
|
|
|
|
# lightweight challenge.
|
|
|
|
|
- name: mild-suspicion
|
|
|
|
|
expression:
|
|
|
|
|
all:
|
|
|
|
|
- weight > 0
|
|
|
|
|
- weight < 10
|
|
|
|
|
action: CHALLENGE
|
|
|
|
|
challenge:
|
|
|
|
|
# https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh
|
|
|
|
|
algorithm: metarefresh
|
|
|
|
|
difficulty: 1
|
|
|
|
|
report_as: 1
|
|
|
|
|
# For clients that are browser-like but have either gained points from custom rules or
|
|
|
|
|
# report as a standard browser.
|
|
|
|
|
- name: moderate-suspicion
|
|
|
|
|
expression:
|
|
|
|
|
all:
|
|
|
|
|
- weight >= 10
|
|
|
|
|
- weight < 20
|
|
|
|
|
action: CHALLENGE
|
|
|
|
|
challenge:
|
|
|
|
|
# https://anubis.techaro.lol/docs/admin/configuration/challenges/preact
|
|
|
|
|
#
|
|
|
|
|
# This challenge proves the client can run a webapp written with Preact.
|
|
|
|
|
# The preact webapp simply loads, calculates the SHA-256 checksum of the
|
|
|
|
|
# challenge data, and forwards that to the client.
|
|
|
|
|
algorithm: preact
|
|
|
|
|
difficulty: 1
|
|
|
|
|
report_as: 1
|
|
|
|
|
- name: mild-proof-of-work
|
|
|
|
|
expression:
|
|
|
|
|
all:
|
|
|
|
|
- weight >= 20
|
|
|
|
|
- weight < 30
|
|
|
|
|
action: CHALLENGE
|
|
|
|
|
challenge:
|
|
|
|
|
# https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
|
|
|
|
|
algorithm: fast
|
|
|
|
|
difficulty: 2 # two leading zeros, very fast for most clients
|
|
|
|
|
report_as: 2
|
|
|
|
|
# For clients that are browser like and have gained many points from custom rules
|
|
|
|
|
- name: extreme-suspicion
|
|
|
|
|
expression: weight >= 30
|
|
|
|
|
action: CHALLENGE
|
|
|
|
|
challenge:
|
|
|
|
|
# https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
|
|
|
|
|
algorithm: fast
|
|
|
|
|
difficulty: 4
|
|
|
|
|
report_as: 4
|
|
|
|
|
|
|
|
|
|
dnsbl: false
|
|
|
|
|
|
|
|
|
|
impressum:
|
|
|
|
|
footer: |
|
|
|
|
|
This website is hosted by Techaro. If you have any complaints or notes about the service, please contact <a href="mailto:support@techaro.lol">support@techaro.lol</a> and we will assist you as soon as possible.
|
|
|
|
|
|
|
|
|
|
page:
|
|
|
|
|
title: Privacy Policy
|
|
|
|
|
body: |
|
|
|
|
|
<p>Last updated: June 2025</p>
|
|
|
|
|
|
|
|
|
|
<h2>Information that is gathered from visitors</h2>
|
|
|
|
|
|
|
|
|
|
<p>In common with other websites, log files are stored on the web server saving details such as the visitor's IP address, browser type, referring page and time of visit.</p>
|
|
|
|
|
|
|
|
|
|
<p>Cookies may be used to remember visitor preferences when interacting with the website.</p>
|
|
|
|
|
|
|
|
|
|
<p>Where registration is required, the visitor's email and a username will be stored on the server.</p>
|
|
|
|
|
|
|
|
|
|
<h2>How the Information is used</h2>
|
|
|
|
|
|
|
|
|
|
<p>The information is used to enhance the vistor's experience when using the website to display personalised content and possibly advertising.</p>
|
|
|
|
|
|
|
|
|
|
<p>E-mail addresses will not be sold, rented or leased to 3rd parties.</p>
|
|
|
|
|
|
|
|
|
|
<p>E-mail may be sent to inform you of news of our services or offers by us or our affiliates.</p>
|
|
|
|
|
|
|
|
|
|
<h2>Visitor Options</h2>
|
|
|
|
|
|
|
|
|
|
<p>If you have subscribed to one of our services, you may unsubscribe by following the instructions which are included in e-mail that you receive.</p>
|
|
|
|
|
|
|
|
|
|
<p>You may be able to block cookies via your browser settings but this may prevent you from access to certain features of the website.</p>
|
|
|
|
|
|
|
|
|
|
<h2>Cookies</h2>
|
|
|
|
|
|
|
|
|
|
<p>Cookies are small digital signature files that are stored by your web browser that allow your preferences to be recorded when visiting the website. Also they may be used to track your return visits to the website.</p>
|
|
|
|
|
|
|
|
|
|
<p>3rd party advertising companies may also use cookies for tracking purposes.</p>
|
|
|
|
|
|
|
|
|
|
<h2>Techaro Anubis</h2>
|
|
|
|
|
|
|
|
|
|
<p>This website uses a service called <a href="https://anubis.techaro.lol">Anubis</a> to filter malicious traffic. Anubis requires the use of browser cookies to ensure that web clients are running conformant software. Anubis also may report the following data to Techaro to improve service quality:</p>
|
|
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
<li>IP address (for purposes of matching against geo-location and BGP autonomous systems numbers), which is stored in-memory and not persisted to disk.</li>
|
|
|
|
|
<li>Unique browser fingerprints (such as HTTP request fingerprints and encryption system fingerprints), which may be stored on Techaro's side for a period of up to one month.</li>
|
|
|
|
|
<li>HTTP request metadata that may include things such as the User-Agent header and other identifiers.</li>
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
|
|
<p>This data is processed and stored for the legitimate interest of combatting abusive web clients. This data is encrypted at rest as much as possible and is only decrypted in memory for the purposes of fulfilling requests.</p>
|
|
|
|
|
|
|
|
|
|
# By default, send HTTP 200 back to clients that either get issued a challenge
|
|
|
|
|
# or a denial. This seems weird, but this is load-bearing due to the fact that
|
|
|
|
|
# the most aggressive scraper bots seem to really, really, want an HTTP 200 and
|
|
|
|
|
# will stop sending requests once they get it.
|
|
|
|
|
status_codes:
|
|
|
|
|
CHALLENGE: 200
|
|
|
|
|
DENY: 200
|
|
|
|
|
|
|
|
|
|
store:
|
|
|
|
|
backend: bbolt
|
|
|
|
|
parameters:
|
|
|
|
|
path: /var/lib/anubis/gitea/gitea.bdb
|
Jim Hague