pyrox.dev / nix
My Nix Configuration
fork atom

[pkgs] anubis-files: rework to hopefully fix them

pyrox.dev adddcbdb 5b031fb6

+318 -122
unified split
+54 -1
packages/anubis-files/src/policies/default.yaml
··· 1 bots: 2 - import: CUSTOM/policies/meta/base.yaml 3 - - import: CUSTOM/policies/meta/openGraph.yaml
··· 1 bots: 2 - import: CUSTOM/policies/meta/base.yaml 3 + dnsbl: false 4 + openGraph: 5 + enabled: true 6 + considerHost: false 7 + ttl: 24h 8 + status_codes: 9 + CHALLENGE: 200 10 + DENY: 200 11 + thresholds: 12 + - name: minimal-suspicion 13 + expression: weight <= 0 14 + action: ALLOW 15 + - name: mild-suspicion 16 + expression: 17 + all: 18 + - weight > 0 19 + - weight < 10 20 + action: CHALLENGE 21 + challenge: 22 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh 23 + algorithm: metarefresh 24 + difficulty: 1 25 + report_as: 1 26 + - name: moderate-suspicion 27 + expression: 28 + all: 29 + - weight >= 10 30 + - weight < 20 31 + action: CHALLENGE 32 + challenge: 33 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 34 + algorithm: fast 35 + difficulty: 2 # two leading zeros, very fast for most clients 36 + report_as: 2 37 + - name: mild-proof-of-work 38 + expression: 39 + all: 40 + - weight >= 20 41 + - weight < 30 42 + action: CHALLENGE 43 + challenge: 44 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 45 + algorithm: fast 46 + difficulty: 4 47 + report_as: 4 48 + # For clients that are browser like and have gained many points from custom rules 49 + - name: extreme-suspicion 50 + expression: weight >= 30 51 + action: CHALLENGE 52 + challenge: 53 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 54 + algorithm: fast 55 + difficulty: 6 56 + report_as: 5
+53 -1
packages/anubis-files/src/policies/forgejo.yaml
··· 1 bots: 2 - import: CUSTOM/policies/meta/base.yaml 3 - - import: CUSTOM/policies/meta/openGraph.yaml 4 - import: (data)/clients/git.yaml 5 - import: (data)/apps/gitea-rss-feeds.yaml 6 dnsbl: false
··· 1 bots: 2 - import: CUSTOM/policies/meta/base.yaml 3 - import: (data)/clients/git.yaml 4 - import: (data)/apps/gitea-rss-feeds.yaml 5 dnsbl: false 6 + openGraph: 7 + enabled: true 8 + considerHost: false 9 + ttl: 24h 10 + status_codes: 11 + CHALLENGE: 200 12 + DENY: 200 13 + thresholds: 14 + - name: minimal-suspicion 15 + expression: weight <= 0 16 + action: ALLOW 17 + - name: mild-suspicion 18 + expression: 19 + all: 20 + - weight > 0 21 + - weight < 10 22 + action: CHALLENGE 23 + challenge: 24 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh 25 + algorithm: metarefresh 26 + difficulty: 1 27 + report_as: 1 28 + - name: moderate-suspicion 29 + expression: 30 + all: 31 + - weight >= 10 32 + - weight < 20 33 + action: CHALLENGE 34 + challenge: 35 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 36 + algorithm: fast 37 + difficulty: 2 # two leading zeros, very fast for most clients 38 + report_as: 2 39 + - name: mild-proof-of-work 40 + expression: 41 + all: 42 + - weight >= 20 43 + - weight < 30 44 + action: CHALLENGE 45 + challenge: 46 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 47 + algorithm: fast 48 + difficulty: 4 49 + report_as: 4 50 + # For clients that are browser like and have gained many points from custom rules 51 + - name: extreme-suspicion 52 + expression: weight >= 30 53 + action: CHALLENGE 54 + challenge: 55 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 56 + algorithm: fast 57 + difficulty: 6 58 + report_as: 5
+53 -113
packages/anubis-files/src/policies/meta/base.yaml
··· 1 - bots: 2 - - import: (data)/bots/_deny-pathological.yaml 3 - - import: (data)/bots/aggressive-brazilian-scrapers.yaml 4 - - import: (data)/meta/ai-block-aggressive.yaml 5 - - import: (data)/crawlers/_allow-good.yaml 6 - - import: (data)/clients/x-firefox-ai.yaml 7 - - import: (data)/common/keep-internet-working.yaml 8 - 9 - - name: realistic-browser-catchall 10 - expression: 11 - all: 12 - - '"User-Agent" in headers' 13 - - '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )' 14 - - '"Accept" in headers' 15 - - '"Sec-Fetch-Dest" in headers' 16 - - '"Sec-Fetch-Mode" in headers' 17 - - '"Sec-Fetch-Site" in headers' 18 - - '"Accept-Encoding" in headers' 19 - - '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )' 20 - - '"Accept-Language" in headers' 21 - action: WEIGH 22 - weight: 23 - adjust: -10 24 - 25 # The Upgrade-Insecure-Requests header is typically sent by browsers, but not always 26 - - name: upgrade-insecure-requests 27 - expression: '"Upgrade-Insecure-Requests" in headers' 28 - action: WEIGH 29 - weight: 30 - adjust: -2 31 - 32 - # Chrome should behave like Chrome 33 - - name: chrome-is-proper 34 - expression: 35 - all: 36 - - userAgent.contains("Chrome") 37 - - '"Sec-Ch-Ua" in headers' 38 - - 'headers["Sec-Ch-Ua"].contains("Chromium")' 39 - - '"Sec-Ch-Ua-Mobile" in headers' 40 - - '"Sec-Ch-Ua-Platform" in headers' 41 - action: WEIGH 42 - weight: 43 - adjust: -5 44 - 45 - - name: should-have-accept 46 - expression: '!("Accept" in headers)' 47 - action: WEIGH 48 - weight: 49 - adjust: 5 50 - 51 - # Generic catchall rule 52 - - name: generic-browser 53 - user_agent_regex: >- 54 - Mozilla|Opera|Chrome|Chromium 55 - action: WEIGH 56 - weight: 57 - adjust: 10 58 - 59 - dnsbl: false 60 - 61 - status_codes: 62 - CHALLENGE: 200 63 - DENY: 200 64 - 65 - thresholds: 66 - - name: minimal-suspicion 67 - expression: weight <= 0 68 - action: ALLOW 69 - 70 - - name: mild-suspicion 71 - expression: 72 - all: 73 - - weight > 0 74 - - weight < 10 75 - action: CHALLENGE 76 - challenge: 77 - # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh 78 - algorithm: metarefresh 79 - difficulty: 1 80 - report_as: 1 81 - 82 - - name: moderate-suspicion 83 - expression: 84 - all: 85 - - weight >= 10 86 - - weight < 20 87 - action: CHALLENGE 88 - challenge: 89 - # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 90 - algorithm: fast 91 - difficulty: 2 # two leading zeros, very fast for most clients 92 - report_as: 2 93 - 94 - - name: mild-proof-of-work 95 - expression: 96 - all: 97 - - weight >= 20 98 - - weight < 30 99 - action: CHALLENGE 100 - challenge: 101 - # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 102 - algorithm: fast 103 - difficulty: 4 104 - report_as: 4 105 - 106 - # For clients that are browser like and have gained many points from custom rules 107 - - name: extreme-suspicion 108 - expression: weight >= 30 109 - action: CHALLENGE 110 - challenge: 111 - # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 112 - algorithm: fast 113 - difficulty: 6 114 - report_as: 5
··· 1 + # keep-sorted start 2 + - import: (data)/bots/_deny-pathological.yaml 3 + - import: (data)/bots/aggressive-brazilian-scrapers.yaml 4 + - import: (data)/clients/x-firefox-ai.yaml 5 + - import: (data)/common/keep-internet-working.yaml 6 + - import: (data)/common/rfc-violations.yaml 7 + - import: (data)/crawlers/_allow-good.yaml 8 + - import: (data)/meta/ai-block-aggressive.yaml 9 + # keep-sorted end 10 + - name: realistic-browser-catchall 11 + expression: 12 + all: 13 + - '"User-Agent" in headers' 14 + - '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )' 15 + - '"Accept" in headers' 16 + - '"Sec-Fetch-Dest" in headers' 17 + - '"Sec-Fetch-Mode" in headers' 18 + - '"Sec-Fetch-Site" in headers' 19 + - '"Accept-Encoding" in headers' 20 + - '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )' 21 + - '"Accept-Language" in headers' 22 + action: WEIGH 23 + weight: 24 + adjust: -10 25 # The Upgrade-Insecure-Requests header is typically sent by browsers, but not always 26 + - name: upgrade-insecure-requests 27 + expression: '"Upgrade-Insecure-Requests" in headers' 28 + action: WEIGH 29 + weight: 30 + adjust: -2 31 + # Chrome should behave like Chrome 32 + - name: chrome-is-proper 33 + expression: 34 + all: 35 + - userAgent.contains("Chrome") 36 + - '"Sec-Ch-Ua" in headers' 37 + - 'headers["Sec-Ch-Ua"].contains("Chromium")' 38 + - '"Sec-Ch-Ua-Mobile" in headers' 39 + - '"Sec-Ch-Ua-Platform" in headers' 40 + action: WEIGH 41 + weight: 42 + adjust: -5 43 + - name: should-have-accept 44 + expression: '!("Accept" in headers)' 45 + action: WEIGH 46 + weight: 47 + adjust: 5 48 + # Generic catchall rule 49 + - name: generic-browser 50 + user_agent_regex: >- 51 + Mozilla|Opera|Chrome|Chromium 52 + action: WEIGH 53 + weight: 54 + adjust: 10
-4
packages/anubis-files/src/policies/meta/openGraph.yaml
··· 1 - openGraph: 2 - enabled: true 3 - considerHost: false 4 - ttl: 24h
···
+50 -1
packages/anubis-files/src/policies/nextcloud-office.yaml
··· 1 bots: 2 - import: CUSTOM/policies/meta/base.yaml 3 - - import: CUSTOM/policies/openGraph.yaml 4 # Allow requests from the nextcloud server to bypass checks 5 - name: allow-nextcloud-server 6 user_agent_regex: ^Nextcloud Server / richdocuments$ 7 action: ALLOW
··· 1 bots: 2 - import: CUSTOM/policies/meta/base.yaml 3 # Allow requests from the nextcloud server to bypass checks 4 - name: allow-nextcloud-server 5 user_agent_regex: ^Nextcloud Server / richdocuments$ 6 action: ALLOW 7 + dnsbl: false 8 + status_codes: 9 + CHALLENGE: 200 10 + DENY: 200 11 + thresholds: 12 + - name: minimal-suspicion 13 + expression: weight <= 0 14 + action: ALLOW 15 + - name: mild-suspicion 16 + expression: 17 + all: 18 + - weight > 0 19 + - weight < 10 20 + action: CHALLENGE 21 + challenge: 22 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh 23 + algorithm: metarefresh 24 + difficulty: 1 25 + report_as: 1 26 + - name: moderate-suspicion 27 + expression: 28 + all: 29 + - weight >= 10 30 + - weight < 20 31 + action: CHALLENGE 32 + challenge: 33 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 34 + algorithm: fast 35 + difficulty: 2 # two leading zeros, very fast for most clients 36 + report_as: 2 37 + - name: mild-proof-of-work 38 + expression: 39 + all: 40 + - weight >= 20 41 + - weight < 30 42 + action: CHALLENGE 43 + challenge: 44 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 45 + algorithm: fast 46 + difficulty: 4 47 + report_as: 4 48 + # For clients that are browser like and have gained many points from custom rules 49 + - name: extreme-suspicion 50 + expression: weight >= 30 51 + action: CHALLENGE 52 + challenge: 53 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 54 + algorithm: fast 55 + difficulty: 6 56 + report_as: 5
+54 -1
packages/anubis-files/src/policies/nextcloud.yaml
··· 1 bots: 2 - import: CUSTOM/profiles/meta/base.yaml 3 - - import: CUSTOM/profiles/meta/openGraph.yaml 4 # Allow android apps that I use 5 - name: allow-android-apps 6 user_agent_regex: Nextcloud-android|DAVx5|ICSx5 ··· 33 - 'path.startsWith("/apps/theming/")' 34 # Public DAV endpoint 35 - 'path.startsWith("/public.php/dav/files/")'
··· 1 bots: 2 - import: CUSTOM/profiles/meta/base.yaml 3 # Allow android apps that I use 4 - name: allow-android-apps 5 user_agent_regex: Nextcloud-android|DAVx5|ICSx5 ··· 32 - 'path.startsWith("/apps/theming/")' 33 # Public DAV endpoint 34 - 'path.startsWith("/public.php/dav/files/")' 35 + dnsbl: false 36 + openGraph: 37 + enabled: true 38 + considerHost: false 39 + ttl: 24h 40 + status_codes: 41 + CHALLENGE: 200 42 + DENY: 200 43 + thresholds: 44 + - name: minimal-suspicion 45 + expression: weight <= 0 46 + action: ALLOW 47 + - name: mild-suspicion 48 + expression: 49 + all: 50 + - weight > 0 51 + - weight < 10 52 + action: CHALLENGE 53 + challenge: 54 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh 55 + algorithm: metarefresh 56 + difficulty: 1 57 + report_as: 1 58 + - name: moderate-suspicion 59 + expression: 60 + all: 61 + - weight >= 10 62 + - weight < 20 63 + action: CHALLENGE 64 + challenge: 65 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 66 + algorithm: fast 67 + difficulty: 2 # two leading zeros, very fast for most clients 68 + report_as: 2 69 + - name: mild-proof-of-work 70 + expression: 71 + all: 72 + - weight >= 20 73 + - weight < 30 74 + action: CHALLENGE 75 + challenge: 76 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 77 + algorithm: fast 78 + difficulty: 4 79 + report_as: 4 80 + # For clients that are browser like and have gained many points from custom rules 81 + - name: extreme-suspicion 82 + expression: weight >= 30 83 + action: CHALLENGE 84 + challenge: 85 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 86 + algorithm: fast 87 + difficulty: 6 88 + report_as: 5
+54 -1
packages/anubis-files/src/policies/vaultwarden.yaml
··· 1 bots: 2 - import: CUSTOM/policies/meta/base.yaml 3 - - import: CUSTOM/policies/meta/openGraph.yaml 4 # Allow bitwarden apps 5 - name: allow-bitwarden-mobile 6 user_agent_regex: Bitwarden_Mobile ··· 8 - name: allow-bitwarden-webext 9 user_agent_regex: Mozilla 10 action: ALLOW
··· 1 bots: 2 - import: CUSTOM/policies/meta/base.yaml 3 # Allow bitwarden apps 4 - name: allow-bitwarden-mobile 5 user_agent_regex: Bitwarden_Mobile ··· 7 - name: allow-bitwarden-webext 8 user_agent_regex: Mozilla 9 action: ALLOW 10 + dnsbl: false 11 + openGraph: 12 + enabled: true 13 + considerHost: false 14 + ttl: 24h 15 + status_codes: 16 + CHALLENGE: 200 17 + DENY: 200 18 + thresholds: 19 + - name: minimal-suspicion 20 + expression: weight <= 0 21 + action: ALLOW 22 + - name: mild-suspicion 23 + expression: 24 + all: 25 + - weight > 0 26 + - weight < 10 27 + action: CHALLENGE 28 + challenge: 29 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh 30 + algorithm: metarefresh 31 + difficulty: 1 32 + report_as: 1 33 + - name: moderate-suspicion 34 + expression: 35 + all: 36 + - weight >= 10 37 + - weight < 20 38 + action: CHALLENGE 39 + challenge: 40 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 41 + algorithm: fast 42 + difficulty: 2 # two leading zeros, very fast for most clients 43 + report_as: 2 44 + - name: mild-proof-of-work 45 + expression: 46 + all: 47 + - weight >= 20 48 + - weight < 30 49 + action: CHALLENGE 50 + challenge: 51 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 52 + algorithm: fast 53 + difficulty: 4 54 + report_as: 4 55 + # For clients that are browser like and have gained many points from custom rules 56 + - name: extreme-suspicion 57 + expression: weight >= 30 58 + action: CHALLENGE 59 + challenge: 60 + # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work 61 + algorithm: fast 62 + difficulty: 6 63 + report_as: 5