feat: implement imprint/impressum support (#706)

* feat: implement imprint/impressum support Closes #362 Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(docs/anubis): enable an imprint Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: fix the end of the sentence, comment out a default impressum Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: link back to impressum page Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-22 18:09:37 -04:00 · 2025-06-22 18:09:37 -04:00 · 5870f7072c
commit 5870f7072c
parent 3c1d95d61e
22 changed files with 530 additions and 130 deletions
--- a/docs/docs/CHANGELOG.md
+++ b/docs/docs/CHANGELOG.md
@ -24,6 +24,7 @@ The big ticket items are as follows:
 - Add `robots2policy` CLI utility to convert robots.txt files to Anubis challenge policies using CEL expressions ([#409](https://github.com/TecharoHQ/anubis/issues/409))
 - Refactor challenge presentation logic to use a challenge registry
 - Allow challenge implementations to register HTTP routes
+- [Imprint/Impressum support](./admin/configuration/impressum.mdx) ([#362](https://github.com/TecharoHQ/anubis/issues/362))

 A lot of performance improvements have been made:

--- a/docs/docs/admin/configuration/impressum.mdx
+++ b/docs/docs/admin/configuration/impressum.mdx
@ -0,0 +1,70 @@
+# Imprint / Impressum configuration
+
+Some jurisdictions (such as the European Union and specifically Germany) [must have contact information freely available](https://www.privacycompany.eu/blog/the-imprint-requirement-a-must-have-for-companies-from-outside-germany) on an imprint/impressum page. Anubis supports creating an Anubis-specific imprint page for your organization with the `impressum` block in your bot policy file. For example:
+
+```yaml
+impressum:
+  # Displayed at the bottom of every page rendered by Anubis.
+  footer: >-
+    This website is hosted by Techaro. If you have any complaints or notes 
+    about the service, please contact
+    <a href="mailto:contact@techaro.lol">contact@techaro.lol</a> and we
+    will assist you as soon as possible.
+
+  # The imprint page that will be linked to at the footer of every Anubis page.
+  page:
+    # The HTML <title> of the page
+    title: Imprint and Privacy Policy
+    # The HTML contents of the page. The exact contents of this page can
+    # and will vary by locale. Please consult with a lawyer if you are not
+    # sure what to put here
+    body: >-
+      <p>Last updated: June 2025</p>
+
+      <h2>Information that is gathered from visitors</h2>
+
+      <p>In common with other websites, log files are stored on the web server saving details such as the visitor's IP address, browser type, referring page and time of visit.</p>
+
+      <p>Cookies may be used to remember visitor preferences when interacting with the website.</p>
+
+      <p>Where registration is required, the visitor's email and a username will be stored on the server.</p>
+
+      <!-- ... -->
+```
+
+If you are subscribed to and using [advanced classification features](../thoth.mdx), be sure to disclose the following:
+
+```html
+<h2>Techaro Anubis</h2>
+
+<p>
+  This website uses a service called
+  <a href="https://anubis.techaro.lol">Anubis</a> by
+  <a href="https://techaro.lol">Techaro</a> to filter malicious traffic. Anubis
+  requires the use of browser cookies to ensure that web clients are running
+  conformant software. Anubis also may report the following data to Techaro to
+  improve service quality:
+</p>
+
+<ul>
+  <li>
+    IP address (for purposes of matching against geo-location and BGP autonomous
+    systems numbers), which is stored in-memory and not persisted to disk.
+  </li>
+  <li>
+    Unique browser fingerprints (such as HTTP request fingerprints and
+    encryption system fingerprints), which may be stored on Techaro's side for a
+    period of up to one month.
+  </li>
+  <li>
+    HTTP request metadata that may include things such as the User-Agent header
+    and other identifiers.
+  </li>
+</ul>
+
+<p>
+  This data is processed and stored for the legitimate interest of combatting
+  abusive web clients. This data is encrypted at rest as much as possible and is
+  only decrypted in memory for the purposes of fulfilling requests.
+</p>
+```
--- a/docs/docs/admin/policies.mdx
+++ b/docs/docs/admin/policies.mdx
@ -233,6 +233,10 @@ remote_addresses:
 </TabItem>
 </Tabs>

+## Imprint / Impressum support
+
+Anubis has support for showing imprint / impressum information. This is defined in the `impressum` block of your configuration. See [Imprint / Impressum configuration](./configuration/impressum.mdx) for more information.
+
 ## Risk calculation for downstream services

 In case your service needs it for risk calculation reasons, Anubis exposes information about the rules that any requests match using a few headers: