From 9d9be61c2400d53b30bfbbf4a13b51c1558bc420 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Fri, 19 Dec 2025 15:42:24 -0500 Subject: [PATCH] fix(default-config): must-accept-rule on browsers only (#1350) TIL docker clients don't include the Accept header all the time. I would have thought they did that. Oops. Closes: #1346 Signed-off-by: Xe Iaso --- data/botPolicies.yaml | 5 ++++- data/meta/default-config.yaml | 5 ++++- docs/docs/CHANGELOG.md | 1 + 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/data/botPolicies.yaml b/data/botPolicies.yaml index 1288f63..3b8c1ee 100644 --- a/data/botPolicies.yaml +++ b/data/botPolicies.yaml @@ -134,7 +134,10 @@ bots: adjust: -5 - name: should-have-accept - expression: '!("Accept" in headers)' + expression: + all: + - userAgent.contains("Mozilla") + - '!("Accept" in headers)' action: WEIGH weight: adjust: 5 diff --git a/data/meta/default-config.yaml b/data/meta/default-config.yaml index 9658e38..712ed0c 100644 --- a/data/meta/default-config.yaml +++ b/data/meta/default-config.yaml @@ -118,7 +118,10 @@ adjust: -5 - name: should-have-accept - expression: '!("Accept" in headers)' + expression: + all: + - userAgent.contains("Mozilla") + - '!("Accept" in headers)' action: WEIGH weight: adjust: 5 diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index 9ad46f2..f2e7f39 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -27,6 +27,7 @@ Anubis is back and better than ever! Lots of minor fixes with some big ones inte - Add support to simple Valkey/Redis cluster mode - Open Graph passthrough now reuses the configured target Host/SNI/TLS settings, so metadata fetches succeed when the upstream certificate differs from the public domain. ([1283](https://github.com/TecharoHQ/anubis/pull/1283)) - Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures. +- Refine the check that ensures the presence of the Accept header to avoid breaking docker clients. ### Dataset poisoning