chore(docs): adjust anubis rules

Signed-off-by: Xe Iaso <me@xeiaso.net>

docs/manifest/cfg/anubis/botPolicies.yaml

@@ -60,14 +60,89 @@ bots:
         - path.startsWith("/blog/rss.")
 
   # Generic catchall rule
-  - name: generic-browser
+  - name: base-weight
-    user_agent_regex: >-
+    expression: "true"
-      Mozilla|Opera
+    action: WEIGH
+    weight:
+      adjust: 10
+
+  - name: http2-client-protocol
+    expression:
+      all:
+        - '"X-Http-Protocol" in headers'
+        - headers["X-Http-Protocol"] == "HTTP/2.0"
+    action: WEIGH
+    weight:
+      adjust: -5
+
+# The weight thresholds for when to trigger individual challenges. Any
+# CHALLENGE will take precedence over this.
+#
+# A threshold has four configuration options:
+#
+#   - name: the name that is reported down the stack and used for metrics
+#   - expression: A CEL expression with the request weight in the variable
+#     weight
+#   - action: the Anubis action to apply, similar to in a bot policy
+#   - challenge: which challenge to send to the user, similar to in a bot policy
+#
+# See https://anubis.techaro.lol/docs/admin/configuration/thresholds for more
+# information.
+thresholds:
+  # By default Anubis ships with the following thresholds:
+  - name: minimal-suspicion # This client is likely fine, its soul is lighter than a feather
+    expression: weight <= 0 # a feather weighs zero units
+    action: ALLOW # Allow the traffic through
+  # For clients that had some weight reduced through custom rules, give them a
+  # lightweight challenge.
+  - name: mild-suspicion
+    expression:
+      all:
+        - weight > 0
+        - weight < 10
     action: CHALLENGE
     challenge:
-      difficulty: 1 # Number of seconds to wait before refreshing the page
+      # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh
-      report_as: 4 # Unused by this challenge method
+      algorithm: metarefresh
-      algorithm: metarefresh # Specify a non-JS challenge method
+      difficulty: 1
+      report_as: 1
+  # For clients that are browser-like but have either gained points from custom rules or
+  # report as a standard browser.
+  - name: moderate-suspicion
+    expression:
+      all:
+        - weight >= 10
+        - weight < 20
+    action: CHALLENGE
+    challenge:
+      # https://anubis.techaro.lol/docs/admin/configuration/challenges/preact
+      #
+      # This challenge proves the client can run a webapp written with Preact.
+      # The preact webapp simply loads, calculates the SHA-256 checksum of the
+      # challenge data, and forwards that to the client.
+      algorithm: preact
+      difficulty: 1
+      report_as: 1
+  - name: mild-proof-of-work
+    expression:
+      all:
+        - weight >= 20
+        - weight < 30
+    action: CHALLENGE
+    challenge:
+      # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
+      algorithm: fast
+      difficulty: 2 # two leading zeros, very fast for most clients
+      report_as: 2
+  # For clients that are browser like and have gained many points from custom rules
+  - name: extreme-suspicion
+    expression: weight >= 30
+    action: CHALLENGE
+    challenge:
+      # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
+      algorithm: fast
+      difficulty: 4
+      report_as: 4
 
 dnsbl: false