4ac59c3a79
* feat(lib/challenge): HTTP meta refresh challenge method Closes #95 This challenge method enables users that don't (or won't) support JavaScript to pass Anubis challenges. It works by using HTML meta refresh directives to ensure that the client is a browser. This is OFF by default. In order to enable it, an administrator MUST choose to make the default challenge method `metarefresh`. TODO(Xe): - [ ] Documentation on this challenge method - [ ] Amend wording around Anubis being a proof of work proxy in the docs - [ ] Add configuration file syntax for the default challenge method and settings - [ ] Test with early customers Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(lib/challenge/metarefresh): use this value of err Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: add metarefresh challenge info, Web AI Firewall Utility Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
19 lines
799 B
Text
19 lines
799 B
Text
# Meta Refresh (No JavaScript)
|
|
|
|
The `metarefresh` challenge sends a browser a much simpler challenge that makes it refresh the page after a set period of time. This enables clients to pass challenges without executing JavaScript.
|
|
|
|
To use it in your Anubis configuration:
|
|
|
|
```yaml
|
|
# Generic catchall rule
|
|
- name: generic-browser
|
|
user_agent_regex: >-
|
|
Mozilla|Opera
|
|
action: CHALLENGE
|
|
challenge:
|
|
difficulty: 1 # Number of seconds to wait before refreshing the page
|
|
report_as: 4 # Unused by this challenge method
|
|
algorithm: metarefresh # Specify a non-JS challenge method
|
|
```
|
|
|
|
This is not enabled by default while this method is tested and its false positive rate is ascertained. Many modern scrapers use headless Google Chrome, so this will have a much higher false positive rate.
|