sophie/nuke
1
0
Fork 0
Code Packages 1 Activity Actions
No description
598 commits 1 branch 0 tags 14 MiB
Find a file
Xe Iaso fb3637df95
feat(metarefresh): randomly use the Refresh header (#1133) 
* feat(lib/challenge): expose ResponseWriter to challenge issuers

Signed-off-by: Xe Iaso <me@xeiaso.net>

* feat(metarefresh): randomly use the Refresh header

There are several ways to trigger an automatic refresh without
JavaScript. One of them is the "meta refresh" method[1], but the other
is with the Refresh header[2]. Both are semantically identical and
supported with browsers as old as Chrome version 1.

Given that they are basically the same thing, this patch makes Anubis
randomly select between them by using the challenge random data's first
character. This will fire about 50% of the time.

I expect this to have no impact. If this works out fine, then I will
implement some kind of fallback logic for the fast challenge such that
admins can opt into allowing clients with a no-js configuration to pass
the fast challenge. This needs to bake in the oven though.

[1]: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/meta/http-equiv
[2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Refresh

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: update CHANGELOG

Signed-off-by: Xe Iaso <me@xeiaso.net>

* feat(metarefresh): simplify random logic

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>
2025-09-16 17:32:13 -04:00
.devcontainer chore: break AI agents in this code tree (#1065) 2025-09-02 10:11:01 -04:00
.github convert issue templates into issue forms (#1115) 2025-09-16 13:14:10 +00:00
.vscode docs: add blogpost for announcing v1.21.1 (#886) 2025-07-22 16:42:58 -04:00
cmd feat: fallback to SameSite Lax mode if cookie is not secure (#1105) 2025-09-13 10:56:54 +00:00
data feat: add 'proof of React' challenge (#1038) 2025-08-29 16:09:27 -04:00
decaymap fix(decaymap): fix lock convoy (#1106) 2025-09-12 16:43:08 +00:00
docs feat(metarefresh): randomly use the Refresh header (#1133) 2025-09-16 17:32:13 -04:00
internal feat(store/bbolt): implement actor pattern (#1107) 2025-09-12 18:35:22 +00:00
lib feat(metarefresh): randomly use the Refresh header (#1133) 2025-09-16 17:32:13 -04:00
run fix(run/openrc): truncate runtime directory before starting Anubis (#1122) 2025-09-15 07:44:35 -04:00
test build(deps): bump github.com/docker/docker in /test (#1130) 2025-09-16 16:22:28 -04:00
utils/cmd/backoff-retry test(ssh-ci): deflake SSH CI with exponential backoff (#859) 2025-07-18 17:46:49 +00:00
var initial import from /x/ monorepo 2025-03-17 19:33:07 -04:00
web chore: port client-side JS to TypeScript (#1100) 2025-09-11 10:03:10 -04:00
xess chore: Remove unused/dead code (#703) 2025-06-25 09:31:33 -04:00
.air.toml feat: add a strip-base-prefix option (#655) 2025-06-12 17:46:08 -04:00
.gitattributes fix(gitattributes): update pattern for generated files (#652) 2025-06-11 21:00:37 +00:00
.gitignore feat: implement localization system (#716) 2025-06-27 17:49:15 +00:00
.ko.yaml Try using ko to build images 2025-03-19 09:10:29 -04:00
anubis.go fix: middleware traefik redirect url (#1040) 2025-08-28 07:24:29 -04:00
Brewfile all: do not commit generated JS/CSS to source control (#148) 2025-03-28 14:55:25 -04:00
go.mod feat(lib/store): add s3api storage backend (#1089) 2025-09-07 09:24:14 -04:00
go.sum feat(lib/store): add s3api storage backend (#1089) 2025-09-07 09:24:14 -04:00
LICENSE initial import from /x/ monorepo 2025-03-17 19:33:07 -04:00
Makefile Makefile: Build robots2policy (#699) 2025-06-20 11:08:56 -04:00
package-lock.json build(deps): bump the npm group with 2 updates (#1117) 2025-09-15 18:23:15 -04:00
package.json build(deps): bump the npm group with 2 updates (#1117) 2025-09-15 18:23:15 -04:00
README.md chore(sponsors): add fabulous systems 2025-07-12 23:08:30 +00:00
SECURITY.md chore: copy SECURITY.md from TecharoHQ/.github 2025-08-20 12:42:02 -04:00
VERSION chore: v1.22.0 2025-09-06 11:54:36 -04:00
yeetfile.js docs: remove JSON examples from policy file docs (#945) 2025-08-03 18:09:26 +00:00

README.md

Anubis

A smiling chibi dark-skinned anthro jackal with brown hair and tall ears looking victorious with a thumbs-up

enbyware GitHub Issues or Pull Requests by label GitHub go.mod Go version language count repo size GitHub Sponsors

Sponsors

Anubis is brought to you by sponsors and donors like:

Diamond Tier

Raptor Computing Systems

Gold Tier

Distrust Terminal Trove canine.tools Weblate Uberspace Wildbase Cat eyes over the word Emma in a serif font Cat eyes over the word Emma in a serif font

Overview

Anubis is a Web AI Firewall Utility that weighs the soul of your connection using one or more challenges in order to protect upstream resources from scraper bots.

This program is designed to help protect the small internet from the endless storm of requests that flood in from AI companies. Anubis is as lightweight as possible to ensure that everyone can afford to protect the communities closest to them.

Anubis is a bit of a nuclear response. This will result in your website being blocked from smaller scrapers and may inhibit "good bots" like the Internet Archive. You can configure bot policy definitions to explicitly allowlist them and we are working on a curated set of "known good" bots to allow for a compromise between discoverability and uptime.

In most cases, you should not need this and can probably get by using Cloudflare to protect a given origin. However, for circumstances where you can't or won't use Cloudflare, Anubis is there for you.

If you want to try this out, connect to anubis.techaro.lol.

Support

If you run into any issues running Anubis, please open an issue. Please include all the information I would need to diagnose your issue.

For live chat, please join the Patreon and ask in the Patron discord in the channel #anubis.

Star History

Star History Chart

Packaging Status

Packaging status

Contributors

Made with contrib.rocks.