WIP: feat(next-v7): extend anubis policy #934

Draft

viceice wants to merge 1 commit from feat/v7-anubis-policy into main

pull from: feat/v7-anubis-policy

merge into: infrastructure:main

infrastructure:main

infrastructure:renovate/ghcr.io-visualon-roundcube-1.6.11

infrastructure:renovate/ghcr.io-visualon-nginx-1.28.0

infrastructure:renovate/bitnami-valkey-9.0.0

infrastructure:renovate/bitnami-kubectl-1.34.2

infrastructure:renovate/ghcr.io-traefik-traefik-3.x

Conversation 2 Commits 1 Files changed 1 +135 -2

viceice commented 2025-12-08 13:20:48 +00:00

First-time contributor

Copy link

base on this file

• https://github.com/TecharoHQ/anubis/blob/v1.23.1/data/botPolicies.yaml

base on this file - https://github.com/TecharoHQ/anubis/blob/v1.23.1/data/botPolicies.yaml

viceice added 1 commit 2025-12-08 13:20:48 +00:00

feat(next-v7): extend anubis policy 1e24f1ef11

earl-warren commented 2025-12-08 13:20:48 +00:00

First-time contributor

Copy link

this adds a lot of complexity so I have to ask: how effective will this be against when is actually causing problem?

this adds a lot of complexity so I have to ask: how effective will this be against when is actually causing problem?

crystal commented 2025-12-08 13:20:49 +00:00

First-time contributor

Copy link

@earl-warren wrote in https://invisible.forgejo.org/infrastructure/k8s-cluster/pulls/940#issuecomment-9458:

this adds a lot of complexity so I have to ask: how effective will this be against when is actually causing problem?

While it looks complex, the main thing we're doing here is using the recommended defaults of Anubis to decide when it should ramp up the difficulty based upon it's own internal policies.

A lot of this logic also just evaluates browsers based upon how "realistic" they appear to be, and allows browsers that seem pretty legit coming from clean IPs to bypass it entirely. All of this can be fine-tuned, but I do think it's worth trying this for at least a short time to see if it remains effective at stopping crawlers while reducing the number of human complaints about being unable to solve Anubis.

@earl-warren wrote in https://invisible.forgejo.org/infrastructure/k8s-cluster/pulls/940#issuecomment-9458: > this adds a lot of complexity so I have to ask: how effective will this be against when is actually causing problem? While it looks complex, the main thing we're doing here is using the recommended defaults of Anubis to decide when it should ramp up the difficulty based upon it's own [internal policies](https://github.com/TecharoHQ/anubis/tree/main/data). A lot of this logic also just evaluates browsers based upon how "realistic" they appear to be, and allows browsers that seem pretty legit coming from clean IPs to bypass it entirely. All of this can be fine-tuned, but I do think it's worth trying this for at least a short time to see if it remains effective at stopping crawlers while reducing the number of human complaints about being unable to solve Anubis.

Some checks failed

Hide all checks

build / lint (push) Has been cancelled

Details

build / lint (pull_request) Has been cancelled

Details

/ test (pull_request) Has been cancelled

Details

This pull request is marked as a work in progress.

This branch is out-of-date with the base branch

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin feat/v7-anubis-policy:feat/v7-anubis-policy

git switch feat/v7-anubis-policy

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff feat/v7-anubis-policy

git switch feat/v7-anubis-policy

git rebase main

git switch main

git merge --ff-only feat/v7-anubis-policy

git switch feat/v7-anubis-policy

git rebase main

git switch main

git merge --no-ff feat/v7-anubis-policy

git switch main

git merge --squash feat/v7-anubis-policy

git switch main

git merge --ff-only feat/v7-anubis-policy

git switch main

git merge feat/v7-anubis-policy

git push origin main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something is not working

  

cleanup

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

forgefriends

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/sync.yml

  

help wanted

Need some help

  

hetzner

Hetzner related problems and work items.

  

invalid

Something is wrong

  

label workflow

a workflow is associated with this issue and will trigger when labels are updated

  

need more info

  

question

More information is needed

  

refactor

No functional change, reorganization

  

static-site

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/sync.yml

  

sync

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/build.yml

  

wontfix

This won't be fixed

No labels

bug

cleanup

duplicate

enhancement

forgefriends

help wanted

hetzner

invalid

label workflow

need more info

question

refactor

static-site

sync

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

3 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

infrastructure/k8s-cluster!934

No description provided.