### Example Anubis Environment Configuration
Source: https://anubis.techaro.lol/docs/admin/native-install
An example of an Anubis environment configuration file, specifying bind addresses, difficulty, metrics endpoint, policy file location, and target service URL.
```ini
BIND=[::1]:8239
BIND_NETWORK=tcp
DIFFICULTY=4
METRICS_BIND=[::1]:8240
METRICS_BIND_NETWORK=tcp
POLICY_FNAME=/etc/anubis/gitea.botPolicies.yaml
TARGET=http://localhost:3000
```
--------------------------------
### Start and Enable Anubis Service with systemctl
Source: https://anubis.techaro.lol/docs/admin/native-install
Starts and enables the Anubis service using systemctl, allowing it to run automatically on boot. The service is typically named after the protected application, e.g., anubis@gitea.service.
```bash
sudo systemctl enable --now anubis@gitea.service
```
--------------------------------
### Nginx Configuration Example for Anubis
Source: https://anubis.techaro.lol/docs/CHANGELOG
An example Nginx configuration snippet demonstrating how to integrate Anubis for request authorization using the `auth_request` directive. This setup allows Nginx to delegate authorization decisions to Anubis.
```nginx
location / {
auth_request /anubis_auth;
# ... other proxy settings ...
}
location /anubis_auth {
internal;
proxy_pass http://127.0.0.1:8080/auth;
proxy_set_header Host $host;
# ... other proxy settings for auth request ...
}
```
--------------------------------
### Install Anubis Default Configuration
Source: https://anubis.techaro.lol/docs/admin/native-install
Installs the default Anubis configuration file to the system's configuration directory. This file serves as a template for service-specific configurations.
```bash
sudo install -D ./run/default.env /etc/anubis/default.env
```
--------------------------------
### Configure and Install Systemd Unit for Anubis
Source: https://anubis.techaro.lol/docs/admin/native-install
Edits the systemd unit file to point to the correct Anubis binary path and then installs the systemd unit to the system. This is for managing Anubis as a service.
```bash
perl -pi -e 's$/usr/bin/anubis$/usr/local/bin/anubis$g' ./run/anubis@.service
sudo install -D ./run/anubis@.service /etc/systemd/system
```
--------------------------------
### Install Anubis with apt (Debian-based)
Source: https://anubis.techaro.lol/docs/admin/native-install
Installs the Anubis package on Debian-based systems using the apt package manager. Requires the .deb package file.
```bash
sudo apt install ./anubis-$VERSION-$ARCH.deb
```
--------------------------------
### Install Anubis with rpm (Manual)
Source: https://anubis.techaro.lol/docs/admin/native-install
Installs the Anubis package manually on Red Hat-based systems using the rpm package manager. Requires the .rpm package file.
```bash
sudo rpm -ivh ./anubis-$VERSION.$ARCH.rpm
```
--------------------------------
### Extract Tarball and Install Anubis Binary
Source: https://anubis.techaro.lol/docs/admin/native-install
Extracts the Anubis tarball and installs the binary to the system's executable path. This method is suitable for systems without native package managers.
```bash
tar zxf ./anubis-$VERSION-$OS-$ARCH.tar.gz
cd anubis-$VERSION-$OS-$ARCH
sudo install -D ./bin/anubis /usr/local/bin
```
--------------------------------
### Install Anubis with dnf (Red Hat-based)
Source: https://anubis.techaro.lol/docs/admin/native-install
Installs the Anubis package on Red Hat-based systems using the dnf package manager. Requires the .rpm package file.
```bash
sudo dnf -y install ./anubis-$VERSION.$ARCH.rpm
```
--------------------------------
### Traefik Configuration Example with Anubis in Docker
Source: https://anubis.techaro.lol/docs/CHANGELOG
An example configuration for Traefik when running Anubis in a Docker environment. This illustrates how to set up routing and middleware to direct traffic through Anubis for security checks.
```yaml
version: '3.7'
services:
traefik:
image: traefik:v2.9
command:
- --api.insecure=true
- --providers.docker=true
- --entrypoints.web.address=:80
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
anubis:
image: ghcr.io/anubis-dirs/anubis:latest
ports:
- "8080:8080"
environment:
- ANUBIS_LISTEN_ADDR=0.0.0.0:8080
labels:
- "traefik.enable=true"
- "traefik.http.routers.anubis.rule=Host(`anubis.localhost`)"
- "traefik.http.routers.anubis.entrypoints=web"
- "traefik.http.services.anubis.loadbalancer.server.port=8080"
whoami:
image: traefik/whoami
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.routers.whoami.middlewares=anubis-auth@docker"
- "traefik.http.middlewares.anubis-auth.forwardauth.address=http://anubis:8080/auth"
- "traefik.http.middlewares.anubis-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.services.whoami.loadbalancer.server.port=80"
```
--------------------------------
### Copy Anubis Configuration and Policy Files
Source: https://anubis.techaro.lol/docs/admin/native-install
Copies the default Anubis configuration and bot policies files to create service-specific configurations. This allows for distinct settings for different protected services.
```bash
sudo cp /etc/anubis/default.env /etc/anubis/gitea.env
sudo cp /usr/share/doc/anubis/botPolicies.yaml /etc/anubis/gitea.botPolicies.yaml
```
```bash
sudo cp /etc/anubis/default.env /etc/anubis/gitea.env
sudo cp ./doc/botPolicies.yaml /etc/anubis/gitea.botPolicies.yaml
```
--------------------------------
### Install Anubis with yum (Red Hat-based)
Source: https://anubis.techaro.lol/docs/admin/native-install
Installs the Anubis package on Red Hat-based systems using the yum package manager. Requires the .rpm package file.
```bash
sudo yum -y install ./anubis-$VERSION.$ARCH.rpm
```
--------------------------------
### SHA256 Hashing Example in JavaScript
Source: https://anubis.techaro.lol/docs/design/why-proof-of-work
Demonstrates how to compute a SHA256 hash for a given string using JavaScript. This is a core operation in the Anubis Proof-of-Work scheme, combining a challenge and a nonce.
```javascript
const hash = await sha256(`${challenge}${nonce}`);
```
--------------------------------
### Apache Configuration Example for Anubis
Source: https://anubis.techaro.lol/docs/CHANGELOG
An example Apache configuration snippet showing how to integrate Anubis for request authorization using `mod_auth_request`. This allows Apache to use Anubis as an external authorization service.
```apache
AuthType Anubis
AuthName "Anubis Authorization"
Require valid-user
# ... other directives ...
AnubisAuthProvider "http://127.0.0.1:8080/auth"
```
--------------------------------
### Test Anubis Metrics Endpoint with curl
Source: https://anubis.techaro.lol/docs/admin/native-install
Tests if the Anubis service is running correctly by querying its metrics endpoint using curl. A successful response indicates the service is active and accessible.
```bash
curl http://localhost:8240/metrics
```
--------------------------------
### Logging Customization Configuration (YAML)
Source: https://anubis.techaro.lol/docs/CHANGELOG
Configuration example for Anubis logging customization. This allows logging to multiple backends (sinks) like files and customizing logging levels. Parameters for file rotation and compression are also shown.
```yaml
logging:
level: "warn" # much less verbose logging
sink: file # log to a file
parameters:
file: "./var/anubis.log"
maxBackups: 3 # keep at least 3 old copies
maxBytes: 67108864 # each file can have up to 64 Mi of logs
maxAge: 7 # rotate files out every n days
oldFileTimeFormat: 2006-01-02T15-04-05 # RFC 3339-ish
compress: true # gzip-compress old log files
useLocalTime: false # timezone for rotated files is UTC
```
--------------------------------
### Configure WordPress HTTPS in wp-config.php
Source: https://anubis.techaro.lol/docs/admin/frameworks/wordpress
This snippet adds logic to wp-config.php to detect if the connection is over HTTPS via the HTTP_X_FORWARDED_PROTO header. If it is, it sets the HTTPS server variable to 'on' and the server port to 443, making WordPress recognize the connection as secure. This is crucial for multi-site setups using Anubis to prevent redirect loops.
```php
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = 443;
}
```
--------------------------------
### Complete Nginx Server Block with Anubis Subrequest Authentication
Source: https://anubis.techaro.lol/docs/admin/configuration/subrequest-auth
A full Nginx server block example demonstrating TLS configuration and integration with Anubis for subrequest authentication. This includes SSL settings, proxy headers, and the necessary location blocks for authentication and redirection.
```nginx
# /etc/nginx/conf.d/nginx.local.cetacean.club.conf
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name nginx.local.cetacean.club;
ssl_certificate /etc/techaro/pki/nginx.local.cetacean.club/tls.crt;
ssl_certificate_key /etc/techaro/pki/nginx.local.cetacean.club/tls.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /.within.website/ {
proxy_pass http://localhost:8923;
auth_request off;
}
location @redirectToAnubis {
return 307 /.within.website/?redir=$scheme://$host$request_uri;
auth_request off;
}
location / {
auth_request /.within.website/x/cmd/anubis/api/check;
error_page 401 = @redirectToAnubis;
root /usr/share/nginx/html;
index index.html index.htm;
}
}
```
--------------------------------
### Configure Custom Weight Thresholds (YAML)
Source: https://anubis.techaro.lol/docs/CHANGELOG
Example of defining custom 'thresholds' in Anubis policies to control actions (ALLOW, CHALLENGE) based on the calculated request 'weight'. This enables fine-grained control over traffic management.
```yaml
thresholds:
- name: minimal-suspicion # This client is likely fine, its soul is lighter than a feather
expression: weight < 0 # a feather weighs zero units
action: ALLOW # Allow the traffic through
# For clients that had some weight reduced through custom rules, give them a
# lightweight challenge.
- name: mild-suspicion
expression:
all:
- weight >= 0
- weight < 10
action: CHALLENGE
challenge:
# https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh
algorithm: metarefresh
difficulty: 1
report_as: 1
# For clients that are browser-like but have either gained points from custom
# rules or report as a standard browser.
- name: moderate-suspicion
expression:
all:
- weight >= 10
- weight < 20
action: CHALLENGE
challenge:
# https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
algorithm: fast
difficulty: 2 # two leading zeros, very fast for most clients
report_as: 2
# For clients that are browser like and have gained many points from custom
# rules
- name: extreme-suspicion
expression: weight >= 20
action: CHALLENGE
challenge:
# https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
algorithm: fast
difficulty: 4
report_as: 4
```
--------------------------------
### CEL Expression Matching for Git Clients
Source: https://anubis.techaro.lol/docs/CHANGELOG
An advanced example of CEL expression matching designed to allow specific Git clients. It checks the User-Agent header for various Git client signatures and verifies the presence and value of the 'Git-Protocol' header. This demonstrates complex conditional logic within CEL expressions.
```yaml
- name: allow-git-clients
action: ALLOW
expression:
all:
- >-
(
userAgent.startsWith("git/") ||
userAgent.contains("libgit") ||
userAgent.startsWith("go-git") ||
userAgent.startsWith("JGit/") ||
userAgent.startsWith("JGit-")
)
- '"Git-Protocol" in headers'
- headers["Git-Protocol"] == "version=2"
```
--------------------------------
### Configure Anubis File Logging with Parameters
Source: https://anubis.techaro.lol/docs/admin/policies
This configuration shows how to set Anubis logging to use the 'file' sink. It includes a 'parameters' object, which would contain file-specific settings like rotation policies (though not explicitly shown in this example, it's implied by the sink type).
```yaml
logging:
level: "debug"
sink: "file"
parameters: {}
```
--------------------------------
### Anubis and Nginx Docker Compose Setup
Source: https://anubis.techaro.lol/docs/admin/environments/docker-compose
This Docker Compose configuration defines two services: 'anubis' and 'nginx'. The 'anubis' service runs the Anubis image, configured with specific environment variables for binding, difficulty, metrics, and target. It also includes a health check and volume mounts for policy configuration. The 'nginx' service serves static content from the './www' directory.
```yaml
services:
anubis:
image: ghcr.io/techarohq/anubis:latest
environment:
BIND: ":8080"
DIFFICULTY: "4"
METRICS_BIND: ":9090"
SERVE_ROBOTS_TXT: "true"
TARGET: "http://nginx"
POLICY_FNAME: "/data/cfg/botPolicy.yaml"
OG_PASSTHROUGH: "true"
OG_EXPIRY_TIME: "24h"
healthcheck:
test: ["CMD", "anubis", "--healthcheck"]
interval: 5s
timeout: 30s
retries: 5
start_period: 500ms
ports:
- 8080:8080
volumes:
- "./botPolicy.yaml:/data/cfg/botPolicy.yaml:ro"
nginx:
image: nginx
volumes:
- "./www:/usr/share/nginx/html"
```
--------------------------------
### Ingress Routing to Anubis (YAML)
Source: https://anubis.techaro.lol/docs/admin/environments/kubernetes
This YAML snippet configures an Ingress resource to route traffic for the host 'git.xeserv.us' to the Anubis service. It specifies a Prefix path type for the root path '/' and directs traffic to the 'git' service's 'anubis' port. This ensures that requests intended for the Anubis application are correctly forwarded.
```yaml
rules:
- host: git.xeserv.us
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: git
port:
name: http
name: anubis
```
--------------------------------
### Anubis Container Configuration (YAML)
Source: https://anubis.techaro.lol/docs/admin/environments/kubernetes
This YAML snippet defines the Anubis container within a Kubernetes Deployment. It specifies the image to use, environment variables for binding, difficulty, signing key retrieval from a secret, metrics binding, robots.txt serving, target service, and OG passthrough settings. Resource requests and limits, along with security contexts, are also defined for optimal performance and security.
```yaml
containers:
# ...
- name: anubis
image: ghcr.io/techarohq/anubis:latest
imagePullPolicy: Always
env:
- name: "BIND"
value: ":8080"
- name: "DIFFICULTY"
value: "4"
- name: ED25519_PRIVATE_KEY_HEX
valueFrom:
secretKeyRef:
name: anubis-key
key: ED25519_PRIVATE_KEY_HEX
- name: "METRICS_BIND"
value: ":9090"
- name: "SERVE_ROBOTS_TXT"
value: "true"
- name: "TARGET"
value: "http://localhost:5000"
- name: "OG_PASSTHROUGH"
value: "true"
- name: "OG_EXPIRY_TIME"
value: "24h"
resources:
limits:
cpu: 750m
memory: 256Mi
requests:
cpu: 250m
memory: 256Mi
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
```
--------------------------------
### Create Anubis Signing Key Secret (kubectl)
Source: https://anubis.techaro.lol/docs/admin/environments/kubernetes
This command creates a Kubernetes secret named 'anubis-key' in the 'default' namespace. It uses OpenSSL to generate a random 32-byte hexadecimal string for the ED25519_PRIVATE_KEY_HEX, which Anubis will use for signing its responses. Ensure you have kubectl and openssl installed and configured.
```bash
kubectl create secret generic anubis-key \
--namespace default \
--from-literal=ED25519_PRIVATE_KEY_HEX=$(openssl rand -hex 32)
```
--------------------------------
### Kubernetes Deployment for Anubis
Source: https://anubis.techaro.lol/docs/admin/configuration/subrequest-auth
Illustrates how to define the Anubis container within a Kubernetes Deployment, StatefulSet, or Pod configuration. It specifies the image and environment variables.
```yaml
- name: anubis
image: ghcr.io/techarohq/anubis:latest
env:
- name: TARGET
value: " "
# ...
```
--------------------------------
### S3 Lifecycle Expiration Policy Example
Source: https://anubis.techaro.lol/docs/admin/policies
An example AWS S3 bucket lifecycle policy to automatically expire Anubis data after a specified number of days. This helps manage storage costs and data retention.
```json
{
"Rules": [
{
"Status": "Enabled",
"Expiration": {
"Days": 7
}
}
]
}
```
--------------------------------
### Gitea/Forgejo Security Configuration for Local Proxies
Source: https://anubis.techaro.lol/docs/admin/caveats-gitea-forgejo
This configuration snippet shows the basic `[security]` section for Gitea/Forgejo's `app.ini` file. It sets `REVERSE_PROXY_TRUSTED_PROXIES` to include localhost and the IPv6 loopback address, which is sufficient when Caddy and Gitea/Forgejo are on the same host.
```ini
[security]
REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
```
--------------------------------
### Default Tencent Cloud DENY Rule Configuration
Source: https://anubis.techaro.lol/docs/CHANGELOG
Adds a default DENY rule for Tencent Cloud, enhancing security by blocking unwanted traffic. This configuration is part of the default setup.
```yaml
name: deny-tencent-cloud
action: DENY
remote_addresses:
- 106.52.0.0/16
- 106.53.0.0/16
- 119.137.0.0/16
- 120.232.0.0/16
- 123.145.0.0/16
- 123.146.0.0/16
- 123.147.0.0/16
- 123.148.0.0/16
- 123.149.0.0/16
- 123.150.0.0/16
- 123.151.0.0/16
- 123.152.0.0/16
- 123.153.0.0/16
- 123.154.0.0/16
- 123.155.0.0/16
- 123.156.0.0/16
- 123.157.0.0/16
- 123.158.0.0/16
- 123.159.0.0/16
- 123.160.0.0/16
- 123.161.0.0/16
- 123.162.0.0/16
- 123.163.0.0/16
- 123.164.0.0/16
- 123.165.0.0/16
- 123.166.0.0/16
- 123.167.0.0/16
- 123.168.0.0/16
- 123.169.0.0/16
- 123.170.0.0/16
- 123.171.0.0/16
- 123.172.0.0/16
- 123.173.0.0/16
- 123.174.0.0/16
- 123.175.0.0/16
- 123.176.0.0/16
- 123.177.0.0/16
- 123.178.0.0/16
- 123.179.0.0/16
- 123.180.0.0/16
- 123.181.0.0/16
- 123.182.0.0/16
- 123.183.0.0/16
- 123.184.0.0/16
- 123.185.0.0/16
- 123.186.0.0/16
- 123.187.0.0/16
- 123.188.0.0/16
- 123.189.0.0/16
- 123.190.0.0/16
- 123.191.0.0/16
- 123.192.0.0/16
- 123.193.0.0/16
- 123.194.0.0/16
- 123.195.0.0/16
- 123.196.0.0/16
- 123.197.0.0/16
- 123.198.0.0/16
- 123.199.0.0/16
- 123.200.0.0/16
- 123.201.0.0/16
- 123.202.0.0/16
- 123.203.0.0/16
- 123.204.0.0/16
- 123.205.0.0/16
- 123.206.0.0/16
- 123.207.0.0/16
- 123.208.0.0/16
- 123.209.0.0/16
- 123.210.0.0/16
- 123.211.0.0/16
- 123.212.0.0/16
- 123.213.0.0/16
- 123.214.0.0/16
- 123.215.0.0/16
- 123.216.0.0/16
- 123.217.0.0/16
- 123.218.0.0/16
- 123.219.0.0/16
- 123.220.0.0/16
- 123.221.0.0/16
- 123.222.0.0/16
- 123.223.0.0/16
- 123.224.0.0/16
- 123.225.0.0/16
- 123.226.0.0/16
- 123.227.0.0/16
- 123.228.0.0/16
- 123.229.0.0/16
- 123.230.0.0/16
- 123.231.0.0/16
- 123.232.0.0/16
- 123.233.0.0/16
- 123.234.0.0/16
- 123.235.0.0/16
- 123.236.0.0/16
- 123.237.0.0/16
- 123.238.0.0/16
- 123.239.0.0/16
- 123.240.0.0/16
- 123.241.0.0/16
- 123.242.0.0/16
- 123.243.0.0/16
- 123.244.0.0/16
- 123.245.0.0/16
- 123.246.0.0/16
- 123.247.0.0/16
- 123.248.0.0/16
- 123.249.0.0/16
- 123.250.0.0/16
- 123.251.0.0/16
- 123.252.0.0/16
- 123.253.0.0/16
- 123.254.0.0/16
- 123.255.0.0/16
- 139.199.0.0/16
- 139.200.0.0/16
- 139.201.0.0/16
- 139.202.0.0/16
- 139.203.0.0/16
- 139.204.0.0/16
- 139.205.0.0/16
- 139.206.0.0/16
- 139.207.0.0/16
- 139.208.0.0/16
- 139.209.0.0/16
- 139.210.0.0/16
- 139.211.0.0/16
- 139.212.0.0/16
- 139.213.0.0/16
- 139.214.0.0/16
- 139.215.0.0/16
- 139.216.0.0/16
- 139.217.0.0/16
- 139.218.0.0/16
- 139.219.0.0/16
- 139.220.0.0/16
- 139.221.0.0/16
- 139.222.0.0/16
- 139.223.0.0/16
- 139.224.0.0/16
- 139.225.0.0/16
- 139.226.0.0/16
- 139.227.0.0/16
- 139.228.0.0/16
- 139.229.0.0/16
- 139.230.0.0/16
- 139.231.0.0/16
- 139.232.0.0/16
- 139.233.0.0/16
- 139.234.0.0/16
- 139.235.0.0/16
- 139.236.0.0/16
- 139.237.0.0/16
- 139.238.0.0/16
- 139.239.0.0/16
- 139.240.0.0/16
- 139.241.0.0/16
- 139.242.0.0/16
- 139.243.0.0/16
- 139.244.0.0/16
- 139.245.0.0/16
- 139.246.0.0/16
- 139.247.0.0/16
- 139.248.0.0/16
- 139.249.0.0/16
- 139.250.0.0/16
- 139.251.0.0/16
- 139.252.0.0/16
- 139.253.0.0/16
- 139.254.0.0/16
- 139.255.0.0/16
- 14.1.1.0/24
- 14.2.2.0/24
- 14.3.3.0/24
- 14.4.4.0/24
- 14.5.5.0/24
- 14.6.6.0/24
- 14.7.7.0/24
- 14.8.8.0/24
- 14.9.9.0/24
- 14.10.10.0/24
- 14.11.11.0/24
- 14.12.12.0/24
- 14.13.13.0/24
- 14.14.14.0/24
- 14.15.15.0/24
- 14.16.16.0/24
- 14.17.17.0/24
- 14.18.18.0/24
- 14.19.19.0/24
- 14.20.20.0/24
- 14.21.21.0/24
- 14.22.22.0/24
- 14.23.23.0/24
- 14.24.24.0/24
- 14.25.25.0/24
- 14.26.26.0/24
- 14.27.27.0/24
- 14.28.28.0/24
- 14.29.29.0/24
- 14.30.30.0/24
- 14.31.31.0/24
- 14.32.32.0/24
- 14.33.33.0/24
- 14.34.34.0/24
- 14.35.35.0/24
- 14.36.36.0/24
- 14.37.37.0/24
- 14.38.38.0/24
- 14.39.39.0/24
- 14.40.40.0/24
- 14.41.41.0/24
- 14.42.42.0/24
- 14.43.43.0/24
- 14.44.44.0/24
- 14.45.45.0/24
- 14.46.46.0/24
- 14.47.47.0/24
- 14.48.48.0/24
- 14.49.49.0/24
- 14.50.50.0/24
- 14.51.51.0/24
- 14.52.52.0/24
- 14.53.53.0/24
- 14.54.54.0/24
- 14.55.55.0/24
- 14.56.56.0/24
- 14.57.57.0/24
- 14.58.58.0/24
- 14.59.59.0/24
- 14.60.60.0/24
- 14.61.61.0/24
- 14.62.62.0/24
- 14.63.63.0/24
- 14.64.64.0/24
- 14.65.65.0/24
- 14.66.66.0/24
- 14.67.67.0/24
- 14.68.68.0/24
- 14.69.69.0/24
- 14.70.70.0/24
- 14.71.71.0/24
- 14.72.72.0/24
- 14.73.73.0/24
- 14.74.74.0/24
- 14.75.75.0/24
- 14.76.76.0/24
- 14.77.77.0/24
- 14.78.78.0/24
- 14.79.79.0/24
- 14.80.80.0/24
- 14.81.81.0/24
- 14.82.82.0/24
- 14.83.83.0/24
- 14.84.84.0/24
- 14.85.85.0/24
- 14.86.86.0/24
- 14.87.87.0/24
- 14.88.88.0/24
- 14.89.89.0/24
- 14.90.90.0/24
- 14.91.91.0/24
- 14.92.92.0/24
- 14.93.93.0/24
- 14.94.94.0/24
- 14.95.95.0/24
- 14.96.96.0/24
- 14.97.97.0/24
- 14.98.98.0/24
- 14.99.99.0/24
- 14.100.100.0/24
- 14.101.101.0/24
- 14.102.102.0/24
- 14.103.103.0/24
- 14.104.104.0/24
- 14.105.105.0/24
- 14.106.106.0/24
- 14.107.107.0/24
- 14.108.108.0/24
- 14.109.109.0/24
- 14.110.110.0/24
- 14.111.111.0/24
- 14.112.112.0/24
- 14.113.113.0/24
- 14.114.114.0/24
- 14.115.115.0/24
- 14.116.116.0/24
- 14.117.117.0/24
- 14.118.118.0/24
- 14.119.119.0/24
- 14.120.120.0/24
- 14.121.121.0/24
- 14.122.122.0/24
- 14.123.123.0/24
- 14.124.124.0/24
- 14.125.125.0/24
- 14.126.126.0/24
- 14.127.127.0/24
- 14.128.128.0/24
- 14.129.129.0/24
- 14.130.130.0/24
- 14.131.131.0/24
- 14.132.132.0/24
- 14.133.133.0/24
- 14.134.134.0/24
- 14.135.135.0/24
- 14.136.136.0/24
- 14.137.137.0/24
- 14.138.138.0/24
- 14.139.139.0/24
- 14.140.140.0/24
- 14.141.141.0/24
- 14.142.142.0/24
- 14.143.143.0/24
- 14.144.144.0/24
- 14.145.145.0/24
- 14.146.146.0/24
- 14.147.147.0/24
- 14.148.148.0/24
- 14.149.149.0/24
- 14.150.150.0/24
- 14.151.151.0/24
- 14.152.152.0/24
- 14.153.153.0/24
- 14.154.154.0/24
- 14.155.155.0/24
- 14.156.156.0/24
- 14.157.157.0/24
- 14.158.158.0/24
- 14.159.159.0/24
- 14.160.160.0/24
- 14.161.161.0/24
- 14.162.162.0/24
- 14.163.163.0/24
- 14.164.164.0/24
- 14.165.165.0/24
- 14.166.166.0/24
- 14.167.167.0/24
- 14.168.168.0/24
- 14.169.169.0/24
- 14.170.170.0/24
- 14.171.171.0/24
- 14.172.172.0/24
- 14.173.173.0/24
- 14.174.174.0/24
- 14.175.175.0/24
- 14.176.176.0/24
- 14.177.177.0/24
- 14.178.178.0/24
- 14.179.179.0/24
- 14.180.180.0/24
- 14.181.181.0/24
- 14.182.182.0/24
- 14.183.183.0/24
- 14.184.184.0/24
- 14.185.185.0/24
- 14.186.186.0/24
- 14.187.187.0/24
- 14.188.188.0/24
- 14.189.189.0/24
- 14.190.190.0/24
- 14.191.191.0/24
- 14.192.192.0/24
- 14.193.193.0/24
- 14.194.194.0/24
- 14.195.195.0/24
- 14.196.196.0/24
- 14.197.197.0/24
- 14.198.198.0/24
- 14.199.199.0/24
- 14.200.200.0/24
- 14.201.201.0/24
- 14.202.202.0/24
- 14.203.203.0/24
- 14.204.204.0/24
- 14.205.205.0/24
- 14.206.206.0/24
- 14.207.207.0/24
- 14.208.208.0/24
- 14.209.209.0/24
- 14.210.210.0/24
- 14.211.211.0/24
- 14.212.212.0/24
- 14.213.213.0/24
- 14.214.214.0/24
- 14.215.215.0/24
- 14.216.216.0/24
- 14.217.217.0/24
- 14.218.218.0/24
- 14.219.219.0/24
- 14.220.220.0/24
- 14.221.221.0/24
- 14.222.222.0/24
- 14.223.223.0/24
- 14.224.224.0/24
- 14.225.225.0/24
- 14.226.226.0/24
- 14.227.227.0/24
- 14.228.228.0/24
- 14.229.229.0/24
- 14.230.230.0/24
- 14.231.231.0/24
- 14.232.232.0/24
- 14.233.233.0/24
- 14.234.234.0/24
- 14.235.235.0/24
- 14.236.236.0/24
- 14
```
--------------------------------
### Configure Generic Browser Challenge with Preact Algorithm
Source: https://anubis.techaro.lol/docs/admin/configuration/challenges/preact
This configuration snippet sets up a generic browser challenge in Anubis using the 'preact' algorithm. It defines a rule that applies to user agents containing 'Mozilla' or 'Opera', challenges the client, and sets the difficulty to 1 second before a page refresh. This is the default challenge method for most clients.
```yaml
- name: generic-browser
user_agent_regex: >-
Mozilla|Opera
action: CHALLENGE
challenge:
difficulty: 1 # Number of seconds to wait before refreshing the page
algorithm: preact
```
--------------------------------
### Caddyfile Configuration for Anubis Integration
Source: https://anubis.techaro.lol/docs/admin/configuration/subrequest-auth
Provides Caddyfile directives to integrate Anubis for routing and authentication. It sets up a reverse proxy and a forward authentication check for specific routes, redirecting unauthorized users.
```caddyfile
route {
# Assumption: Anubis is running in the same network namespace as
# caddy on localhost TCP port 8923
reverse_proxy /.within.website/* 127.0.0.1:8923
forward_auth 127.0.0.1:8923 {
uri /.within.website/x/cmd/anubis/api/check
trusted_proxies private_ranges
@unauthorized status 401
handle_response @unauthorized {
redir * /.within.website/?redir={uri} 307
}
}
}
```
--------------------------------
### Configure Request Weighting in Anubis
Source: https://anubis.techaro.lol/docs/admin/policies
This Anubis rule configuration demonstrates how to adjust the 'weight' of a request. The example removes 5 weight points if a specific Gitea session cookie is present in the request headers.
```yaml
- name: gitea-session-token
action: WEIGH
expression:
all:
- '"Cookie" in headers'
- headers["Cookie"].contains("i_love_gitea=")
# Remove 5 weight points
weight:
adjust: -5
```
--------------------------------
### Configure Request Weight Rules (YAML)
Source: https://anubis.techaro.lol/docs/CHANGELOG
Example of configuring 'WEIGH' rules in Anubis policies to adjust request weight based on specific criteria like headers or user agents. This allows for dynamic behavior adjustments.
```yaml
bots:
- name: gitea-session-token
action: WEIGH
expression:
all:
- '"Cookie" in headers'
- headers["Cookie"].contains("i_love_gitea=")
# Remove 5 weight points
weight:
adjust: -5
- name: bot-like-user-agent
action: WEIGH
expression: '"Bot" in userAgent'
# Add 5 weight points
weight:
adjust: 5
```