From 3c1d95d61e88f1851a25cc18d073e926e1943c4d Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Fri, 20 Jun 2025 11:47:34 -0400 Subject: [PATCH] fix(default-config): off-by-one error in the default thresholds (#701) I don't know how I missed this in testing. --- data/botPolicies.yaml | 4 ++-- docs/docs/CHANGELOG.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/data/botPolicies.yaml b/data/botPolicies.yaml index 27e729b..4286d7f 100644 --- a/data/botPolicies.yaml +++ b/data/botPolicies.yaml @@ -132,14 +132,14 @@ status_codes: thresholds: # By default Anubis ships with the following thresholds: - name: minimal-suspicion # This client is likely fine, its soul is lighter than a feather - expression: weight < 0 # a feather weighs zero units + expression: weight <= 0 # a feather weighs zero units action: ALLOW # Allow the traffic through # For clients that had some weight reduced through custom rules, give them a # lightweight challenge. - name: mild-suspicion expression: all: - - weight >= 0 + - weight > 0 - weight < 10 action: CHALLENGE challenge: diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index d245989..25b444b 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -40,6 +40,7 @@ And some cleanups/refactors were added: - Bump AI-robots.txt to version 1.37 - Make progress bar styling more compatible (UXP, etc) - Add `--strip-base-prefix` flag/envvar to strip the base prefix from request paths when forwarding to target servers +- Fix an off-by-one in the default threshold config Request weight is one of the biggest ticket features in Anubis. This enables Anubis to be much closer to a Web Application Firewall and when combined with custom thresholds allows administrators to have Anubis take advanced reactions. For more information about request weight, see [the request weight section](./admin/policies.mdx#request-weight) of the policy file documentation.