8000 Release v1.18.0: Varis zos Galvus · TecharoHQ/anubis · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

v1.18.0: Varis zos Galvus
Compare
Choose a tag to compare
@Xe Xe released this 09 May 16:31
· 121 commits to main since this release
v1.18.0
8c7640a

The big ticket feature in this release is CEL expression matching support. This allows you to tailor your approach for the individual services you are protecting.

These can be as simple as:

- name: allow-api-requests
  action: ALLOW
  expression:
    all:
      - '"Accept" in headers'
      - 'headers["Accept"] == "application/json"'
      - 'path.startsWith("/api/")'

Or as complicated as:

- name: allow-git-clients
  action: ALLOW
  expression:
    all:
      - >-
        (  
          userAgent.startsWith("git/") ||
          userAgent.contains("libgit") ||
          userAgent.startsWith("go-git") ||
          userAgent.startsWith("JGit/") ||
          userAgent.startsWith("JGit-")
        )
      - '"Git-Protocol" in headers'
      - headers["Git-Protocol"] == "version=2"

The docs have more information, but here's a tl;dr of the variables you have access to in expressions:

Name Type Explanation Example
headers map[string, string] The headers of the request being processed. {"User-Agent": "Mozilla/5.0 Gecko/20100101 Firefox/137.0"}
host string The HTTP hostname the request is targeted to. anubis.techaro.lol
method string The HTTP method in the request being processed. GET, POST, DELETE, etc.
path string The path of the request being processed. /, /api/memes/create
query map[string, string] The query parameters of the request being processed. ?foo=bar -> {"foo": "bar"}
remoteAddress string The IP address of the client. 1.1.1.1
userAgent string The User-Agent string in the request being processed. Mozilla/5.0 Gecko/20100101 Firefox/137.0

This will be made more elaborate in the future. Give me time. This is a simple, lovable, and complete implementation of this feature so that administrators can get hacking ASAP.

Other changes:

  • Use CSS variables to deduplicate styles
  • Fixed native packages not containing the stdlib and botPolicies.yaml
  • Change import syntax to allow multi-level imports
  • Changed the startup logging to use JSON formatting as all the other logs do.
  • Added the ability to do expression matching with CEL
  • Add a warning for clients that don't store cookies
  • Disable Open Graph passthrough by default (#435)
  • Clarify the license of the mascot images (#442)
  • Started Suppressing 'Context canceled' errors from http in the logs (#446)

What's Changed

  • docs(known-instances): add ScummVM by @lotharsm in #411
  • fix(web): Avoid timestamping main.mjs.gz by @heftig in #412
  • docs(known-instances): Add FreeCAD Wiki to known instances by @twihno in #414
  • fix(yeetfile): copy all docs, data files, and botPolicies.yaml by @Xe in #419
  • feat(config): allow multi-level imports by @Xe in #402
  • fix(cmd/anubis): print "Rule error IDs" in JSON by @SlyEcho in #408
  • Update nginx.mdx upstream syntax by @kkremitzki in #397
  • deduplicate css rules by using media query to set variables by @barmintor in #420
  • docs(user): add frequently asked questions page by @Xe in #422
  • docs: add caddy docs by @Xe in #423
  • docs(apache): make listener run on port 3001 by @mans17 in #430
  • feat(checker): add CEL for matching complicated expressions by @Xe in #421
  • build(deps): bump the github-actions group with 3 updates by @dependabot in #439
  • zizmor: add config file to silence unpinned-uses of Homebrew/actions by @p-linnane in #441
  • fix(anubis): disable opengraph passthru by default by @Xe in #447
  • Spelling by @jsoref in #445
  • feat(js): stop execution if the client disabled cookies by @Xe in #438
  • chore(static/img): add mascot attributions to the repo by @Xe in #448
  • chore(sponsors): add canine.tools by @hyperdefined in #450
  • ci: add govulncheck by @Xe in #456
  • ci(go): fix govulncheck by @Xe in #464
  • build(deps): bump the gomod group across 1 directory with 4 updates by @dependabot in #457
  • docs: add missing subrequest auth configuration by @nijel in #463
  • feat(log): implement custom error log filter to suppress "context can… by @JasonLovesDoggo in #470
  • Trim spaces from elements of split XFF string by @dchandekstark in #459
  • fix(js): use pure JS SHA256 library, refactor by @Xe in #471
  • Revert "fix(js): use pure JS SHA256 library, refactor" by @Xe in #475

New Contributors

Full Changelog: v1.17.1...v1.18.0

Contributors

barmintor, dchandekstark, and 13 other contributors
Assets 24
Loading
0 Join discussion
0