bomba + ai = bombai. it bombs ai

Find a file

TudbuT d774b5d109 add gzip_chance		2025-12-18 21:02:27 +01:00
src	add gzip_chance	2025-12-18 21:02:27 +01:00
.envrc	Initial commit	2025-12-17 19:49:48 +01:00
.gitignore	Initial commit	2025-12-17 19:49:48 +01:00
Caddyfile	Initial commit	2025-12-17 19:49:48 +01:00
Cargo.lock	fix a panic	2025-12-17 21:50:07 +01:00
Cargo.toml	fix a panic	2025-12-17 21:50:07 +01:00
LICENSE	fix license	2025-12-18 01:12:47 +01:00
README.md	readme	2025-12-17 21:21:33 +01:00
shell.nix	Initial commit	2025-12-17 19:49:48 +01:00

README.md

bombai: bomba ai

instead of letting the ai boom bomb our websites, lets bomb the ai in return.

features

not dependent on user agents
- metric is only what is requested
configurable, allowing e.g. setting lower limits for rarely visited pages
specifically designed to guard forgejo (and similar) things
zip bombs
traps (like iocaine but muuuch simpler)
redirecting to iocaine :)
infinitely loading pages (that send infinite data)

config

defalt config is automatically dropped to disk and can also be found at src/bombai.toml

it contains a lot of documentation

how to

add to caddyfile as per the caddyfile in this repo. the iocaine part is not required.

@read method GET HEAD
reverse_proxy @read 127.0.0.1:42067 {
	@fallback status 421
	handle_response @fallback

	# optional, if using fail_response.data = http
	@iocaine status 423
	handle_response @iocaine {
		reverse_proxy 127.0.0.1:42069 # iocaine needs to be configured to always serve its poison for this.
	}
}

license

wtfpl+-ai. no ai allowed, everything else allowed.