# bombai: bomba + ai

instead of letting the ai boom bomb our websites, lets bomb the ai in return.

**install via rust with `cargo install --git https://git.tudbut.de/tudbut/bombai`. https://rustup.rs**

# features

- **not dependent on user agents**
	- metric is *only* what is requested
- configurable, allowing e.g. setting lower limits for rarely visited pages
- specifically designed to guard forgejo (and similar) things
- **zip bombs**
- traps (like iocaine but muuuch simpler)
- redirecting to iocaine :)

# more detail

## detection

detection works by request counting for designated areas of the page (`[[paths]]`)

- each paths entry has its own counter
  - with separate max value after which requests get denied and the requester timeouted
  - with a decay per hour, that is calculated at much finer resolution than hourly of course
- fail = timeout
- entries can be set to always fail to create "trap paths" (max = 0)
- subnets can be blobbed together into one entity, e.g. to catch alibaba's entire /24 subnet of bots

## fail response

- http mode: signal caddy (or other reverse proxy) to do something special
	- e.g. redirect to iocaine or other trap
- file mode: respond with simple http response or html file
- generated mode:
	- customizable 
		- start text
		- end text
		- char spam in between
	- total length can be set
	- can be gzipped
		- optionally only if client allows it (via Accept-Encoding)
		- "gzip chance" from 0 to 100% (of requests)
	- "continuous failure" mode where a few links that lead into a maze of more failure
	  are generated between start text and spam

# config

default config is automatically dropped to disk and can also be found at src/bombai.toml

it contains a lot of documentation

# how to

add to caddyfile as per the caddyfile in this repo. the iocaine part is not required.

```caddyfile
@read method GET HEAD
reverse_proxy @read 127.0.0.1:42067 {
	@fallback status 421
	handle_response @fallback

	# optional, if using fail_response.data = http
	@iocaine status 423
	handle_response @iocaine {
		reverse_proxy 127.0.0.1:42069 # iocaine needs to be configured to always serve its poison for this.
	}
}
```

# license

wtfpl+-ai. no ai allowed, everything else allowed.

# cargo tree

i dont like big dependency trees. so this one is small.

```
tudbut@Tud-NixX260 ~/g/bombai (main)> cargo tree
bombai v0.1.0 (/home/tudbut/gitshit/bombai)
├── deborrow v0.3.1
│   └── deborrow-macro v0.2.0 (proc-macro)
├── flate2 v1.1.5
│   ├── crc32fast v1.5.0
│   │   └── cfg-if v1.0.4
│   └── miniz_oxide v0.8.9
│       ├── adler2 v2.0.1
│       └── simd-adler32 v0.3.8
├── horrorhttp v0.2.1
│   └── readformat v1.0.3
├── microlock v0.3.1
├── nanoserde v0.2.1 (https://github.com/tudbut/nanoserde#fc010f51)
│   └── nanoserde-derive v0.2.1 (proc-macro) (https://github.com/tudbut/nanoserde#fc010f51)
└── readformat v1.0.3
```