TudbuT/bombai
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bomba + ai = bombai. it bombs ai
30 commits 1 branch 0 tags 168 KiB
Rust 99.3%
Nix 0.7%
Find a file
TudbuT 1c040b6b60
cargo tree
2025-12-21 23:36:26 +01:00
src add gzip_chance 2025-12-18 21:02:27 +01:00
.envrc Initial commit 2025-12-17 19:49:48 +01:00
.gitignore Initial commit 2025-12-17 19:49:48 +01:00
Caddyfile Initial commit 2025-12-17 19:49:48 +01:00
Cargo.lock fix a panic 2025-12-17 21:50:07 +01:00
Cargo.toml fix a panic 2025-12-17 21:50:07 +01:00
LICENSE fix license 2025-12-18 01:12:47 +01:00
README.md cargo tree 2025-12-21 23:36:26 +01:00
shell.nix Initial commit 2025-12-17 19:49:48 +01:00

README.md

bombai: bomba + ai

instead of letting the ai boom bomb our websites, lets bomb the ai in return.

install via rust with cargo install --git https://git.tudbut.de/tudbut/bombai. https://rustup.rs

features

  • not dependent on user agents
    • metric is only what is requested
  • configurable, allowing e.g. setting lower limits for rarely visited pages
  • specifically designed to guard forgejo (and similar) things
  • zip bombs
  • traps (like iocaine but muuuch simpler)
  • redirecting to iocaine :)

more detail

detection

detection works by request counting for designated areas of the page ([[paths]])

  • each paths entry has its own counter
    • with separate max value after which requests get denied and the requester timeouted
    • with a decay per hour, that is calculated at much finer resolution than hourly of course
  • fail = timeout
  • entries can be set to always fail to create "trap paths" (max = 0)
  • subnets can be blobbed together into one entity, e.g. to catch alibaba's entire /24 subnet of bots

fail response

  • http mode: signal caddy (or other reverse proxy) to do something special
    • e.g. redirect to iocaine or other trap
  • file mode: respond with simple http response or html file
  • generated mode:
    • customizable
      • start text
      • end text
      • char spam in between
    • total length can be set
    • can be gzipped
      • optionally only if client allows it (via Accept-Encoding)
      • "gzip chance" from 0 to 100% (of requests)
    • "continuous failure" mode where a few links that lead into a maze of more failure are generated between start text and spam

config

default config is automatically dropped to disk and can also be found at src/bombai.toml

it contains a lot of documentation

how to

add to caddyfile as per the caddyfile in this repo. the iocaine part is not required.

@read method GET HEAD
reverse_proxy @read 127.0.0.1:42067 {
	@fallback status 421
	handle_response @fallback

	# optional, if using fail_response.data = http
	@iocaine status 423
	handle_response @iocaine {
		reverse_proxy 127.0.0.1:42069 # iocaine needs to be configured to always serve its poison for this.
	}
}

license

wtfpl+-ai. no ai allowed, everything else allowed.

cargo tree

i dont like big dependency trees. so this one is small.

tudbut@Tud-NixX260 ~/g/bombai (main)> cargo tree
bombai v0.1.0 (/home/tudbut/gitshit/bombai)
├── deborrow v0.3.1
│   └── deborrow-macro v0.2.0 (proc-macro)
├── flate2 v1.1.5
│   ├── crc32fast v1.5.0
│   │   └── cfg-if v1.0.4
│   └── miniz_oxide v0.8.9
│       ├── adler2 v2.0.1
│       └── simd-adler32 v0.3.8
├── horrorhttp v0.2.1
│   └── readformat v1.0.3
├── microlock v0.3.1
├── nanoserde v0.2.1 (https://github.com/tudbut/nanoserde#fc010f51)
│   └── nanoserde-derive v0.2.1 (proc-macro) (https://github.com/tudbut/nanoserde#fc010f51)
└── readformat v1.0.3