TudbuT/bombai
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bombai/README.md
TudbuT 65cc48e8b9 Update README.md
2025-12-21 23:16:41 +01:00

2.2 KiB
Raw Blame History

bombai: bomba + ai

instead of letting the ai boom bomb our websites, lets bomb the ai in return.

install via rust with cargo install --git https://git.tudbut.de/tudbut/bombai. https://rustup.rs

features

  • not dependent on user agents
    • metric is only what is requested
  • configurable, allowing e.g. setting lower limits for rarely visited pages
  • specifically designed to guard forgejo (and similar) things
  • zip bombs
  • traps (like iocaine but muuuch simpler)
  • redirecting to iocaine :)

more detail

detection

detection works by request counting for designated areas of the page ([[paths]])

  • each paths entry has its own counter
    • with separate max value after which requests get denied and the requester timeouted
    • with a decay per hour, that is calculated at much finer resolution than hourly of course
  • fail = timeout
  • entries can be set to always fail to create "trap paths" (max = 0)
  • subnets can be blobbed together into one entity, e.g. to catch alibaba's entire /24 subnet of bots

fail response

  • http mode: signal caddy (or other reverse proxy) to do something special
    • e.g. redirect to iocaine or other trap
  • file mode: respond with simple http response or html file
  • generated mode:
    • customizable
      • start text
      • end text
      • char spam in between
    • total length can be set
    • can be gzipped
      • optionally only if client allows it (via Accept-Encoding)
      • "gzip chance" from 0 to 100% (of requests)
    • "continuous failure" mode where a few links that lead into a maze of more failure are generated between start text and spam

config

default config is automatically dropped to disk and can also be found at src/bombai.toml

it contains a lot of documentation

how to

add to caddyfile as per the caddyfile in this repo. the iocaine part is not required.

@read method GET HEAD
reverse_proxy @read 127.0.0.1:42067 {
	@fallback status 421
	handle_response @fallback

	# optional, if using fail_response.data = http
	@iocaine status 423
	handle_response @iocaine {
		reverse_proxy 127.0.0.1:42069 # iocaine needs to be configured to always serve its poison for this.
	}
}

license

wtfpl+-ai. no ai allowed, everything else allowed.