Properly handle 4in6 addresses so that IP matching works with those addresses.
Add support to simple Valkey/Redis cluster mode
Open Graph passthrough now reuses the configured target Host/SNI/TLS settings, so metadata fetches succeed when the upstream certificate differs from the public domain. (1283)
Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures.
Deprecate report_as in challenge configuration
Previously Anubis let you lie to users about the difficulty of a challenge to interfere with operators of malicious scrapers as a psychological attack:
bots:
# Punish any bot with "bot" in the user-agent string
# This is known to have a high false-positive rate, use at your own risk
- name: generic-bot-catchall
user_agent_regex: (?i:bot|crawler)
action: CHALLENGE
challenge:
difficulty: 16 # impossible
report_as: 4 # lie to the operator
algorithm: slow # intentionally waste CPU cycles and time
This has turned out to be a bad idea because it has caused massive user experience problems and has been removed. If you are using this setting, you will get a warning in your logs like this:
{
"time": "2025-11-25T23:10:31.092201549-05:00",
"level": "WARN",
"source": {
"function": "github.com/TecharoHQ/anubis/lib/policy.ParseConfig",
"file": "/home/xe/code/TecharoHQ/anubis/lib/policy/policy.go",
"line": 201
},
"msg": "use of deprecated report_as setting detected, please remove this from your policy file when possible",
"at": "config-validate",
"name": "mild-suspicion"
}
To remove this warning, remove this setting from your policy file.
Logging customization
Anubis now supports the ability to log to multiple backends ("sinks"). This allows you to have Anubis log to a file instead of just logging to standard out. You can also customize the logging level in the policy file:
logging:
level: "warn" # much less verbose logging
sink: file # log to a file
parameters:
file: "./var/anubis.log"
maxBackups: 3 # keep at least 3 old copies
maxBytes: 67108864 # each file can have up to 64 Mi of logs
maxAge: 7 # rotate files out every n days
oldFileTimeFormat: 2006-01-02T15-04-05 # RFC 3339-ish
compress: true # gzip-compress old log files
useLocalTime: false # timezone for rotated files is UTC
arpaReverseIP to transform IPv4/6 addresses into ARPA reverse IP notation.
regexSafe to escape regex special characters (useful for including remoteAddress or headers in regular expressions).
DNS cache and other optimizations to minimize unnecessary DNS queries.
The DNS cache TTL can be changed in the bots config like this:
dns_ttl:
forward: 600
reverse: 600
The default value for both forward and reverse queries is 300 seconds.
The verifyFCrDNS CEL function has two overloads:
(addr)
Simply verifies that the remote side has PTR records pointing to the target address.
(addr, ptrPattern)
Verifies that the remote side refers to a specific domain and that this domain points to the target IP.
What's Changed
feat: Add thai language. by @karorogunso in https://github.com/TecharoHQ/anubis/pull/900
Update is.json by @sveinki in https://github.com/TecharoHQ/anubis/pull/1241
fix(data/docker-client): allow some more OCI clients through by @Xe in https://github.com/TecharoHQ/anubis/pull/1258
fix(data): add services folder to embedded filesystem by @Xe in https://github.com/TecharoHQ/anubis/pull/1259
feat(localization): Add Ukrainian language translation by @nykula in https://github.com/TecharoHQ/anubis/pull/1044
build(deps): bump the github-actions group with 3 updates by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1262
Add Renovate to Docker clients by @DrJosh9000 in https://github.com/TecharoHQ/anubis/pull/1267
fix(docs): use node:lts by @Xe in https://github.com/TecharoHQ/anubis/pull/1274
fix(run): mark openrc service script as executable by @kouhaidev in https://github.com/TecharoHQ/anubis/pull/1272
test: ipv4 in v6 address checking by @SlyEcho in https://github.com/TecharoHQ/anubis/pull/1271
(feat) Add cluster support to redis/vaultkey store by @egimbernat in https://github.com/TecharoHQ/anubis/pull/1276
feat(lib): expose WEIGH matches as prometheus metrics by @Xe in https://github.com/TecharoHQ/anubis/pull/1277
Fix challenge validation panic when follow-up hits ALLOW by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/1278
feat(internal/headers): extend debug logging of X-Forwarded-For middlewares by @DerRockWolf in https://github.com/TecharoHQ/anubis/pull/1269
test: Valkey test improvements for testcontainers by @SlyEcho in https://github.com/TecharoHQ/anubis/pull/1280
docs: use nginx http2 directive instead of deprecated http2 listen parameter by @kouhaidev in https://github.com/TecharoHQ/anubis/pull/1251
perf: field-align struct definitions to cut padding by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/1284
fix(tests): make CVE-2025-24369 regression deterministic by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/1285
build(deps): bump go deps by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/1287
build(deps): bump github.com/testcontainers/testcontainers-go from 0.39.0 to 0.40.0 in the gomod group across 1 directory by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1288
test(deps): update dependencies to latest versions by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/1289
build(deps-dev): bump esbuild from 0.25.12 to 0.27.0 in the npm group by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1260
fix(ogtags): respect target host/SNI/insecure flags in OG passthrough by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/1283
docs: clarify usage of PUBLIC_URL and REDIRECT_DOMAINS in installatio… by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/1286
feat(store/valkey): Add Redis(R) Sentinel support by @Xe in https://github.com/TecharoHQ/anubis/pull/1294
Pass the remote IP to the proxied application by @eXpl0it3r in https://github.com/TecharoHQ/anubis/pull/1298
ci: add go mod tidy check workflow by @Xe in https://github.com/TecharoHQ/anubis/pull/1300
feat: writing logs to the filesystem with rotation support by @Xe in https://github.com/TecharoHQ/anubis/pull/1299
chore: add dependabot cooldown by @Xe in https://github.com/TecharoHQ/anubis/pull/1302
add Polish language translation by @bplajzer in https://github.com/TecharoHQ/anubis/pull/1309
fix(config): deprecate the report_as field for challenges by @Xe in https://github.com/TecharoHQ/anubis/pull/1311
Implement FCrDNS and other DNS features by @btomaev in https://github.com/TecharoHQ/anubis/pull/1308
Show how to use subrequest auth with Caddy by @tbodt in https://github.com/TecharoHQ/anubis/pull/1312
build(deps): bump actions-hub/kubectl from 1.34.1 to 1.34.2 in the github-actions group by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1303
fix: pin Node.js and Go versions in CI configuration files by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/1318
build(deps): bump the github-actions group with 3 updates by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1317
build(deps): bump the gomod group with 5 updates by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1316
New Contributors
@karorogunso made their first contribution in https://github.com/TecharoHQ/anubis/pull/900
@nykula made their first contribution in https://github.com/TecharoHQ/anubis/pull/1044
@DrJosh9000 made their first contribution in https://github.com/TecharoHQ/anubis/pull/1267
@kouhaidev made their first contribution in https://github.com/TecharoHQ/anubis/pull/1272
@egimbernat made their first contribution in https://github.com/TecharoHQ/anubis/pull/1276
@DerRockWolf made their first contribution in https://github.com/TecharoHQ/anubis/pull/1269
@eXpl0it3r made their first contribution in https://github.com/TecharoHQ/anubis/pull/1298
@bplajzer made their first contribution in https://github.com/TecharoHQ/anubis/pull/1309
@btomaev made their first contribution in https://github.com/TecharoHQ/anubis/pull/1308
@tbodt made their first contribution in https://github.com/TecharoHQ/anubis/pull/1312
Full Changelog: https://github.com/TecharoHQ/anubis/compare/v1.23.1...v1.24.0-pre1