From eca3c260b7e338c25a0b59495b571123fa79094c Mon Sep 17 00:00:00 2001
From: Lzebulon <lzebulon@crans.org>
Date: Sun, 13 Jul 2025 14:06:39 +0200
Subject: [PATCH] meilleur filtres avec list predefinie par anubis

---
 hosts/vm/reverseproxy/reverseproxy.nix | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix
index 9b0fa01..d1a0806 100644
--- a/hosts/vm/reverseproxy/reverseproxy.nix
+++ b/hosts/vm/reverseproxy/reverseproxy.nix
@@ -66,13 +66,26 @@ let
           - 46.105.102.188/32
           - 2001:41d0:2:d5bc::/128
 
+      # les bots qui font souvent de la merde
+      # https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml
+      - import: (data)/bots/_deny-pathological.yaml
+
       # on authorise les indexers des moteurs de recherche, liste dispo ici :
       # https://github.com/TecharoHQ/anubis/blob/main/data/crawlers/_allow-good.yaml
       - import: (data)/crawlers/_allow-good.yaml
 
-      - name: no-user-agent-string
-        action: DENY
-        expression: userAgent == ""
+      # authorise l'accès à favicon, robots.txt, well-known
+      # https://github.com/TecharoHQ/anubis/blob/main/data/common/keep-internet-working.yaml
+      - import: (data)/common/keep-internet-working.yaml
+
+      # refuse si userAgent = ""
+      # https://github.com/TecharoHQ/anubis/blob/main/data/common/keep-internet-working.yaml
+      - import: (data)/common/rfc-violations.yaml
+
+
+      # Bloque les AI aggressivement (bots/agent, training et user search par IA)
+      # https://github.com/TecharoHQ/anubis/blob/main/data/meta/ai-block-aggressive.yaml
+      - import: (data)/meta/ai-block-aggressive.yaml
 
       - name: ban-gpt
         user_agent_regex: ".*gpt.*"