On Wed, Apr 23, 2025 at 5:59 PM AntiCompositeNumber acn@anticomposite.net wrote:
https://anubis.techaro.lol/ is currently being deployed by a number of other sites, small and large, from the Arch Wiki to UNESCO. It is MIT licensed, sits between a front proxy and the appserver, and uses a proof-of-work CAPTCHA to prevent bots. It is a blunt hammer, but it's probably better than IP blocking. There is some ability to allow acceptable bots: https://anubis.techaro.lol/docs/admin/policies/
https://git.gammaspectra.live/git/go-away is a similar project with more configuration available, but I haven't heard as many folks deploying it.
I don't like advocating for these masures. I'm not sure there are any other reasonable options for resource-limited projects.
Anubis is on my list of potential tricks to try. I agree that proof of work proxies are not an ideal solution, but maybe they are slightly less terrible than outright blocks on 12% of the internet as I have done today.
Bryan