Caddy defender versus Anubis #406
Replies: 2 comments
-
|
I don't use caddy-defender, but looking at it, it is (mostly?) focused on blocking based on IP adresses. Anubis uses a different approach. The "Proof of work" challenge is a snippet of Javascript code that--depending of the difficulty set--takes a couple of seconds to complete. The POW challenge checks if something that claims to be a modern browser is able to behave like one and solve modern world's problems. On the server side, it takes virtually no time to check if you passed the challenge or not, but bots either won't be able to solve the challenge (since they are no browsers, even though they say so) and in case they are real browsers, they will get really tired soon. For the normal user, it is no problem to wait 1-3 seconds once a week until the challenge is solved, but for a bot or attacker with a large botnet, it get's really expensive quickly. The inner details about the POW challenge are described here: https://anubis.techaro.lol/docs/design/why-proof-of-work#how-anubis-proof-of-work-scheme-works |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @lotharsm I get it now . I use a ton of WASM running inside a browser that renders htmx using htmx. I am tempted to try this out on a demo project . I know it’s designed to protect servers , but it might be useful to also protect WASM in a browser . Headless browsers in the data folder looks good .. then of course there are a huge mobile phone bot farms in China . Curious how well it works then . |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I currently use https://github.com/JasonLovesDoggo/caddy-defender to block AI bots .
Anubis seems similar but perhaps is using a different mechanism ? Would appreciate more info on the “ proof of work “ as it’s called . It’s a term from block chains but I could not find docs on that .
Beta Was this translation helpful? Give feedback.
All reactions