Anubis offers the ability to assign "weight" to requests. This is a custom level of suspicion that rules can add to or remove from. For example, here's how you assign 10 weight points to anything that might be a browser:
# botPolicies.yaml
bots:
- name: generic-browser
user_agent_regex: >-
Mozilla|Opera
action: WEIGH
weight:
adjust: 10Thresholds let you take this per-request weight value and take actions in response to it. Thresholds are defined alongside your bot configuration in botPolicies.yaml.
:::note
Thresholds DO NOT apply when a request matches a bot rule with the CHALLENGE action. Thresholds only apply when requests don't match any terminal bot rules.
:::
# botPolicies.yaml
bots: ...
thresholds:
- name: minimal-suspicion
expression: weight < 0
action: ALLOW
- name: mild-suspicion
expression:
all:
- weight >= 0
- weight < 10
action: CHALLENGE
challenge:
algorithm: metarefresh
difficulty: 1
- name: moderate-suspicion
expression:
all:
- weight >= 10
- weight < 20
action: CHALLENGE
challenge:
algorithm: fast
difficulty: 2
- name: extreme-suspicion
expression: weight >= 20
action: CHALLENGE
challenge:
algorithm: fast
difficulty: 4This defines a suite of 4 thresholds:
- If the request weight is less than zero, allow it through.
- If the request weight is greater than or equal to zero, but less than ten: give it a very lightweight challenge.
- If the request weight is greater than or equal to ten, but less than twenty: give it a slightly heavier challenge.
- Otherwise, give it the heaviest challenge.
Thresholds can be configured with the following options:
| Name | Description | Example |
|---|---|---|
| `name` | The human-readable name for this threshold. |
name: extreme-suspicionTo check if the request weight is less than zero: expression: weight < 0To check if it's between 0 and 10 (inclusive): expression:
all:
- weight >= 0
- weight < 10action: ALLOWIf you set the CHALLENGE action, you must set challenge details: action: CHALLENGE
challenge:
algorithm: metarefresh
difficulty: 1
report_as: 1 |