this post was submitted on 31 Mar 2026
13 points (100.0% liked)

Selfhosted

56957 readers
824 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
13
Can Anubis and Iocane be linked? (lemmy.world)
submitted 2 hours ago by Maroon@lemmy.world to c/selfhosted@lemmy.world
3 comments fedilink hide all child comments
 

This may sound like a weird thing to do, but I realised that many crawlers and bots are somehow still able to get past my Anubis. I presume they have gotten smarter and are capable of using JavaScript.

To counter this, I want to link my Anubis to an Iocane setup such that:

Internet > nginx reverse proxy > Anubis > Iocane > my site/app

My hope is that two different filtering mechanisms (one of which will actively poison and waste the bot's resourced) will protect my system better.

I thought I'd ask before actually trying out something like this.

top 3 comments
sorted by: hot top controversial new old
[–] Black616Angel@discuss.tchncs.de 3 points 1 hour ago

Have you tried fucking with the status codes?

There is a great defcon talk about that:

Slides

Video on Youtube

So you could e.g. return a 401 and still show the page. Most automated systems will probably ignore the response of an 'unauthorized' message.

[–] tal@lemmy.today 7 points 2 hours ago

Context:

https://en.wikipedia.org/wiki/Anubis_(software)

Anubis is an open source software program that adds a proof of work challenge to websites before users can access them in order to deter web scraping. It has been adopted mainly by Git forges and free and open-source software projects.[4][5]

https://lib.rs/crates/iocaine

Iocaine is a defense mechanism against unwanted scrapers, sitting between upstream resources and the fronting reverse proxy.

[–] db0@lemmy.dbzer0.com 6 points 2 hours ago

Iocaine expects you know how to detect it the bots, if they can get past anubis do you have another detection process?