feat: Make it so that the security.txt endpoint bypasses antibot checks

bunkerity · Jul 22, 2024 · 0922488 · 0922488
1 parent 33ec069
commit 0922488
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/src/common/core/order.json b/src/common/core/order.json
@@ -37,6 +37,7 @@
     "limit",
     "misc",
     "cors",
+    "securitytxt",
     "antibot"
   ],
   "headers": [

diff --git a/src/common/core/securitytxt/securitytxt.lua b/src/common/core/securitytxt/securitytxt.lua
@@ -4,6 +4,7 @@ local utils = require "bunkerweb.utils"
 
 local ngx = ngx
 local ERR = ngx.ERR
+local OK = ngx.OK
 local get_phase = ngx.get_phase
 local subsystem = ngx.config.subsystem
 local get_multiple_variables = utils.get_multiple_variables
@@ -109,6 +110,13 @@ function securitytxt:init()
 	return self:ret(true, "successfully loaded security policies")
 end
 
+function securitytxt:access()
+	if self.ctx.bw.uri ~= self.variables["SECURITYTXT_URI"] and self.ctx.bw.uri ~= "/security.txt" then
+		return self:ret(true, "success")
+	end
+	return self:ret(true, "security.txt requested", OK)
+end
+
 function securitytxt:content()
 	-- Check if content is needed
 	if self.variables["USE_SECURITYTXT"] == "no" then
@@ -126,7 +134,6 @@ function securitytxt:content()
 	end
 
 	local data = {
-		server_name = self.ctx.bw.server_name,
 		scheme = self.ctx.bw.scheme,
 	}
 

diff --git a/src/common/core/securitytxt/templates/security.txt b/src/common/core/securitytxt/templates/security.txt
@@ -14,7 +14,7 @@ Preferred-Languages: {*preferred_lang*}
 Canonical: {*ca*}
   {% end %}
 {% else %}
-Canonical: {*scheme*}://{*server_name*}{*uri*}
+Canonical: https://{*server_name*}{*uri*}
 {% end %}
 {% for _, p in ipairs(policy) do %}
 Policy: {*p*}