| 30 May 2025 |
 adamcstephens | or the request can be signed, but not sure what that entails on the other end | 14:18:51 |
| adamcstephens | In theory, something like this would give us a header we could trust on the hydra side: https://github.com/NixOS/nix.dev/compare/master...adamcstephens:nix.dev:random-header?expand=1 | 15:00:36 |
 Alyssa Ross | I don't think header forging should matter very much — if the scraper bots were smart they'd just use a User-Agent that doesn't look like a browser to anubis. | 15:26:18 |
| Alyssa Ross | (If I'm understanding what you mean by trust) | 15:26:43 |
 hexa | the anubis module unfortunately looks like … use the default bot policy or write your own | 15:28:52 |
| hexa | not sure how if it offers a knob to extend it | 15:29:04 |
| hexa | also not sure where botPolicy gets used https://github.com/NixOS/nixpkgs/blob/96ec055edbe5ee227f28cdbc3f1ddf1df5965102/nixos/modules/services/networking/anubis.nix#L58 | 15:37:52 |
| hexa | I can't find it referenced anywhere | 15:38:10 |
| hexa | ah yeah, https://github.com/NixOS/nixpkgs/pull/401622 | 15:38:57 |
| adamcstephens | maybe "check" or "whitelist" would have been better terms. i'm not too worried about bots forging, but was thinking a known header we could explicitly validate is set on the anubis side. | 17:29:55 |
| adamcstephens | any header would probably work. i put a random string in my example because 🤷 | 17:30:48 |
| hexa | yeah, we can get more creative once bots adapt to these things | 17:31:40 |
 tpw_rules | Redacted or Malformed Event | 22:21:14 |
| hexa | not infra related, is it? 🤔 | 22:22:12 |
| tpw_rules | Redacted or Malformed Event | 22:24:29 |
| hexa | #nix-community:nixos.org | 22:24:46 |
| hexa | adamcstephens: thanks, I PRed your proposed change | 23:45:55 |
| hexa | and prepared to reapply anubis https://github.com/NixOS/infra/pull/703 | 23:46:15 |
| 31 May 2025 |
|  ethancedwards8 joined the room. | 02:54:05 |
|  @trofi:matrix.org left the room. | 13:46:57 |
|  Kyle Robinson joined the room. | 19:43:21 |
| Kyle Robinson | I'm getting 403 on hydra but my user agent is normal:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 | 19:43:43 |
| hexa | claims to be Chrome/130.0 | 19:44:12 |
| hexa | among other things | 19:44:23 |
| hexa | which is from 2024-10 | 19:44:52 |
| Kyle Robinson | That's my browsers default useragent | 19:44:58 |
| Kyle Robinson | 2024 isn't even that old | 19:45:09 |
| hexa | for browser that is ancient | 19:45:17 |
| hexa | but you're probably using Safari, not Chrome, right? | 19:45:30 |
| Kyle Robinson | it's really not... | 19:45:31 |
