| 30 May 2025 |
 @adam:robins.wtf | https://docs.netlify.com/routing/redirects/rewrites-proxies/#proxy-to-another-service | 14:17:14 |
| @adam:robins.wtf | yes, custom headers are an option for proxying | 14:18:24 |
| @adam:robins.wtf | or the request can be signed, but not sure what that entails on the other end | 14:18:51 |
| @adam:robins.wtf | In theory, something like this would give us a header we could trust on the hydra side: https://github.com/NixOS/nix.dev/compare/master...adamcstephens:nix.dev:random-header?expand=1 | 15:00:36 |
 Alyssa Ross | I don't think header forging should matter very much — if the scraper bots were smart they'd just use a User-Agent that doesn't look like a browser to anubis. | 15:26:18 |
| Alyssa Ross | (If I'm understanding what you mean by trust) | 15:26:43 |
 hexa | the anubis module unfortunately looks like … use the default bot policy or write your own | 15:28:52 |
| hexa | not sure how if it offers a knob to extend it | 15:29:04 |
| hexa | also not sure where botPolicy gets used https://github.com/NixOS/nixpkgs/blob/96ec055edbe5ee227f28cdbc3f1ddf1df5965102/nixos/modules/services/networking/anubis.nix#L58 | 15:37:52 |
| hexa | I can't find it referenced anywhere | 15:38:10 |
| hexa | ah yeah, https://github.com/NixOS/nixpkgs/pull/401622 | 15:38:57 |
| @adam:robins.wtf | maybe "check" or "whitelist" would have been better terms. i'm not too worried about bots forging, but was thinking a known header we could explicitly validate is set on the anubis side. | 17:29:55 |
| @adam:robins.wtf | any header would probably work. i put a random string in my example because 🤷 | 17:30:48 |
| hexa | yeah, we can get more creative once bots adapt to these things | 17:31:40 |
