Add Opt-Out: Guide for Fediverse Administrators

Ramses Revengeday 2024-11-16 19:52:15 +00:00
commit 32b569267c

@ -0,0 +1,157 @@
# Opt-Out: Guide for Fediverse Administrators
## Overview
The **Cyber Circle Creator** is a tool designed to leverage public APIs to gather information from Fediverse instances. This guide outlines how administrators of Fediverse instances can prevent the Cyber Circle Creator from accessing or fetching data from their instances.
## The Functionality
One of the core functions within the Cyber Circle Creator is `apiRequestWithHeaders`. This asynchronous JavaScript function is responsible for making HTTP requests to the Fediverse instances, including a custom User-Agent header named `cyber-circle-creator`. It attempts to fetch data from specified URLs and handles errors with fallback mechanisms.
### Relevant Code Snippet
```javascript
async function apiRequestWithHeaders(url, options = null) {
console.log(`Fetching :: ${url}`);
const defaultUserAgent = { 'User-Agent': 'cyber-circle-creator' };
// Merge headers
options = options || {};
options.headers = { ...(options.headers || {}), ...defaultUserAgent };
if (options.body) {
options.body = JSON.stringify(options.body);
}
try {
const response = await fetch(url, options);
if (response.ok) {
return { response: { headers: response.headers, body: await response.json(), error: undefined }};
}
throw new Error(`Error fetching ${url}: ${response.status} ${response.statusText}`);
} catch (error) {
console.error(`Error fetching with User-Agent "cyber-circle":`, error);
try {
const fallbackResponse = await fetch(url, { ...(options ?? {}), headers: undefined });
if (fallbackResponse.ok) {
return { response: { headers: fallbackResponse.headers, body: await fallbackResponse.json(), error: undefined }};
}
throw new Error(`Error fetching ${url}: ${fallbackResponse.status} ${fallbackResponse.statusText}`);
} catch (fallbackError) {
console.error(`Fallback fetching without User-Agent failed:`, fallbackError);
return {
response: undefined,
error: `Error fetching ${url}: ${fallbackError}`
};
}
}
}
```
## How to Block Cyber Circle Creator
Administrators who wish to restrict or prevent the Cyber Circle Creator tool from accessing their instance's data can follow these strategies:
### User-Agent Blocking
1. **Configure Web Server Rules**: Most web servers allow configuration to block requests based on the User-Agent string. You can set up rules to block requests where `User-Agent` is `cyber-circle-creator`.
2. **Web Application Firewalls (WAF)**: Utilize a WAF to detect and block requests containing this specific User-Agent.
#### Blocking User-Agent in Apache
To block a specific User-Agent, such as `cyber-circle-creator`, you can use the `mod_rewrite` module in the Apache configuration.
1. **Enable the `mod_rewrite` module** (if not already enabled):
```bash
sudo a2enmod rewrite
```
2. **Add the following directives to your Apache configuration file** (usually in `/etc/apache2/sites-available/your-site.conf`) or `.htaccess` file:
```apache
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} cyber-circle-creator [NC]
RewriteRule .* - [F,L]
```
This configuration checks for requests with the User-Agent `cyber-circle-creator` and returns a 403 Forbidden response.
3. **Restart Apache** to apply changes:
```bash
sudo systemctl restart apache2
```
#### Blocking User-Agent in Nginx
To block a User-Agent in Nginx, you can use the `if` directive within the server block of your Nginx configuration.
1. **Edit the Nginx configuration file** (usually located at `/etc/nginx/sites-available/your-site` or `/etc/nginx/nginx.conf`):
```nginx
if ($http_user_agent ~* "cyber-circle-creator") {
return 403;
}
```
This will block any requests with the User-Agent `cyber-circle-creator` by returning a 403 Forbidden response.
2. **Test the Nginx configuration** for syntax errors:
```bash
sudo nginx -t
```
3. **Reload Nginx** to apply changes:
```bash
sudo systemctl reload nginx
```
#### Blocking User-Agent in HAProxy
For HAProxy, you can use ACLs to block requests based on the User-Agent string.
1. **Edit the HAProxy configuration file** (usually located at `/etc/haproxy/haproxy.cfg`):
```haproxy
frontend http_in
bind *:80
acl bad_user_agent hdr_sub(User-Agent) -i cyber-circle-creator
http-request deny if bad_user_agent
```
This configuration will deny any HTTP requests with a User-Agent containing `cyber-circle-creator`.
2. **Restart HAProxy** to apply changes:
```bash
sudo systemctl restart haproxy
```
### Public API Restrictions
The tool fetches data using public APIs defined in Fediverse node software. Some potential methods to restrict access include:
1. **Rate Limiting**: Implement rate limiting on the APIs to reduce the efficiency of the tool in gathering large amounts of data.
2. **Access Control**: Configure the instance to restrict API access to authenticated users or specific IP addresses.
3. **API Configuration**: Refer to the specific documentation for the Fediverse software running on your instance. There might be built-in options to customize which public data API endpoints are available or to add additional layers of authentication.
### Important Note on Request Origin
The API requests made by the Cyber Circle Creator are not sent directly from a centralized server like `ccc.cyber.to`. Instead, they are initiated by the users who visit the webpage using the tool. This means that simply blocking the server will not prevent the requests, as they originate from the users' browsers. Therefore, focusing on tactics like User-Agent blocking and API configuration will be more effective.
## Further Information
For detailed instructions about configuring these settings and further possibilities for securing your instance, consult the documentation related to your specific Fediverse software (e.g., Mastodon, Misskey, Pleroma). Administrator guides generally include essential best practices for enhancing privacy and security on an instance-wide level.