commit 32b569267c336d2a82ffb68e42d7cd4e4890a149 Author: Ramses Revengeday Date: Sat Nov 16 19:52:15 2024 +0000 Add Opt-Out: Guide for Fediverse Administrators diff --git a/Opt-Out%3A Guide for Fediverse Administrators.-.md b/Opt-Out%3A Guide for Fediverse Administrators.-.md new file mode 100644 index 0000000..deb34a2 --- /dev/null +++ b/Opt-Out%3A Guide for Fediverse Administrators.-.md @@ -0,0 +1,157 @@ +# Opt-Out: Guide for Fediverse Administrators + +## Overview + +The **Cyber Circle Creator** is a tool designed to leverage public APIs to gather information from Fediverse instances. This guide outlines how administrators of Fediverse instances can prevent the Cyber Circle Creator from accessing or fetching data from their instances. + +## The Functionality + +One of the core functions within the Cyber Circle Creator is `apiRequestWithHeaders`. This asynchronous JavaScript function is responsible for making HTTP requests to the Fediverse instances, including a custom User-Agent header named `cyber-circle-creator`. It attempts to fetch data from specified URLs and handles errors with fallback mechanisms. + +### Relevant Code Snippet + +```javascript +async function apiRequestWithHeaders(url, options = null) { + console.log(`Fetching :: ${url}`); + + const defaultUserAgent = { 'User-Agent': 'cyber-circle-creator' }; + + // Merge headers + options = options || {}; + options.headers = { ...(options.headers || {}), ...defaultUserAgent }; + + if (options.body) { + options.body = JSON.stringify(options.body); + } + + try { + const response = await fetch(url, options); + + if (response.ok) { + return { response: { headers: response.headers, body: await response.json(), error: undefined }}; + } + + throw new Error(`Error fetching ${url}: ${response.status} ${response.statusText}`); + } catch (error) { + console.error(`Error fetching with User-Agent "cyber-circle":`, error); + + try { + const fallbackResponse = await fetch(url, { ...(options ?? {}), headers: undefined }); + + if (fallbackResponse.ok) { + return { response: { headers: fallbackResponse.headers, body: await fallbackResponse.json(), error: undefined }}; + } + + throw new Error(`Error fetching ${url}: ${fallbackResponse.status} ${fallbackResponse.statusText}`); + } catch (fallbackError) { + console.error(`Fallback fetching without User-Agent failed:`, fallbackError); + return { + response: undefined, + error: `Error fetching ${url}: ${fallbackError}` + }; + } + } +} +``` + +## How to Block Cyber Circle Creator + +Administrators who wish to restrict or prevent the Cyber Circle Creator tool from accessing their instance's data can follow these strategies: + +### User-Agent Blocking + +1. **Configure Web Server Rules**: Most web servers allow configuration to block requests based on the User-Agent string. You can set up rules to block requests where `User-Agent` is `cyber-circle-creator`. + +2. **Web Application Firewalls (WAF)**: Utilize a WAF to detect and block requests containing this specific User-Agent. + +#### Blocking User-Agent in Apache + +To block a specific User-Agent, such as `cyber-circle-creator`, you can use the `mod_rewrite` module in the Apache configuration. + +1. **Enable the `mod_rewrite` module** (if not already enabled): + +```bash +sudo a2enmod rewrite +``` + +2. **Add the following directives to your Apache configuration file** (usually in `/etc/apache2/sites-available/your-site.conf`) or `.htaccess` file: + +```apache +RewriteEngine On +RewriteCond %{HTTP_USER_AGENT} cyber-circle-creator [NC] +RewriteRule .* - [F,L] +``` + +This configuration checks for requests with the User-Agent `cyber-circle-creator` and returns a 403 Forbidden response. + +3. **Restart Apache** to apply changes: + +```bash +sudo systemctl restart apache2 +``` + +#### Blocking User-Agent in Nginx + +To block a User-Agent in Nginx, you can use the `if` directive within the server block of your Nginx configuration. + +1. **Edit the Nginx configuration file** (usually located at `/etc/nginx/sites-available/your-site` or `/etc/nginx/nginx.conf`): + +```nginx +if ($http_user_agent ~* "cyber-circle-creator") { +return 403; +} +``` + +This will block any requests with the User-Agent `cyber-circle-creator` by returning a 403 Forbidden response. + +2. **Test the Nginx configuration** for syntax errors: + +```bash +sudo nginx -t +``` + +3. **Reload Nginx** to apply changes: + +```bash +sudo systemctl reload nginx +``` + +#### Blocking User-Agent in HAProxy + +For HAProxy, you can use ACLs to block requests based on the User-Agent string. + +1. **Edit the HAProxy configuration file** (usually located at `/etc/haproxy/haproxy.cfg`): + +```haproxy +frontend http_in +bind *:80 +acl bad_user_agent hdr_sub(User-Agent) -i cyber-circle-creator +http-request deny if bad_user_agent +``` + +This configuration will deny any HTTP requests with a User-Agent containing `cyber-circle-creator`. + +2. **Restart HAProxy** to apply changes: + +```bash +sudo systemctl restart haproxy +``` + + +### Public API Restrictions + +The tool fetches data using public APIs defined in Fediverse node software. Some potential methods to restrict access include: + +1. **Rate Limiting**: Implement rate limiting on the APIs to reduce the efficiency of the tool in gathering large amounts of data. + +2. **Access Control**: Configure the instance to restrict API access to authenticated users or specific IP addresses. + +3. **API Configuration**: Refer to the specific documentation for the Fediverse software running on your instance. There might be built-in options to customize which public data API endpoints are available or to add additional layers of authentication. + +### Important Note on Request Origin + +The API requests made by the Cyber Circle Creator are not sent directly from a centralized server like `ccc.cyber.to`. Instead, they are initiated by the users who visit the webpage using the tool. This means that simply blocking the server will not prevent the requests, as they originate from the users' browsers. Therefore, focusing on tactics like User-Agent blocking and API configuration will be more effective. + +## Further Information + +For detailed instructions about configuring these settings and further possibilities for securing your instance, consult the documentation related to your specific Fediverse software (e.g., Mastodon, Misskey, Pleroma). Administrator guides generally include essential best practices for enhancing privacy and security on an instance-wide level. \ No newline at end of file