Anubis: Open-source web AI firewall to protect from scraper bots
Anubis is an open-source tool designed to protect websites from automated scraping and abusive traffic by adding computational friction before a request is served. Maintained by TecharoHQ, the project targets a growing problem for site operators who want to keep content accessible to humans while limiting large scale automated collection.
At its core, Anubis acts as a gatekeeper that sits in front of a web service. When a client connects, the tool can require the browser to complete a small proof of work task before access is granted. The idea borrows from older anti spam concepts, where sending a message carried a minor computational cost that was trivial for individuals and expensive at scale. In the web context, this approach raises the cost of bulk scraping while remaining manageable for normal visitors.
The challenge is delivered through JavaScript and runs in the client’s browser. Once completed, the browser receives a token that allows subsequent requests to pass through without repeating the work each time. Site operators can tune how demanding the challenge is, which allows them to balance protection with usability based on their own traffic patterns and risk tolerance.
Anubis is positioned as a reverse proxy. It sits between users and an origin service, forwarding requests once the challenge conditions are met. This deployment model makes it possible to add Anubis without rewriting an existing application. Configuration is handled through simple files that define how challenges are issued and which routes or clients receive them.
The project documentation emphasizes control and transparency. Operators can choose when challenges apply and when traffic should pass through without interruption. This supports common operational needs such as allowing trusted services, health checks, or internal users to connect without extra steps. Logging and metrics provide visibility into how often challenges are triggered and how clients respond.
TecharoHQ created Anubis in response to sustained automated scraping that placed heavy load on community run sites. The maintainers describe the tool as a practical response to a specific operational problem, not a general purpose security platform. That focus shows in the design, which stays narrow and avoids bundling unrelated features.
From a security perspective, Anubis does not attempt to identify or classify bots through behavioral analysis or reputation feeds. Its protection model relies on economics. Each request carries a cost, and large scale automation becomes expensive over time. This makes the tool predictable and easier to reason about for administrators who want simple controls.
Anubis is available for free on GitHub.
Must read:
- 40 open-source tools redefining how security teams secure the stack
- OpenGuardrails: A new open-source model aims to make AI safer for real-world use
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!