How Anubis Works: Fighting Bots with Proof-of-Work

The internet today is crawling with bots—some helpful, most not. Whether it’s AI scrapers harvesting public data or malicious bots launching DDoS attacks, websites are under constant pressure to defend their content. Enter Anubis: a clever, open-source web firewall that uses Proof-of-Work (PoW) to filter out bots while letting real users through with minimal friction.

Let’s unpack how it works—and how to deploy it with Docker and Nginx.

What Is Anubis?

At its core, Anubis is a PoW gateway. It sits in front of your website and challenges each visitor with a lightweight computational puzzle before letting them through.

The concept is simple but effective: bots that don’t execute JavaScript (like most scrapers or AI crawlers) can’t pass the challenge. Even those that do will find it expensive to scale.

How It Works (Step by Step)

Here’s what happens when someone visits a site protected by Anubis:

1. User requests a page.
2. Anubis intercepts the request as a reverse proxy.
3. It serves a small HTML page with embedded JavaScript containing a Proof-of-Work challenge.
4. Browser solves the challenge in a second or two, generating a token.
5. The browser resubmits the request with the token, and Anubis lets them through.

This slows down bots significantly while being nearly invisible to human users.

Why It Works

Bots and crawlers typically skip JavaScript. That means:

• They can’t pass the PoW challenge.
• Even if they try, solving the challenge repeatedly becomes computationally expensive.

For humans: it’s just a couple of seconds. For bots: it’s a serious headache.

Real-World Adoption

Anubis is already being used by high-traffic, open-source projects like:

• Arch Wiki
• GNOME
• WineHQ
• FFmpeg
• UNESCO

These communities needed something robust, lightweight, and self-hosted. Anubis delivered.

🚀 Quick Start with Docker

Anubis is available as a Docker image at:

ghcr.io/techarohq/anubis

🔖 Available Tags

⚙️ Docker Compose Example

Here’s a quick way to run Anubis using Docker Compose:

services:
  anubis:
    image: ghcr.io/techarohq/anubis:latest
    container_name: anubis
    restart: unless-stopped
    ports:
      - "8080:8080" # Anubis listens on port 8080 by default
    volumes:
      - ./config:/etc/anubis
    environment:
      - ANUBIS_CONFIG=/etc/anubis/anubis.toml
    user: "1000:1000"

🔐 Important: Make sure the mounted ./config directory is owned by UID/GID 1000, or is writable by that user.

🧠 System Requirements

Anubis is very efficient:

• ~128MiB RAM is enough for many use cases.
• Ideal for HTTP traffic.
• May not be suited for long-lived connections like WebSockets (TBD in real-world use).

🌐 Nginx Reverse Proxy Config

Once Anubis is running, you’ll want to route traffic through it. Here’s a basic Nginx config to pass requests through Anubis and then upstream to your real site:

server {
    listen 80;
    server_name yoursite.com;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

You can also put Anubis in front of another reverse proxy (like Nginx ➜ Anubis ➜ App), depending on your network layout.

🧰 Why Choose Anubis?

• ✅ Open-source and fully self-hostable
• ✅ No CAPTCHAs, no third-party cloud services
• ✅ Blocks scrapers and AI bots reliably
• ✅ Works great with Docker, Nginx, and minimal hardware
• ✅ Community-tested and battle-hardened

✅ Final Thoughts

In an age of aggressive AI scraping and relentless bots, Anubis offers a refreshingly simple and effective shield. By making abuse computationally expensive and annoying for bots—but nearly invisible to humans—Anubis flips the script and puts the burden back where it belongs.

You can try a live demo at anubis.techaro.lol or start deploying right away using the official GitHub repo.