feat: Make it so that the security.txt endpoint bypasses antibot checks

src/common/core/order.json

@@ -37,6 +37,7 @@
     "limit",
     "misc",
     "cors",
+    "securitytxt",
     "antibot"
   ],
   "headers": [

src/common/core/securitytxt/securitytxt.lua

@@ -4,6 +4,7 @@ local utils = require "bunkerweb.utils"
 
 local ngx = ngx
 local ERR = ngx.ERR
+local OK = ngx.OK
 local get_phase = ngx.get_phase
 local subsystem = ngx.config.subsystem
 local get_multiple_variables = utils.get_multiple_variables
@@ -109,6 +110,13 @@ function securitytxt:init()
 	return self:ret(true, "successfully loaded security policies")
 end
 
+function securitytxt:access()
+	if self.ctx.bw.uri ~= self.variables["SECURITYTXT_URI"] and self.ctx.bw.uri ~= "/security.txt" then
+		return self:ret(true, "success")
+	end
+	return self:ret(true, "security.txt requested", OK)
+end
+
 function securitytxt:content()
 	-- Check if content is needed
 	if self.variables["USE_SECURITYTXT"] == "no" then
@@ -126,7 +134,6 @@ function securitytxt:content()
 	end
 
 	local data = {
-		server_name = self.ctx.bw.server_name,
 		scheme = self.ctx.bw.scheme,
 	}
 

src/common/core/securitytxt/templates/security.txt

@@ -14,7 +14,7 @@ Preferred-Languages: {*preferred_lang*}
 Canonical: {*ca*}
   {% end %}
 {% else %}
-Canonical: {*scheme*}://{*server_name*}{*uri*}
+Canonical: https://{*server_name*}{*uri*}
 {% end %}
 {% for _, p in ipairs(policy) do %}
 Policy: {*p*}