urlhaus-filter/README.md

44 lines
1.7 KiB
Markdown

# URLhaus Malicious URL Blocklist
This [uBO](https://github.com/gorhill/uBlock/)-compatible filter list is based on the database dump (CSV) of Abuse.sh [URLhaus](https://urlhaus.abuse.ch/).
## Subscribe
Filter is updated once a day.
Import the following URL into uBO to subcribe:
https://gitlab.com/curben/urlhaus/raw/master/urlhaus-filter.txt
## Description
Following URL categories are removed from the database dump:
- Offline URL
- Well-known host ([top-1m.txt](top-1m.txt)) or false positives ([exclude.txt](exclude.txt))
Database dump is saved as [URLhaus.csv](URLhaus.csv), processed by [script.sh](script.sh) and output as [urlhaus-filter.txt](urlhaus-filter.txt).
## Note
Please report any false positive.
This filter **only** accepts malware URLs from [URLhaus](https://urlhaus.abuse.ch/).
Please report malware URL to the upstream maintainer through https://urlhaus.abuse.ch/api/#submit.
This repo is not endorsed by Abuse.sh.
## FAQ
- Can you add this *very-bad-url.com* to the filter?
+ No, please report to the [upstream](https://urlhaus.abuse.ch/api/#submit).
- Why don't you use the URLhaus "Plain-Text URL List"?
+ It doesn't show the status (online/offline) of a URL.
- Why do you need to clone the repo again in your CI? I thought CI already fetch the repo by default?
+ GitLab Runner clone/fetch the repo using HTTPS method by default ([log](https://gitlab.com/curben/urlhaus/-/jobs/105979394)). This method requires deploy *token* which is *read-only* (cannot push).
+ Deploy *key* has write access but cannot be used with the HTTPS method, hence, the workaround to clone using SSH.
+ See issue [#20567](https://gitlab.com/gitlab-org/gitlab-ce/issues/20567) and [#20845](https://gitlab.com/gitlab-org/gitlab-ce/issues/20845).