For a security middleware for web applications, the strongest matches are spring-projects/spring-security (Spring Security is a comprehensive Java framework that provides), helmetjs/helmet (Helmet is a specialized middleware library for Express) and kickstarter/rack-attack (This is a Rack-based middleware component that provides essential). authelia/authelia and casbin/casbin round out the shortlist. Each is ranked by relevance to your query, popularity and recent activity.
Find the best web security middleware for your stack. We compare top-rated GitHub repositories by activity and features to help you pick the right one.
Spring Security is a comprehensive security framework for Java applications that provides authentication and authorization for both web and non-web environments. It functions as an implementation of authentication and authorization logic integrated with the Java runtime environment to protect sensitive resources from unauthorized access. The framework includes toolkits for implementing OpenID Connect and OAuth 2.0 authorization servers and clients, as well as tools for integrating SAML 2.0 identity providers to enable cross-domain single sign-on. It utilizes a role-based access control system
Spring Security is a comprehensive Java framework that provides a robust security filter chain for implementing HTTP headers, request filtering, authentication, authorization, and protection against common web vulnerabilities.
Helmet is an Express.js middleware library that sets a comprehensive collection of HTTP security headers to protect web applications from common vulnerabilities like cross-site scripting and clickjacking. At its core, it provides a configurable middleware system for injecting security headers into HTTP responses, with a primary focus on Content Security Policy configuration through custom directives and report-only testing modes. The library distinguishes itself through a flexible configuration surface that supports method chaining for composing multiple headers in a single expression, as wel
Helmet is a specialized middleware library for Express.js that directly addresses the core requirement of implementing HTTP security headers to protect web applications from common vulnerabilities.
This project is a Rack middleware rate limiter and application layer firewall for Ruby web applications. It serves as a security layer to throttle and block HTTP requests based on custom rules, protecting web servers from abusive traffic. The system provides capabilities for IP blocking and the banning of malicious clients. It implements request safelisting to bypass restrictions for trusted users and uses time-windowed rate limiting to control request frequency. The middleware covers traffic management and monitoring, including the ability to track request patterns and instrument traffic ev
This is a Rack-based middleware component that provides essential request filtering, rate limiting, and abuse prevention for Ruby web applications, fitting the category of security middleware even though it focuses primarily on traffic-based protection rather than the full suite of security headers.
Authelia is a centralized identity and access management server designed to secure web applications through unified authentication and authorization. It functions as an identity authority that enables single sign-on across diverse platforms, allowing users to access multiple services with a single set of credentials. By acting as a standards-compliant provider, it facilitates secure identity propagation and token issuance for client applications. The platform distinguishes itself through its ability to integrate directly with web gateways as a reverse proxy authentication middleware, intercep
Authelia acts as a specialized authentication and authorization middleware that integrates with reverse proxies to secure web applications, directly addressing the identity and access management requirements of your search.
Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig
Casbin is a specialized authorization library that provides a robust, model-based engine for enforcing access control, which directly addresses the authentication and authorization requirements of your security middleware stack.
Kraken-js is a configuration-driven server manager and application framework for bootstrapping Node.js web applications. It provides a system for defining server behavior, middleware chains, and environment settings through JSON files rather than manual code. The framework focuses on separating application logic from infrastructure setup by resolving and injecting middleware into the request chain based on external configuration. It utilizes environment-based configuration merging to override baseline settings with context-specific values during startup. The system covers server security thr
Kraken-js is a configuration-driven framework for Node.js that includes built-in middleware for managing security headers and application-level security configurations, making it a suitable tool for securing web application infrastructure.
Authority is an authorization framework for Ruby on Rails applications that manages user permissions and access control policies. It provides a system for encapsulating complex security logic into dedicated classes, separating these concerns from core business models. The library enforces security rules by intercepting web requests at the controller level and validating actions against defined policies. It utilizes convention-based mapping to automatically associate models with their corresponding authorization classes, supporting both global checks and instance-aware validation for specific
This library provides authorization and access control middleware for Ruby on Rails, directly addressing the authentication and authorization requirements of web application security.
Hono is a lightweight web framework built on Web Standard APIs that executes across JavaScript runtimes including Cloudflare Workers, Deno, Bun, and Node.js.
Hono is a web framework that includes built-in middleware for security headers, CORS management, rate limiting, and authentication, making it a capable tool for securing web applications despite being a broader framework rather than a dedicated security-only library.
Coraza is a web application firewall engine designed to filter malicious HTTP traffic using standardized security directives. It functions as a library for embedding request filtering and security transaction processing directly into web servers or reverse proxies. The engine implements the ModSecurity WAF engine and the OWASP Core Rule Set to identify and block common web attack patterns. It utilizes a library-first integration model, allowing security capabilities to be embedded into a host process as a dependency rather than running as a standalone proxy. The project covers rule-based pat
Coraza is a library-first web application firewall engine that provides robust request filtering, traffic inspection, and vulnerability protection by implementing the OWASP Core Rule Set, making it a highly effective middleware component for securing web applications.
This project provides a comprehensive security framework for PHP applications, designed to manage the entire lifecycle of user authentication and authorization. It functions as a middleware layer that intercepts incoming HTTP requests to enforce security policies, resolve user identities, and maintain persistent sessions across web interactions. The framework distinguishes itself through a modular, event-driven architecture that integrates directly into the application lifecycle. It supports diverse authentication methods, including standard form-based logins, API bearer tokens, and federated
This component provides the essential HTTP-level security infrastructure for the Symfony framework, including authentication, authorization, and firewall-based request filtering, making it a direct fit for securing web applications.
This project is a comprehensive security framework for PHP applications, providing a modular system for verifying user identities and enforcing access control policies. It functions as a security middleware that decouples authentication and authorization logic from core application code, allowing for centralized management of user sessions, credentials, and resource access. The framework distinguishes itself through a highly decoupled architecture that separates identity verification from storage mechanisms. It utilizes a strategy-based approach to authentication, enabling developers to imple
This component provides a comprehensive security framework for PHP applications, handling authentication, authorization, and firewall-based request filtering to protect against common web vulnerabilities.
Collection of PSR-15 middlewares officially developed by Middlewares organization
This collection provides a suite of modular PSR-15 compliant components that implement essential security features like HTTP headers, rate limiting, and CORS management, making it a direct fit for securing web applications.
Archived Middleware for security and authorization of web apps. Project moved to https://github.com/aspnet/AspNetCore
This repository provides the foundational middleware for security, authorization, and authentication within the ASP.NET ecosystem, directly addressing the need for request filtering and security implementation in web applications.
🛡️ NIS2 Compliance Middleware for Express.js - Forensic logging, active defense, and security headers
This middleware provides essential security headers and forensic logging for Express.js applications, serving as a targeted component for implementing web application security within that specific framework.
HTTP middleware for Go that facilitates some quick security wins.
This Go middleware provides essential HTTP security headers and configuration options to help protect web applications, fitting the category of security-focused middleware components.
Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Django, Flask, Shiny, and more).
This library provides essential HTTP security headers and middleware integration for Python web frameworks, serving as a focused component for implementing web application security.
| Repository | Stars | Sprache | Lizenz | Letzter Push |
|---|---|---|---|---|
| spring-projects/spring-security | 9.5K | Java | Apache-2.0 | |
| helmetjs/helmet | 10.7K | TypeScript | MIT | |
| kickstarter/rack-attack | 5.7K | Ruby | MIT | |
| authelia/authelia | 26.8K | Go | apache-2.0 | |
| casbin/casbin | 19.8K | Go | apache-2.0 | |
| krakenjs/kraken-js | 4.9K | JavaScript | NOASSERTION | |
| nathanl/authority | 1.2K | Ruby | MIT | |
| honojs/hono | 31K | TypeScript | MIT | |
| corazawaf/coraza | 3.3K | Go | apache-2.0 | |
| symfony/security-http | 1.7K | PHP | MIT |