26 dépôts
Mechanisms to inspect and filter incoming HTTP requests to block malicious methods or unauthorized access.
Distinct from Security Headers: Focuses on active request filtering and method blocking, whereas the candidates focus on response headers
Explore 26 awesome GitHub repositories matching security & cryptography · HTTP Request Filtering. Refine with filters or upvote what's useful.
This project is a PHP e-commerce platform and enterprise storefront framework designed for building and managing online stores. It functions as a modular PHP application and headless commerce engine, separating e-commerce business logic from frontend presentation to support multiple storefronts and devices. The system is built on a modular architecture that allows developers to add custom business logic and third-party integrations. It utilizes a service-contract-based API to ensure stability across module implementations and employs dependency-injection for object lifecycle management. Core
Filters dangerous HTTP request methods and manages authorization headers to protect against common web attacks.
jwt-auth is a PHP package providing JSON Web Token authentication for Laravel and Lumen applications. It serves as a token provider and stateless session manager, allowing applications to issue and validate signed tokens to manage user identity across network requests. The library implements stateless API security by verifying identity tokens sent in request headers, removing the requirement to store session data on the server. It uses signed tokens to verify user credentials and restrict access to protected resources. The project provides capabilities for user access control, authentication
Provides middleware to filter incoming HTTP requests and validate tokens before allowing access to protected routes.
BunkerWeb is a containerized suite of infrastructure tools that functions as a cloud-native web application firewall and Nginx reverse proxy. It provides a security layer for web applications, combining traffic routing with automated SSL certificate management and a web-based security dashboard for monitoring and configuration. The project distinguishes itself through its deep integration with container orchestrators, serving as a Kubernetes ingress controller that automates security settings and service discovery via container labels. It features a plugin-based extension model and a manageme
Inspects HTTP request and response headers to enforce security policies and rate limits.
Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo
Inspects and filters incoming HTTP requests against security signatures to block malicious traffic in real time.
Grape is a RESTful web service framework for Ruby designed for building structured APIs. It provides a declarative syntax for routing and parameter validation, allowing developers to map HTTP verbs to logic through a domain specific language. The framework is distinguished by its built-in support for service versioning, which can be managed via URL paths, custom headers, or request parameters. It also features a modular architecture that allows large services to be constructed by nesting smaller API definitions. The project covers comprehensive API lifecycle capabilities, including schema-dr
Includes mechanisms to intercept and filter incoming HTTP requests for authentication and logging purposes.
Spark is a lightweight Java web framework and embedded server designed for building web applications with minimal boilerplate. It functions as an HTTP routing engine that maps URL paths and methods to handler functions, providing a specialized domain specific language for web development in Kotlin. The framework enables the implementation of REST APIs and web services through the definition of HTTP routes. It supports the extraction of dynamic path parameters and the transformation of response data into formats such as JSON. Additional capabilities include the ability to serve static files a
Inspects and filters incoming HTTP requests to perform security checks before reaching handlers.
ModSecurity is an open-source web application firewall and security engine. It functions as an HTTP traffic inspector and intrusion detection system that filters incoming web requests and responses against a set of security rules to block threats and prevent attacks on web servers. The project provides a modular framework for implementing restrictive security policies and custom filtering logic. It identifies and blocks common injection attacks, such as cross-site scripting and SQL injection, while hardening web applications to reduce their overall attack surface. Its broader capabilities in
Inspects and filters incoming HTTP requests against predefined security patterns to block malicious traffic.
This project is a Node.js HTTP proxy server that enables cross-domain API requests from browsers by injecting Cross-Origin Resource Sharing headers into HTTP responses. It functions as a reverse proxy gateway and header manipulator, allowing for the interception and modification of traffic between a client and a target server. The proxy provides mechanisms to bypass browser same-origin policy restrictions through automated header injection. It includes capabilities for origin-based rate limiting and request interception to control traffic flow and prevent unauthorized usage of the proxy servi
Inspects and filters incoming HTTP requests to validate origins and headers before forwarding traffic.
uBlock is a browser content blocker and web privacy tool designed to prevent advertisements and tracking scripts from loading. It functions as a network request filter, a DOM element hider, and a script execution controller to manage how web pages load and render. The project distinguishes itself through a combination of network-level request interception and cosmetic filtering. It uses declarative filter lists and pattern-based matching to block trackers and pop-ups, while employing CSS selectors and wildcard entity matching to remove visual components across multiple regional domain variant
Inspects and filters HTTP requests using predefined rule sets to block trackers and ads.
Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It provides a centralized system for routing, securing, and optimizing traffic directed toward large language models, AI agents, and microservice architectures. The project distinguishes itself through deep AI orchestration, including the ability to host and manage Model Context Protocol servers that transform REST APIs into tools for AI agents. It features specialized AI infrastructure for model request proxying, protocol translation across multiple providers, and semantic-based c
Blocks suspicious traffic using a rule-based engine integrated with the OWASP Core Rule Set.
Proxyman is a cross-platform HTTP debugging proxy that captures, inspects, and modifies HTTP, HTTPS, and WebSocket traffic. It functions as a man-in-the-middle proxy, decrypting SSL/TLS traffic to allow real-time inspection and modification of encrypted requests and responses. The tool is designed for debugging web and mobile applications, with capabilities for API mocking and simulation, scriptable traffic modification, and team collaboration on network logs. What distinguishes Proxyman is its deep integration with mobile and cross-platform development workflows. It provides automated certif
Filters requests by URL, headers, method, status code, comment, or color.
RuoYi-Vue3 is a full-stack administrative dashboard and permission management framework built with SpringBoot and Vue 3. It serves as an enterprise management backend providing a decoupled architecture that separates the API from the user interface. The project features a low-code CRUD generator that automatically produces frontend and backend boilerplate code and API documentation from database tables. It implements a comprehensive role-based access control system for managing users, departments, and granular permissions at the menu and button levels, secured by stateless JSON Web Token auth
Processes incoming HTTP requests through filter chains for security and input sanitization.
laravel-cors est un paquet middleware pour les applications Laravel qui gère le partage de ressources entre origines (CORS). Il fonctionne comme une couche de sécurité HTTP qui valide les origines des requêtes et injecte les en-têtes nécessaires dans les réponses de l'application pour contrôler la manière dont les domaines externes accèdent à une API backend. Le projet fournit un moteur de politique piloté par la configuration pour faire correspondre les origines et méthodes des requêtes entrantes avec des valeurs autorisées. Cela inclut la prise en charge de la correspondance d'origine par wildcard pour autoriser plusieurs domaines de confiance via une règle unique et la gestion automatique des requêtes OPTIONS de pré-vol (pre-flight). Le système s'intègre dans le pipeline requête-réponse pour fournir un contrôle d'accès API global et une configuration de sécurité du navigateur. Il gère l'injection d'en-têtes de sécurité pour résoudre les erreurs de navigateur liées aux origines croisées et assurer une communication sécurisée entre un serveur Laravel et des frontends hébergés sur des domaines différents.
Acts as a security layer that filters incoming requests by validating origins and handling OPTIONS requests.
VCR is a Ruby library that records and replays HTTP interactions during test runs, storing them in serialized cassette files. It captures real HTTP requests and responses, then serves those recorded responses instead of making actual network calls, enabling fast and deterministic test suites that work offline. The library provides configurable request matching, allowing comparisons based on method, URI, host, path, body, or headers to find the correct recorded response. It supports scheduled cassette re-recording to automatically refresh stored interactions at a configurable interval, keeping
Prevents any HTTP request not explicitly allowed or recorded in a cassette from being executed.
CodeIgniter is a PHP web framework built on the Model-View-Controller pattern, designed for building full-stack web applications. It provides a lightweight toolkit with minimal configuration, organizing application logic into controllers, models, and views for clean separation of concerns. The framework includes a fluent query builder for constructing SQL statements programmatically, PSR-4 autoloading with namespace mapping, and a service-based dependency injection container for managing shared class instances. The framework distinguishes itself through its comprehensive set of built-in tools
Runs filter classes only on requests using a specified HTTP verb such as POST or GET.
Helicone is an AI gateway and observability platform designed to intercept, manage, and monitor interactions with large language models. By acting as a reverse-proxy, it provides a centralized layer for routing requests across multiple AI providers, allowing developers to maintain consistent application logic while gaining deep visibility into model performance, usage, and costs. The platform distinguishes itself through a robust suite of traffic management and prompt engineering tools. It enables policy-driven control, including automatic failover between providers, rate limiting, and edge-b
Filters logged requests by specific custom metadata tags to isolate usage patterns for individual users or sessions.
Ce projet est un framework d'intégration qui amorce les services d'appel de procédure à distance (RPC) Apache Dubbo au sein des applications Spring Boot. Il sert de framework de communication pour microservices qui permet l'implémentation de services RPC, la découverte de services et la gouvernance distribuée via une configuration automatisée. Le projet se distingue en fournissant un pont RPC multi-langage, permettant aux services écrits dans différents langages de communiquer via des standards tels que gRPC et Protobuf. Il permet en outre l'exposition de microservices backend en tant qu'endpoints REST utilisant le protocole Triple pour un accès direct depuis les navigateurs web et les clients tiers. Le framework couvre un large éventail de capacités, notamment la gouvernance de services distribués pour le routage du trafic et la limitation de débit, la gestion centralisée de la configuration et l'observabilité des microservices pour le traçage des requêtes et la surveillance de la santé. Il prend également en charge diverses couches de transport et intégrations de stockage pour Redis et Memcached. Le projet fournit des starters et des configurations pour automatiser l'amorçage de l'infrastructure RPC au sein de l'environnement Spring Boot.
Executes custom request lifecycle logic using Servlet Filters and specialized REST filter extensions.
GreenTunnel est un utilitaire réseau conçu pour contourner l'inspection profonde de paquets (DPI) et la censure internet. Il fonctionne comme un outil qui modifie les paquets réseau sortants et chiffre les recherches DNS pour empêcher les fournisseurs d'accès internet et les systèmes de filtrage réseau de détecter et bloquer des destinations web spécifiques. Le projet implémente un proxy de fragmentation HTTP et un fragmenteur de handshake HTTPS. Ces composants divisent les en-têtes de requête et les enregistrements de handshake TLS sur plusieurs segments pour dissimuler les noms d'hôtes et les noms de serveurs de destination aux systèmes d'inspection. Le logiciel inclut également un client DNS-over-HTTPS pour récupérer les adresses IP en utilisant des protocoles chiffrés, empêchant l'interception ou l'usurpation des recherches DNS standard. Les capacités supplémentaires couvrent la manipulation de paquets TCP et la fragmentation de segments au niveau de la couche transport pour échapper à l'inspection du trafic.
Splits HTTP requests across segments to hide host headers from network inspection systems.
Naxsi est un pare-feu d'application web pour les serveurs NGINX conçu pour protéger les applications web contre les attaques en inspectant le trafic HTTP à la recherche de modèles malveillants et de signatures de vulnérabilité. Il fonctionne comme un filtre de signature de vulnérabilité qui compare les requêtes entrantes aux marqueurs connus pour des menaces telles que l'injection SQL et le cross-site scripting (XSS). Le système inclut un système d'apprentissage et un utilitaire de génération automatique de règles pour réduire les faux positifs. Il analyse le comportement du site web au fil du temps pour créer des listes blanches de trafic et des exceptions de sécurité pour les modèles de trafic légitimes. Le projet fournit un analyseur d'événements de sécurité qui importe les journaux de sécurité dans une base de données pour effectuer une analyse des tendances. Cela permet l'identification des hôtes offensants et le calcul des ratios d'événements via des résumés pilotés par base de données.
Evaluates each HTTP request independently against security policies without maintaining session state between packets.
SpoofDPI est une application réseau et un serveur proxy local conçu comme un outil anti-censure. Il fonctionne comme un proxy de contournement d'inspection profonde de paquets (DPI) qui fragmente et modifie les requêtes HTTP sortantes pour échapper aux filtres réseau et à la censure. Le projet y parvient en implémentant la fragmentation des requêtes HTTP, en divisant les requêtes uniques en plusieurs paquets plus petits pour confondre les pare-feu. Il effectue également une manipulation de flux TCP et une obfuscation du trafic réseau pour masquer la nature des requêtes web et contourner les blocages de contenu régionaux. Le système inclut des capacités de transfert réseau transparent et de gestion de configuration basée sur des fichiers pour coordonner la manière dont le trafic réseau est traité.
Bypasses deep packet inspection by splitting HTTP requests across multiple network segments.