30 open-source projects similar to rack/rack-attack, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Rack Attack alternative.
This project is a Rack middleware rate limiter and application layer firewall for Ruby web applications. It serves as a security layer to throttle and block HTTP requests based on custom rules, protecting web servers from abusive traffic. The system provides capabilities for IP blocking and the banning of malicious clients. It implements request safelisting to bypass restrictions for trusted users and uses time-windowed rate limiting to control request frequency. The middleware covers traffic management and monitoring, including the ability to track request patterns and instrument traffic ev
This project is a collection of configuration files and scripts serving as a bot blocker and security middleware for Nginx. It functions as an automated blocklist manager that filters malicious user-agents and IP addresses to mitigate vulnerability scanning, login brute-forcing, and DDoS attacks. The system distinguishes itself by automating the maintenance of security rules, downloading updated bot definitions and reloading the server on a schedule. It also includes a search engine spam filter capable of generating robots.txt files and link disavow lists to prevent malicious domains from imp
ngxluawaf is an OpenResty web application firewall that uses Lua to filter malicious HTTP requests and block web attacks. It operates as a programmable request filter and IP access controller for Nginx, providing a security layer to identify and block unauthorized scanners, fuzzing attempts, and abnormal network requests. The project includes capabilities for HTTP layer 7 DDoS mitigation by restricting request frequency per IP address. It further secures the environment by restricting access to sensitive archives and blocking script execution in upload directories to prevent data leakage.
Blog.Core is a production-ready backend boilerplate for building enterprise APIs and microservices using ASP.NET Core. It provides a foundational infrastructure for distributed systems, including tools for database-first scaffolding and the implementation of multi-tenant API frameworks. The project distinguishes itself through automated data layer generation, which produces entity models and repository layers directly from database schemas. It implements a centralized identity management system using standard identity server protocols to handle authentication and authorization across multiple
This project is a collection of technical guides and configuration patterns for tuning Nginx server performance, managing traffic flow, and implementing protocol-aware routing. It provides a curated set of parameters and best practices to optimize request handling, memory usage, and CPU efficiency. The project includes a method for sharing a single port between different protocols by inspecting initial packets to route traffic to the correct backend. It also provides configuration patterns for implementing request rate limiting and range request restrictions to mitigate denial of service atta
The agent-governance-toolkit is a framework for enforcing security policies, managing zero-trust identities, and sandboxing the execution of autonomous AI agents. It provides a governance layer designed to control the behavior of agents through the use of a security policy engine, cryptographic identity management, and a runtime execution sandbox. The project distinguishes itself through a multi-tier privilege ring system and a cryptographic identity mesh that secures communication between autonomous entities. It implements a decay-based trust scoring mechanism to track entity reliability and
go-grpc-middleware is a gRPC middleware framework for Go designed to handle cross-cutting concerns, reliability, and observability. It provides a collection of interceptors that can be used to modify inbound and outbound calls to enforce system-wide policies. The framework distinguishes itself through specialized toolkits for service reliability, including automatic retry logic for failed client calls and panic recovery mechanisms that translate runtime crashes into standard error responses. It also features an observability suite for collecting performance metrics and recording request activ
ejabberd is a multi-protocol communication gateway and scalable server that implements XMPP for instant messaging and presence. It serves as a federated messaging platform, enabling interoperable communication and user discovery between different remote servers. The project functions as an MQTT message broker for lightweight IoT device communication and a SIP signaling server for managing voice and multimedia signaling traffic. It allows for the hosting of multiple domains on a single instance using virtual hosting to isolate configurations and prevent username conflicts. The system provides
Soketi is a high-performance WebSocket server and real-time event broker that implements the Pusher protocol. It functions as a multi-tenant WebSocket gateway, allowing multiple isolated applications to manage persistent client connections and broadcast events across public, private, and presence channels. The project is distinguished by its distributed architecture, using pub-sub state synchronization via Redis or NATS to scale horizontally across multiple server instances. It features symmetric payload encryption for private channels, ensuring the server acts as a relay without accessing pl
PowerDNS is DNS server software used for serving authoritative and recursive DNS records. It functions as both an authoritative DNS server, providing definitive records for specific domains from trusted databases, and a recursive DNS resolver that finds answers for any domain by iteratively querying external servers. The project distinguishes itself through a backend-abstraction layer that decouples server logic from data storage, allowing records to be served from SQL databases, zone files, and external APIs. It includes a geo-aware DNS router to direct users to the nearest server based on t
RisingWave is a cloud-native streaming database and real-time analytics engine that uses standard SQL to process continuous data streams. It functions as a streaming data lakehouse, combining the capabilities of a streaming SQL database with a platform that integrates streaming ingestion with open table formats. The system is distinguished by its use of the PostgreSQL wire protocol, allowing it to integrate with existing SQL tools and drivers. It employs a decoupled compute and storage architecture, persisting streaming state and materialized views in cloud object storage to enable independen
One is a full-stack, cross-platform React framework and multi-target rendering engine designed to build web and native applications from a single codebase. It utilizes a Vite-based build pipeline to manage shared components while providing a type-safe file-system router that automatically generates navigation definitions. The framework distinguishes itself by supporting a hybrid rendering strategy, allowing individual routes to be configured as static sites, server-rendered pages, or single-page applications. It employs platform-specific logic resolution and a shared Vite plugin to coordinate
Orleans is a .NET distributed actor framework designed for building scalable, cloud-native applications. It implements a virtual actor model where entities with stable identities manage their own state and lifecycle across a cluster of servers. The framework provides a distributed state management system with ACID transaction support and a distributed pub/sub streaming engine for real-time data processing. It distinguishes itself through location-transparent routing, automatic actor activation and deactivation, and elastic cluster scaling that redistributes workloads during node failures. Th
Airweave is a unified AI knowledge base platform that syncs data from external APIs into a searchable layer for retrieval-augmented generation. It provides a pre-built data connector library and a framework for building custom connectors, enabling the extraction, transformation, and synchronization of structured and unstructured data from SaaS applications. The platform includes a hybrid vector retrieval system that combines semantic, neural, and keyword search strategies to deliver grounded context for AI agents. The platform distinguishes itself through an agentic search engine that iterati
Pyramid is a Python web framework and WSGI toolkit designed for building web applications. It functions as a URL routing engine that maps incoming HTTP requests to specific view callables using both pattern-based routing and hierarchical resource tree traversal. The framework is distinguished by its hybrid dispatch system, allowing developers to combine regular expression URL matching with the ability to resolve requests by navigating a tree of nested objects. It implements a flexible component architecture that supports application registry management, deferred configuration execution, and t
jsproxy is a web traffic proxy designed to route requests through a ServiceWorker to bypass network restrictions while minimizing server-side processing overhead. It focuses on browser API virtualization, rewriting URL-related functions and properties so that proxied pages behave as if they are running on their original domains. The project utilizes a decoupled architecture that separates the static user interface from the data forwarding backend, allowing for deployment across multiple providers. It includes weight-based load balancing to distribute traffic across multiple proxy nodes and im
This project is a privacy-focused browser extension designed to remove tracking codes from web addresses, block ETag monitoring, and bypass intermediary redirection services. It functions as an anti-tracking tool that strips identifiers from URLs before pages load and prevents the use of tracking scripts to protect user privacy. The extension includes a redirector that sends users directly to final destination URLs, bypassing intermediary tracking services. It also prevents search engines from inserting tracking codes into result links and provides utilities for cleaning tracking identifiers
Telescope is a debugging dashboard and development tool for Laravel applications that provides a web interface for monitoring requests, exceptions, database queries, and logs. It functions as a PHP application monitor and diagnostic assistant, tracing the execution lifecycle of the system to identify and resolve bugs. The tool distinguishes itself by offering specialized profilers for SQL queries and Redis commands, alongside an in-browser preview system for outgoing emails. It also includes a dedicated auditing system for console commands and authorization gate checks to verify permission lo
jscamp is a full-stack web development and education project focused on mastering JavaScript, TypeScript, and AI integration. It provides a structured curriculum and interactive exercises covering language fundamentals, frontend engineering, and backend API development. The project distinguishes itself through the implementation of autonomous AI agents capable of complex task automation, such as modifying files, managing servers, and executing API calls. It includes advanced AI development tools for conversational querying, real-time code suggestions, and automated repository analysis to gene
express-jwt is a middleware for Express applications that validates JSON Web Tokens to secure routes and authenticate requests. It functions as a security guard that verifies token signatures and expiration dates before allowing access to backend endpoints. The project provides a request credential extractor to retrieve tokens from headers, cookies, or query parameters. It supports dynamic key retrieval to fetch the necessary secrets or public keys at runtime based on request attributes or token headers. The middleware handles JSON Web Token validation, including token expiration handling an
AnyProxy is an HTTP/HTTPS proxy framework built on Node.js that intercepts and modifies traffic through a plugin system. It functions as a configurable proxy server where user-defined plugins inspect or alter requests and responses as they pass through the proxy. The framework distinguishes itself through a middleware stack that processes requests sequentially, enabling modular traffic transformation and logging. It handles HTTPS interception by dynamically generating and installing root certificates for transparent decryption, and routes traffic based on configurable rules matching request p
Django Silk is a profiling and inspection toolset for Django applications designed to capture SQL queries, HTTP request data, and execution timing for diagnostics. It functions as a performance profiler and debugging middleware that records runtime execution data to provide a comprehensive overview of application behavior. The system includes a database profiler for identifying slow operations through detailed timing data and an HTTP request inspector for reviewing headers, bodies, and network traffic via a web interface. It allows for the reproduction of specific server requests through gene
ShareJS is a collaborative document database and synchronization engine designed for real-time shared state management. It provides an operational transform sync engine to enable simultaneous editing of plain-text and JSON data, and a RESTful synchronization API for managing document states via HTTP. The system features an offline-first data sync layer that queues local modifications while disconnected and automatically pushes edits upon reconnection. It also includes a middleware access control layer that intercepts database requests to enforce security policies and perform request rewriting
PoWFaucet is a blockchain fund management tool and distribution gateway designed to operate as an EVM-compatible crypto faucet. It automates the delivery of native network currencies and ERC20 tokens to users while managing hot wallet liquidity through automated refills from secure vault contracts. The system focuses on sybil resistance by integrating multiple layers of verification. It employs proof of work requirements, captcha challenges, and identity verification via Gitcoin Passport, GitHub, and Zupass zero-knowledge proofs to determine user eligibility and modulate reward amounts. Dist
MQTTnet is a .NET library providing a framework for implementing MQTT clients and brokers. It includes a broker implementation for hosting a central message hub that routes messages between connected clients and a client library for publishing and subscribing to messages. The project supports both TCP and WebSocket transport layers, enabling secure data traffic through transport layer security. It allows for the development of custom middleware to intercept, transform, or validate messages as they pass through a server. Capability areas include distributed message routing, persistent connect
Headroom is an AI gateway proxy and token optimizer designed to reduce the cost and latency of large language model interactions. It functions as an intermediary that intercepts traffic between clients and providers to apply context compression, request routing, and format translation. The system differentiates itself through a Model Context Protocol server implementation that delivers compression and retrieval tools to compatible AI hosts. It employs a content-aware compression pipeline and tiered importance scoring to trim redundant data from logs and tool outputs while preserving essential
The Swift OpenAPI Generator is a build-time tool that produces type-safe Swift client and server code directly from OpenAPI specification documents. By integrating with build systems through native plugins, it automates the creation of strongly-typed interfaces and protocol stubs that map network operations to native methods, ensuring that application code remains strictly consistent with defined data schemas. The project distinguishes itself through a protocol-oriented architecture that decouples business logic from specific transport implementations. It utilizes a pluggable transport layer
OmniAuth is a rack authentication framework that allows applications to verify user identities through third-party service providers using a single standardized interface. It functions as middleware to separate identity verification from core application logic by intercepting incoming requests. The project employs a strategy-pattern provider model to encapsulate provider-specific logic into interchangeable classes. It provides a custom authentication strategy framework and base classes for building new providers based on industry standards. The framework handles the multi-step authentication
This repository is a collection of implementation patterns, tutorial code, and practical examples for building web applications with the Gin framework in Go. It serves as a guide for learning how to structure Go web servers, specifically focusing on mapping URL paths to handler functions and managing request flow. The project provides demonstrations of middleware implementation for tasks such as authentication, logging, and rate limiting. It also includes reference examples for developing REST APIs, with a focus on structuring data and sending JSON responses to clients.
ModSecurity is an open-source web application firewall and security engine. It functions as an HTTP traffic inspector and intrusion detection system that filters incoming web requests and responses against a set of security rules to block threats and prevent attacks on web servers. The project provides a modular framework for implementing restrictive security policies and custom filtering logic. It identifies and blocks common injection attacks, such as cross-site scripting and SQL injection, while hardening web applications to reduce their overall attack surface. Its broader capabilities in