awesome-repositories.com
Blog
awesome-repositories.com

Descoperă cele mai bune repository-uri open source cu căutare AI.

ExploreazăCăutări recomandateAlternative open-sourceSoftware self-hostedBlogHartă site
ProiectDespreCum realizăm clasamentulPresăServer MCP
LegalConfidențialitateTermeni
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

26 repository-uri

Awesome GitHub RepositoriesHTTP Request Filtering

Mechanisms to inspect and filter incoming HTTP requests to block malicious methods or unauthorized access.

Distinct from Security Headers: Focuses on active request filtering and method blocking, whereas the candidates focus on response headers

Explore 26 awesome GitHub repositories matching security & cryptography · HTTP Request Filtering. Refine with filters or upvote what's useful.

Awesome HTTP Request Filtering GitHub Repositories

Găsește cele mai bune repo-uri cu AI.Vom căuta cele mai potrivite repository-uri folosind AI.
  • magento/magento2Avatar magento

    magento/magento2

    12,126Vezi pe GitHub↗

    This project is a PHP e-commerce platform and enterprise storefront framework designed for building and managing online stores. It functions as a modular PHP application and headless commerce engine, separating e-commerce business logic from frontend presentation to support multiple storefronts and devices. The system is built on a modular architecture that allows developers to add custom business logic and third-party integrations. It utilizes a service-contract-based API to ensure stability across module implementations and employs dependency-injection for object lifecycle management. Core

    Filters dangerous HTTP request methods and manages authorization headers to protect against common web attacks.

    PHPecommerceecommerce-platformhacktoberfest
    Vezi pe GitHub↗12,126
  • tymondesigns/jwt-authAvatar tymondesigns

    tymondesigns/jwt-auth

    11,484Vezi pe GitHub↗

    jwt-auth is a PHP package providing JSON Web Token authentication for Laravel and Lumen applications. It serves as a token provider and stateless session manager, allowing applications to issue and validate signed tokens to manage user identity across network requests. The library implements stateless API security by verifying identity tokens sent in request headers, removing the requirement to store session data on the server. It uses signed tokens to verify user credentials and restrict access to protected resources. The project provides capabilities for user access control, authentication

    Provides middleware to filter incoming HTTP requests and validate tokens before allowing access to protected routes.

    PHP
    Vezi pe GitHub↗11,484
  • bunkerity/bunkerwebAvatar bunkerity

    bunkerity/bunkerweb

    10,629Vezi pe GitHub↗

    BunkerWeb is a containerized suite of infrastructure tools that functions as a cloud-native web application firewall and Nginx reverse proxy. It provides a security layer for web applications, combining traffic routing with automated SSL certificate management and a web-based security dashboard for monitoring and configuration. The project distinguishes itself through its deep integration with container orchestrators, serving as a Kubernetes ingress controller that automates security settings and service discovery via container labels. It features a plugin-based extension model and a manageme

    Inspects HTTP request and response headers to enforce security policies and rate limits.

    Python
    Vezi pe GitHub↗10,629
  • bunkerity/bunkerized-nginxAvatar bunkerity

    bunkerity/bunkerized-nginx

    10,629Vezi pe GitHub↗

    Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo

    Inspects and filters incoming HTTP requests against security signatures to block malicious traffic in real time.

    Python
    Vezi pe GitHub↗10,629
  • ruby-grape/grapeAvatar ruby-grape

    ruby-grape/grape

    9,990Vezi pe GitHub↗

    Grape is a RESTful web service framework for Ruby designed for building structured APIs. It provides a declarative syntax for routing and parameter validation, allowing developers to map HTTP verbs to logic through a domain specific language. The framework is distinguished by its built-in support for service versioning, which can be managed via URL paths, custom headers, or request parameters. It also features a modular architecture that allows large services to be constructed by nesting smaller API definitions. The project covers comprehensive API lifecycle capabilities, including schema-dr

    Includes mechanisms to intercept and filter incoming HTTP requests for authentication and logging purposes.

    Ruby
    Vezi pe GitHub↗9,990
  • perwendel/sparkAvatar perwendel

    perwendel/spark

    9,657Vezi pe GitHub↗

    Spark is a lightweight Java web framework and embedded server designed for building web applications with minimal boilerplate. It functions as an HTTP routing engine that maps URL paths and methods to handler functions, providing a specialized domain specific language for web development in Kotlin. The framework enables the implementation of REST APIs and web services through the definition of HTTP routes. It supports the extraction of dynamic path parameters and the transformation of response data into formats such as JSON. Additional capabilities include the ability to serve static files a

    Inspects and filters incoming HTTP requests to perform security checks before reaching handlers.

    Java
    Vezi pe GitHub↗9,657
  • owasp-modsecurity/modsecurityAvatar owasp-modsecurity

    owasp-modsecurity/ModSecurity

    9,680Vezi pe GitHub↗

    ModSecurity is an open-source web application firewall and security engine. It functions as an HTTP traffic inspector and intrusion detection system that filters incoming web requests and responses against a set of security rules to block threats and prevent attacks on web servers. The project provides a modular framework for implementing restrictive security policies and custom filtering logic. It identifies and blocks common injection attacks, such as cross-site scripting and SQL injection, while hardening web applications to reduce their overall attack surface. Its broader capabilities in

    Inspects and filters incoming HTTP requests against predefined security patterns to block malicious traffic.

    C++apacheapache2modsecurity
    Vezi pe GitHub↗9,680
  • rob--w/cors-anywhereAvatar Rob--W

    Rob--W/cors-anywhere

    9,347Vezi pe GitHub↗

    This project is a Node.js HTTP proxy server that enables cross-domain API requests from browsers by injecting Cross-Origin Resource Sharing headers into HTTP responses. It functions as a reverse proxy gateway and header manipulator, allowing for the interception and modification of traffic between a client and a target server. The proxy provides mechanisms to bypass browser same-origin policy restrictions through automated header injection. It includes capabilities for origin-based rate limiting and request interception to control traffic flow and prevent unauthorized usage of the proxy servi

    Inspects and filters incoming HTTP requests to validate origins and headers before forwarding traffic.

    JavaScript
    Vezi pe GitHub↗9,347
  • ublock-llc/ublockAvatar uBlock-LLC

    uBlock-LLC/uBlock

    8,244Vezi pe GitHub↗

    uBlock is a browser content blocker and web privacy tool designed to prevent advertisements and tracking scripts from loading. It functions as a network request filter, a DOM element hider, and a script execution controller to manage how web pages load and render. The project distinguishes itself through a combination of network-level request interception and cosmetic filtering. It uses declarative filter lists and pattern-based matching to block trackers and pop-ups, while employing CSS selectors and wildcard entity matching to remove visual components across multiple regional domain variant

    Inspects and filters HTTP requests using predefined rule sets to block trackers and ads.

    JavaScriptadblockblockerchrome
    Vezi pe GitHub↗8,244
  • alibaba/higressAvatar alibaba

    alibaba/higress

    7,558Vezi pe GitHub↗

    Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It provides a centralized system for routing, securing, and optimizing traffic directed toward large language models, AI agents, and microservice architectures. The project distinguishes itself through deep AI orchestration, including the ability to host and manage Model Context Protocol servers that transform REST APIs into tools for AI agents. It features specialized AI infrastructure for model request proxying, protocol translation across multiple providers, and semantic-based c

    Blocks suspicious traffic using a rule-based engine integrated with the OWASP Core Rule Set.

    Goai-gatewayai-nativeapi-gateway
    Vezi pe GitHub↗7,558
  • proxymanapp/proxymanAvatar ProxymanApp

    ProxymanApp/Proxyman

    6,858Vezi pe GitHub↗

    Proxyman is a cross-platform HTTP debugging proxy that captures, inspects, and modifies HTTP, HTTPS, and WebSocket traffic. It functions as a man-in-the-middle proxy, decrypting SSL/TLS traffic to allow real-time inspection and modification of encrypted requests and responses. The tool is designed for debugging web and mobile applications, with capabilities for API mocking and simulation, scriptable traffic modification, and team collaboration on network logs. What distinguishes Proxyman is its deep integration with mobile and cross-platform development workflows. It provides automated certif

    Filters requests by URL, headers, method, status code, comment, or color.

    debugging-tooliosmacos
    Vezi pe GitHub↗6,858
  • yangzongzhuan/ruoyi-vue3Avatar yangzongzhuan

    yangzongzhuan/RuoYi-Vue3

    6,631Vezi pe GitHub↗

    RuoYi-Vue3 is a full-stack administrative dashboard and permission management framework built with SpringBoot and Vue 3. It serves as an enterprise management backend providing a decoupled architecture that separates the API from the user interface. The project features a low-code CRUD generator that automatically produces frontend and backend boilerplate code and API documentation from database tables. It implements a comprehensive role-based access control system for managing users, departments, and granular permissions at the menu and button levels, secured by stateless JSON Web Token auth

    Processes incoming HTTP requests through filter chains for security and input sanitization.

    Vueadminelement-pluselement-ui
    Vezi pe GitHub↗6,631
  • barryvdh/laravel-corsAvatar barryvdh

    barryvdh/laravel-cors

    6,240Vezi pe GitHub↗

    laravel-cors este un pachet middleware pentru aplicațiile Laravel care gestionează Cross-Origin Resource Sharing (CORS). Acesta funcționează ca un strat de securitate HTTP care validează originile cererilor și injectează headerele necesare în răspunsurile aplicației pentru a controla modul în care domeniile externe accesează un API backend. Proiectul oferă un motor de politici bazat pe configurare pentru a potrivi originile și metodele cererilor primite cu valorile permise. Aceasta include suport pentru potrivirea originilor cu wildcard pentru a autoriza mai multe domenii de încredere printr-o singură regulă și gestionarea automată a cererilor pre-flight OPTIONS. Sistemul se integrează în pipeline-ul request-response pentru a oferi control global al accesului API și configurarea securității browserului. Gestionează injectarea headerelor de securitate pentru a rezolva erorile de browser cross-origin și a asigura o comunicare securizată între un server Laravel și frontend-uri găzduite pe domenii diferite.

    Acts as a security layer that filters incoming requests by validating origins and handling OPTIONS requests.

    PHP
    Vezi pe GitHub↗6,240
  • vcr/vcrAvatar vcr

    vcr/vcr

    6,070Vezi pe GitHub↗

    VCR is a Ruby library that records and replays HTTP interactions during test runs, storing them in serialized cassette files. It captures real HTTP requests and responses, then serves those recorded responses instead of making actual network calls, enabling fast and deterministic test suites that work offline. The library provides configurable request matching, allowing comparisons based on method, URI, host, path, body, or headers to find the correct recorded response. It supports scheduled cassette re-recording to automatically refresh stored interactions at a configurable interval, keeping

    Prevents any HTTP request not explicitly allowed or recorded in a cassette from being executed.

    Ruby
    Vezi pe GitHub↗6,070
  • codeigniter4/codeigniter4Avatar codeigniter4

    codeigniter4/CodeIgniter4

    5,924Vezi pe GitHub↗

    CodeIgniter is a PHP web framework built on the Model-View-Controller pattern, designed for building full-stack web applications. It provides a lightweight toolkit with minimal configuration, organizing application logic into controllers, models, and views for clean separation of concerns. The framework includes a fluent query builder for constructing SQL statements programmatically, PSR-4 autoloading with namespace mapping, and a service-based dependency injection container for managing shared class instances. The framework distinguishes itself through its comprehensive set of built-in tools

    Runs filter classes only on requests using a specified HTTP verb such as POST or GET.

    PHPcodeignitercodeigniter4framework-php
    Vezi pe GitHub↗5,924
  • helicone/heliconeAvatar Helicone

    Helicone/helicone

    5,830Vezi pe GitHub↗

    Helicone is an AI gateway and observability platform designed to intercept, manage, and monitor interactions with large language models. By acting as a reverse-proxy, it provides a centralized layer for routing requests across multiple AI providers, allowing developers to maintain consistent application logic while gaining deep visibility into model performance, usage, and costs. The platform distinguishes itself through a robust suite of traffic management and prompt engineering tools. It enables policy-driven control, including automatic failover between providers, rate limiting, and edge-b

    Filters logged requests by specific custom metadata tags to isolate usage patterns for individual users or sessions.

    TypeScript
    Vezi pe GitHub↗5,830
  • apache/dubbo-spring-boot-projectAvatar apache

    apache/dubbo-spring-boot-project

    5,389Vezi pe GitHub↗

    Acest proiect este un framework de integrare care inițializează servicii de apel la distanță (RPC) Apache Dubbo în cadrul aplicațiilor Spring Boot. Acesta servește ca un framework de comunicare pentru microservicii care permite implementarea serviciilor RPC, descoperirea serviciilor și guvernanța distribuită prin configurare automată. Proiectul se distinge prin furnizarea unui bridge RPC cross-language, permițând serviciilor scrise în limbaje diferite să comunice prin standarde precum gRPC și Protobuf. De asemenea, permite expunerea microserviciilor backend ca endpoint-uri REST folosind protocolul Triple pentru acces direct din browsere web și clienți terți. Framework-ul acoperă o gamă largă de capabilități, inclusiv guvernanța serviciilor distribuite pentru rutarea traficului și limitarea ratei, gestionarea centralizată a configurației și observabilitatea microserviciilor pentru trasarea cererilor și monitorizarea stării de sănătate. De asemenea, suportă straturi de transport diverse și integrări de stocare pentru Redis și Memcached. Proiectul oferă startere și configurații pentru a automatiza inițializarea infrastructurii RPC în mediul Spring Boot.

    Executes custom request lifecycle logic using Servlet Filters and specialized REST filter extensions.

    Javadubbo
    Vezi pe GitHub↗5,389
  • sadeghhayeri/greentunnelAvatar SadeghHayeri

    SadeghHayeri/GreenTunnel

    4,855Vezi pe GitHub↗

    GreenTunnel este un utilitar de rețea conceput pentru a ocoli inspecția pachetelor (DPI) și a trece peste cenzura internetului. Funcționează ca un instrument care modifică pachetele de rețea de ieșire și criptează interogările DNS pentru a împiedica furnizorii de servicii internet și sistemele de filtrare a rețelei să detecteze și să blocheze anumite destinații web. Proiectul implementează un proxy de fragmentare HTTP și un fragmentator de handshake HTTPS. Aceste componente împart header-ele cererilor și înregistrările de handshake TLS în mai multe segmente pentru a ascunde numele de host și numele serverelor de destinație de sistemele de inspecție. Software-ul include, de asemenea, un client DNS-over-HTTPS pentru a prelua adrese IP folosind protocoale criptate, prevenind interceptarea sau spoofing-ul interogărilor DNS standard. Capabilitățile suplimentare acoperă manipularea pachetelor TCP și fragmentarea segmentelor la nivelul transport pentru a evita inspecția traficului.

    Splits HTTP requests across segments to hide host headers from network inspection systems.

    JavaScript
    Vezi pe GitHub↗4,855
  • nbs-system/naxsiAvatar nbs-system

    nbs-system/naxsi

    4,817Vezi pe GitHub↗

    Naxsi este un firewall pentru aplicații web pentru serverele NGINX, conceput pentru a proteja aplicațiile web împotriva atacurilor prin inspectarea traficului HTTP pentru tipare malițioase și semnături de vulnerabilitate. Funcționează ca un filtru de semnături de vulnerabilitate care potrivește cererile primite cu markeri cunoscuți pentru amenințări precum SQL injection și cross-site scripting. Sistemul include un sistem de învățare și un utilitar de generare automată a regulilor pentru a reduce alarmele false. Acesta analizează comportamentul site-ului web în timp pentru a crea whitelist-uri de trafic și excepții de securitate pentru tiparele de trafic legitime. Proiectul oferă un analizor de evenimente de securitate care importă log-urile de securitate într-o bază de date pentru a efectua analiza tendințelor. Acest lucru permite identificarea host-urilor ofensatoare și calcularea rapoartelor de evenimente prin rezumate bazate pe baza de date.

    Evaluates each HTTP request independently against security policies without maintaining session state between packets.

    C
    Vezi pe GitHub↗4,817
  • xvzc/spoofdpiAvatar xvzc

    xvzc/spoofdpi

    4,794Vezi pe GitHub↗

    SpoofDPI este o aplicație de rețea și un server proxy local conceput ca un instrument anti-cenzură. Acesta funcționează ca un proxy de ocolire a inspecției profunde a pachetelor (DPI) care fragmentează și modifică cererile HTTP de ieșire pentru a evita filtrele de rețea și cenzura. Proiectul realizează acest lucru prin implementarea fragmentării cererilor HTTP, împărțind cererile unice în mai multe pachete mai mici pentru a induce în eroare firewall-urile. De asemenea, efectuează manipularea fluxului TCP și obfuscare a traficului de rețea pentru a ascunde natura cererilor web și a ocoli blocajele de conținut regionale. Sistemul include capabilități pentru redirecționarea transparentă a rețelei și gestionarea configurației bazată pe fișiere pentru a coordona modul în care este gestionat traficul de rețea.

    Bypasses deep packet inspection by splitting HTTP requests across multiple network segments.

    Goanti-censorshipcensorship-circumventioncensorship-free
    Vezi pe GitHub↗4,794
Înapoi12Înainte
  1. Home
  2. Security & Cryptography
  3. HTTP Request Filtering

Explorează sub-etichetele

  • Fragmentation EvasionBypassing HTTP filters by splitting requests across multiple network segments. **Distinct from HTTP Request Filtering:** Focuses on fragmenting requests for evasion, rather than inspecting or blocking requests.
  • JavaScript HTTP Request HandlersBinding JavaScript request handler functions to HTTP output filter instances for custom server behavior. **Distinct from HTTP Request Filtering:** Distinct from HTTP Request Filtering: focuses on attaching custom JavaScript logic to HTTP output filters, not security filtering of requests.
  • Method-Based FilteringsRunning filter classes only on requests using a specified HTTP verb such as POST or GET. **Distinct from HTTP Request Filtering:** Distinct from HTTP Request Filtering: focuses on filtering by HTTP method, not general request inspection.
  • Multi-Field Request FiltersFilters the request list by URL, query string, headers, method, status code, comment, or color. **Distinct from HTTP Request Filtering:** Distinct from HTTP Request Filtering: filters by multiple request/response properties for debugging, not security blocking.
  • Test Request BlockersPrevents HTTP requests not explicitly allowed or recorded in a cassette from being executed during tests. **Distinct from HTTP Request Filtering:** Distinct from HTTP Request Filtering: focuses on blocking requests during test execution for isolation, not security filtering of live traffic.