Tiny Robots WAF

CIHex versionHex downloadsLicense

A minimal web application firewall plug used by Tiny Robots apps. It halts vulnerability-scanner requests with a plain 404 Not Found before they reach the Phoenix router, so probes like /.env and /wp-login.php never hit session/parser plugs, never raise Phoenix.Router.NoRouteError, and never create error-reporting noise.

What it blocks

It is deliberately stateless: no IP tracking, no rate limiting, no logging. Blocked requests are simply answered early and cheaply.

Installation

def deps do
[
{:rbtz_waf, "~> 0.1"}
]
end

Usage

Put the plug early in your endpoint, before Plug.Parsers and Plug.Session:

defmodule MyAppWeb.Endpoint do
use Phoenix.Endpoint, otp_app: :my_app
# ...
plug Plug.RequestId
plug Rbtz.WAF
# ...
plug MyAppWeb.Router
end

Options

plug Rbtz.WAF, allow_prefixes: ["proxy"]

License

MIT — see LICENSE.