Popularity

8.0

Declining

Activity

0.0

Stable

Stars 72

Watchers 5

Forks 5

Last Commit 3 months ago

Programming language: Crystal

License: MIT License

Tags: HTTP

http-protection alternatives and similar shards

Based on the "HTTP" category.
Alternatively, view http-protection alternatives based on common mentions on social networks and blogs.

route.cr

9.6 0.0 http-protection VS route.cr

Minimum High Performance Middleware for Crystal Web Server.
crest

9.5 0.0 http-protection VS crest

HTTP and REST client for Crystal

Collect and Analyze Billions of Data Points in Real Time

Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

Promo www.influxdata.com

halite

9.2 1.8 http-protection VS halite

💎HTTP Requests Client with a chainable REST API, built-in sessions and middlewares.
cryload

8.8 0.0 http-protection VS cryload

HTTP benchmarking tool written in Crystal
crul

8.8 0.0 http-protection VS crul

Command line HTTP client written in Crystal
cossack

8.7 0.0 http-protection VS cossack

Simple and flexible HTTP client for Crystal with middleware and test support.
Cable

8.7 0.0 http-protection VS Cable

It's like ActionCable (100% compatible with JS Client), but you know, for Crystal
http2

8.6 0.0 http-protection VS http2

HTTP/2 Protocol Implementation for the Crystal Language
helmet

6.5 0.0 http-protection VS helmet

a port of the Node Helmet module to the Crystal programming language
crystal-routing

6.2 0.0 http-protection VS crystal-routing

Extensible library to deal with http request and string based routing in Crystal
beryl

6.0 0.0 http-protection VS beryl

Action-focused HTTP routing library
session

5.6 0.0 http-protection VS session

Cookie based sessions in Crystal HTTP applications
resp-crystal

5.4 1.6 http-protection VS resp-crystal

Lightweight RESP client
http-multiserver.cr

5.3 0.0 http-protection VS http-multiserver.cr

Mount multiple web applications 🚦
http-params-serializable

5.0 0.0 http-protection VS http-params-serializable

The HTTP params parsing module for Crystal 🤓
sse.cr

4.4 0.0 http-protection VS sse.cr

A Crystal shard for Server-Sent Events
http_parser.cr

4.2 0.0 http-protection VS http_parser.cr

Crystal wrapper for Http Parser lib: https://github.com/joyent/http-parser
multipart.cr

3.7 0.0 http-protection VS multipart.cr

Adds multipart and multipart/form-data support to the crystal standard library
proxy-fetcher.cr

3.6 0.0 http-protection VS proxy-fetcher.cr

Crystal port of awesome Ruby ProxyFetcher gem
ContentDisposition

3.5 0.0 http-protection VS ContentDisposition

Crystal shard to create HTTP Content-Disposition headers with proper escaping/encoding of filenames
digest-auth

2.6 0.0 http-protection VS digest-auth

HTTP digest auth for crystal lang
ntlm

2.0 0.0 http-protection VS ntlm

NTLM authentication for crystal lang
router-simple.cr

1.9 0.0 http-protection VS router-simple.cr

simple path router inspired by Router::Simple.
http_distributor

1.9 0.0 http-protection VS http_distributor

http server which allows sneaky http request though it.
keyer_cr

1.9 0.0 http-protection VS keyer_cr

HTTP Request Parameter Parsing
link-header

1.6 0.0 http-protection VS link-header

Crystal Lang HTTP Link Header Parser
crystal-cossack

1.2 0.0 http-protection VS crystal-cossack

Simple and flexible HTTP client for Crystal with middleware and test support.
HTTP::WebSocket

- http-protection VS HTTP::WebSocket

HTTP WebSocket client (Crystal stdlib)
HTTP::Server

- http-protection VS HTTP::Server

HTTP server (Crystal stdlib)
HTTP::Client

- http-protection VS HTTP::Client

HTTP client (Crystal stdlib)

Do you think we are missing an alternative of http-protection or a related project?

Add another 'HTTP' Shard

Popular Comparisons

README

http-protection

This library protects against typical web attacks. It was inspired in rack-protection Ruby gem.

Installation

Add this to your application's shard.yml:

dependencies:
  http-protection:
    github: rogeriozambon/http-protection

Usage

require "http/server"
require "http-protection"

server = HTTP::Server.new([
  HTTP::Protection::Deflect.new,
  HTTP::Protection::FrameOptions.new,
  HTTP::Protection::IpSpoofing.new,
  HTTP::Protection::Origin.new,
  HTTP::Protection::PathTraversal.new,
  HTTP::Protection::RemoteReferer.new,
  HTTP::Protection::StrictTransport.new,
  HTTP::Protection::XSSHeader.new
])

server.bind_tcp "0.0.0.0", 8080
server.listen

Deflect middleware

It protects against Denial-of-service attacks. You can define a several options for this middleware.

Option	Description	Default value	Type
interval	Duration in seconds until the request counter is reset.	5	Int32
duration	Duration in seconds that a remote address will be blocked.	900	Int32
threshold	Number of requests allowed.	100	Int32
blacklist	Array of remote addresses immediately considered malicious.	[]	Array(String)
whitelist	Array of remote addresses which bypass Deflect.	[]	Array(String)

Example:

HTTP::Protection::Deflect.new(
  interval: 5,
  duration: 5,
  threshold: 10,
  blacklist: ["111.111.111.111"],
  whitelist: ["222.222.222.222"]
)

FrameOptions middleware

It protects against clickjacking, setting header to tell the browser avoid embedding the page in a frame. You can define one option for this middleware.

Option	Description	Default value	Type
option	Defines who should be allowed to embed the page in a frame. Use "DENY" or "SAMEORIGIN".	SAMEORIGIN	String

Example:

HTTP::Protection::FrameOptions.new(option: "SAMEORIGIN")

IpSpoofing middleware

It detects IP spoofing attacks.

Example:

HTTP::Protection::IpSpoofing.new

Origin middleware

It protects against unsafe HTTP requests when value of Origin HTTP request header doesn't match default or whitelisted URIs. You can define the whitelist of URIs.

Option	Description	Default value	Type
whitelist	Array of allowed URIs	[]	Array(String)

Example:

HTTP::Protection::Origin.new(whitelist: ["http://friend.com"])

PathTraversal middleware

It protects against unauthorized access to file system attacks, unescapes '/' and '.' from PATH_INFO.

Example:

HTTP::Protection::PathTraversal.new

RemoteReferer middleware

It doesn't accept unsafe HTTP requests if the Referer header is set to a different host. You can define the HTTP methods that are allowed.

Option	Description	Default value	Type
methods	Defines which HTTP method should be used.	GET, HEAD, OPTIONS, TRACE	Array(String)

Example:

HTTP::Protection::RemoteReferer.new(methods: ["GET"])

StrictTransport middleware

It protects against protocol downgrade attacks and cookie hijacking. You can define some options for this middleware.

Option	Description	Default value	Type
max_age	How long future requests to the domain should go over HTTPS (in seconds).	31536000	Int32
include_subdomains	If all present and future subdomains will be HTTPS.	false	Bool
preload	Allow this domain to be included in browsers HSTS preload list.	false	Bool

Example:

HTTP::Protection::StrictTransport.new(
  max_age: 31536000,
  include_subdomains: false,
  preload: false
)

XSSHeader middleware

It sets X-XSS-Protection header to tell the browser to block attacks. XSS vulnerabilities enable an attacker to control the relationship between a user and a web site or web application that they trust.

You can define some options for this middleware.

Option	Description	Default value	Type
xss_mode	How the browser should prevent the attack.	block	String
nosniff	Blocks a request if the requested type is "style" or "script".	true	Bool

Example:

HTTP::Protection::XSSHeader.new(
  xss_mode: "block"
  nosniff: true
)

Custom logger

It's possible to add a custom logger to replace the default behavior. You can add a logger that outputs to a file, for example.

Example:

log_file = File.open("./protection.log", "w")
HTTP::Protection::Logger.instance = Logger.new(log_file)

Contributors

rogeriozambon Rogério Zambon - creator, maintainer

*Note that all licence references and agreements mentioned in the http-protection README section above are relevant to that project's source code only.