Security & WAF Guide

Security & the WAF

SQL-injection screening, user-agent blocking, allow/deny rules and rate limiting.

The proxy ships several request-screening layers you can compose per domain: a SQL-injection filter, user-agent blocking, allow/deny path rules and a global rate limiter. Each is independent, so you can be strict on an admin path and permissive on public assets.

add_sql_injection_protection + enable_sql_injection_protection — block requests carrying SQL-injection payloads.
disallowed_user_agents — drop traffic from matching user agents (bots, scanners).
rule_type — allow-list or deny-list paths with Whitelist / Blacklist.
add_rate_limiting — cap request rate to absorb abuse.

🛡️Defence in depth

These layers complement, not replace, application-level validation. The proxy stops the obvious and the noisy at the edge so your origin sees less hostile traffic.

← Back to all documentation