bext-waf

Web Application Firewall for bext — rate limiting, IP filtering, GeoIP, SQLi/XSS detection.

Part of the bext stack.

[dependencies]
bext-waf = "0.2"

What this crate is

bext-waf is the web application firewall module used by the bext HTTP server. It's also usable standalone in any async Rust project — pass it requests, it returns allow/deny decisions.

Features

• Rate limiting — per-IP, per-host, per-path, configurable windows.
• IP filtering — allowlist / blocklist with CIDR ranges.
• GeoIP blocking — MaxMind database integration (feature-gated).
• SQLi / XSS detection — pattern-based, low false-positive rules.
• Bot detection — known bot UAs, behavioral heuristics.
• Redis-backed distributed rate limiting — optional, for horizontal scaling.

Features flags

[dependencies]
bext-waf = { version = "0.2", features = ["geoip", "redis"] }

• geoip — enable MaxMind GeoIP database lookups
• redis — enable distributed rate limiting backed by Redis

License

Business Source License 1.1 — see LICENSE.md in this crate for the full text.

In plain English: production use on your own infrastructure is fully permitted. You may NOT offer this crate to third parties as a hosted or managed service that provides access to a substantial set of its features.

Change Date: 2030-04-11. On that date this crate automatically converts to the MIT License with no further restrictions.

Questions about commercial licensing? Open an issue at github.com/bext-stack/bext with the licensing label.

See also

• github.com/bext-stack/bext — the bext meta repo
• Full ecosystem — all bext crates at a glance