# bext-waf
**Web Application Firewall for bext — rate limiting, IP filtering, GeoIP, SQLi/XSS detection.**
Part of the [bext](https://github.com/bext-stack/bext) stack.
```toml
[dependencies]
bext-waf = "0.2"
```
## What this crate is
`bext-waf` is the web application firewall module used by the bext HTTP
server. It's also usable standalone in any async Rust project — pass it
requests, it returns allow/deny decisions.
## Features
- **Rate limiting** — per-IP, per-host, per-path, configurable windows.
- **IP filtering** — allowlist / blocklist with CIDR ranges.
- **GeoIP blocking** — MaxMind database integration (feature-gated).
- **SQLi / XSS detection** — pattern-based, low false-positive rules.
- **Bot detection** — known bot UAs, behavioral heuristics.
- **Redis-backed distributed rate limiting** — optional, for horizontal scaling.
## Features flags
```toml
[dependencies]
bext-waf = { version = "0.2", features = ["geoip", "redis"] }
```
- `geoip` — enable MaxMind GeoIP database lookups
- `redis` — enable distributed rate limiting backed by Redis
## License
**Business Source License 1.1** — see [LICENSE.md](LICENSE.md) in this crate
for the full text.
In plain English: production use on your own infrastructure is fully
permitted. You may NOT offer this crate to third parties as a hosted or
managed service that provides access to a substantial set of its features.
**Change Date: 2030-04-11.** On that date this crate automatically converts
to the MIT License with no further restrictions.
Questions about commercial licensing? Open an issue at
[github.com/bext-stack/bext](https://github.com/bext-stack/bext/issues) with
the `licensing` label.
## See also
- [github.com/bext-stack/bext](https://github.com/bext-stack/bext) — the bext meta repo
- [Full ecosystem](https://github.com/bext-stack/bext#ecosystem-at-a-glance) — all bext crates at a glance