Crate synapse_pingora 

Synapse-Pingora: High-performance WAF proxy using Cloudflare Pingora.

This library provides multi-site reverse proxy capabilities with integrated WAF detection using the Synapse engine.

Phase 1 Modules (Core Features)

• vhost - Virtual host matching for multi-site routing
• config - Configuration loading and validation
• tls - TLS certificate management with SNI support
• health - Health check endpoint for monitoring
• site_waf - Per-site WAF configuration management

Phase 2 Modules (Management Features)

• metrics - Prometheus metrics endpoint
• reload - Configuration hot-reload via SIGHUP
• access - CIDR-based allow/deny access lists
• ratelimit - Per-site rate limiting with token bucket
• api - Management HTTP API

Phase 3 Modules (Feature Migration from risk-server)

• fingerprint - JA4/JA4H TLS and HTTP fingerprinting
• entity - Per-IP entity tracking with risk scoring and decay
• tarpit - Progressive response delays for slow-drip defense
• dlp - Data Loss Prevention with 23 sensitive data patterns

Re-exports

pub use config::ConfigFile;

pub use config::ConfigLoader;

pub use config::GlobalConfig;

pub use health::HealthChecker;

pub use health::HealthResponse;

pub use health::HealthStatus;

pub use site_waf::SiteWafConfig;

pub use site_waf::SiteWafManager;

pub use site_waf::WafAction;

pub use tls::TlsManager;

pub use tls::TlsVersion;

pub use vhost::SiteConfig;

pub use vhost::VhostMatcher;

pub use access::AccessDecision;

pub use access::AccessList;

pub use access::AccessListManager;

pub use api::ApiHandler;

pub use api::ApiResponse;

pub use api::EvaluateResult;

pub use metrics::BandwidthDataPoint;

pub use metrics::BandwidthStats;

pub use metrics::MetricsRegistry;

pub use metrics::ProfilingMetrics;

pub use ratelimit::RateLimitConfig;

pub use ratelimit::RateLimitDecision;

pub use ratelimit::RateLimitManager;

pub use reload::ConfigReloader;

pub use reload::ReloadResult;

pub use dlp::validate_credit_card;

pub use dlp::validate_iban;

pub use dlp::validate_phone;

pub use dlp::validate_ssn;

pub use dlp::DlpConfig;

pub use dlp::DlpMatch;

pub use dlp::DlpScanner;

pub use dlp::DlpStats;

pub use dlp::PatternSeverity;

pub use dlp::ScanResult;

pub use dlp::SensitiveDataType;

pub use entity::BlockDecision;

pub use entity::EntityConfig;

pub use entity::EntityManager;

pub use entity::EntityMetrics;

pub use entity::EntitySnapshot;

pub use entity::EntityState;

pub use entity::RiskApplication;

pub use fingerprint::analyze_ja4;

pub use fingerprint::analyze_ja4h;

pub use fingerprint::extract_client_fingerprint;

pub use fingerprint::generate_ja4h;

pub use fingerprint::parse_ja4_from_header;

pub use fingerprint::ClientFingerprint;

pub use fingerprint::HttpHeaders;

pub use fingerprint::Ja4Analysis;

pub use fingerprint::Ja4Fingerprint;

pub use fingerprint::Ja4Protocol;

pub use fingerprint::Ja4SniType;

pub use fingerprint::Ja4hAnalysis;

pub use fingerprint::Ja4hFingerprint;

pub use tarpit::TarpitConfig;

pub use tarpit::TarpitDecision;

pub use tarpit::TarpitManager;

pub use tarpit::TarpitState;

pub use tarpit::TarpitStats;

pub use validation::validate_certificate_file;

pub use validation::validate_domain_name;

pub use validation::validate_private_key_file;

pub use validation::validate_tls_config;

pub use validation::ValidationError;

pub use validation::ValidationResult;

pub use sni_validation::SniValidationConfig;

pub use sni_validation::SniValidationMode;

pub use sni_validation::SniValidationResult;

pub use sni_validation::SniValidator;

pub use trap::TrapConfig;

pub use trap::TrapMatcher;

pub use block_log::BlockEvent;

pub use block_log::BlockLog;

pub use actor::ActorConfig;

pub use actor::ActorManager;

pub use actor::ActorState;

pub use actor::ActorStats;

pub use actor::RuleMatch;

pub use session::HijackAlert;

pub use session::HijackType;

pub use session::SessionConfig;

pub use session::SessionDecision;

pub use session::SessionManager;

pub use session::SessionState;

pub use session::SessionStats;

pub use interrogator::ActorChallengeState;

pub use interrogator::ChallengeLevel;

pub use interrogator::ChallengeResponse;

pub use interrogator::CookieChallenge;

pub use interrogator::CookieConfig;

pub use interrogator::CookieManager;

pub use interrogator::CookieStats;

pub use interrogator::Interrogator;

pub use interrogator::JsChallenge;

pub use interrogator::JsChallengeConfig;

pub use interrogator::JsChallengeManager;

pub use interrogator::JsChallengeStats;

pub use interrogator::ProgressionConfig;

pub use interrogator::ProgressionManager;

pub use interrogator::ProgressionStats;

pub use interrogator::ValidationResult as ChallengeValidationResult;

pub use shadow::MirrorPayload;

pub use shadow::RateLimiter as ShadowRateLimiter;

pub use shadow::RateLimiterStats as ShadowRateLimiterStats;

pub use shadow::ShadowClientStats;

pub use shadow::ShadowMirrorClient;

pub use shadow::ShadowMirrorConfig;

pub use shadow::ShadowMirrorError;

pub use shadow::ShadowMirrorManager;

pub use shadow::ShadowMirrorStats;

pub use profiler::detect_pattern;

pub use profiler::entropy_z_score;

pub use profiler::is_entropy_anomaly;

pub use profiler::matches_pattern;

pub use profiler::normalized_entropy;

pub use profiler::shannon_entropy;

pub use profiler::AnomalyResult;

pub use profiler::AnomalySignal;

pub use profiler::AnomalySignalType;

pub use profiler::Distribution;

pub use profiler::EndpointProfile;

pub use profiler::FieldSchema;

pub use profiler::FieldType;

pub use profiler::HeaderAnomaly;

pub use profiler::HeaderAnomalyResult;

pub use profiler::HeaderBaseline;

pub use profiler::HeaderProfiler;

pub use profiler::HeaderProfilerStats;

pub use profiler::JsonEndpointSchema;

pub use profiler::ParameterSchema;

pub use profiler::PatternType;

pub use profiler::PercentilesTracker;

pub use profiler::ProfileStore;

pub use profiler::ProfileStoreConfig;

pub use profiler::ProfileStoreMetrics;

pub use profiler::Profiler;

pub use profiler::RateTracker;

pub use profiler::SchemaLearner;

pub use profiler::SchemaLearnerConfig;

pub use profiler::SchemaLearnerStats;

pub use profiler::SchemaViolation;

pub use profiler::SegmentCardinality;

pub use profiler::ValueStats;

pub use profiler::ViolationSeverity;

pub use profiler::ViolationType;

pub use config::ProfilerConfig;

pub use crawler::BadBotSeverity;

pub use crawler::BadBotSignature;

pub use crawler::CrawlerConfig;

pub use crawler::CrawlerDefinition;

pub use crawler::CrawlerDetection;

pub use crawler::CrawlerDetector;

pub use crawler::CrawlerStats;

pub use crawler::CrawlerStatsSnapshot;

pub use crawler::CrawlerVerificationResult;

pub use crawler::DnsFailurePolicy;

pub use crawler::VerificationMethod;

pub use horizon::BlockType;

pub use horizon::BlocklistCache;

pub use horizon::BlocklistEntry;

pub use horizon::BlocklistUpdate;

pub use horizon::ClientStats;

pub use horizon::ConnectionState;

pub use horizon::HorizonClient;

pub use horizon::HorizonConfig;

pub use horizon::HorizonError;

pub use horizon::HorizonManager;

pub use horizon::HorizonStats;

pub use horizon::HorizonStatsSnapshot;

pub use horizon::Severity;

pub use horizon::SignalType;

pub use horizon::ThreatSignal;

pub use payload::BandwidthBucket;

pub use payload::EndpointPayloadStats;

pub use payload::EndpointPayloadStatsSnapshot;

pub use payload::EndpointSortBy;

pub use payload::EntityBandwidth;

pub use payload::PayloadAnomaly;

pub use payload::PayloadAnomalyMetadata;

pub use payload::PayloadAnomalySeverity;

pub use payload::PayloadAnomalyType;

pub use payload::PayloadConfig;

pub use payload::PayloadManager;

pub use payload::PayloadSummary;

pub use payload::PayloadWindow;

pub use payload::SizeStats;

pub use trends::Anomaly;

pub use trends::AnomalyDetector;

pub use trends::AnomalyDetectorConfig;

pub use trends::AnomalyMetadata;

pub use trends::AnomalyQueryOptions;

pub use trends::AnomalySeverity;

pub use trends::AnomalyType;

pub use trends::BucketSummary;

pub use trends::CategorySummary;

pub use trends::Correlation;

pub use trends::CorrelationEngine;

pub use trends::CorrelationMetadata;

pub use trends::CorrelationType;

pub use trends::Signal;

pub use trends::SignalBucket;

pub use trends::SignalCategory;

pub use trends::SignalExtractor;

pub use trends::SignalMetadata;

pub use trends::SignalTrend;

pub use trends::SignalType as TrendsSignalType;

pub use trends::TimeStore;

pub use trends::TimeStoreStats;

pub use trends::TrendHistogramBucket;

pub use trends::TrendQueryOptions;

pub use trends::TrendsConfig;

pub use trends::TrendsManager;

pub use trends::TrendsManagerStats;

pub use trends::TrendsStats;

pub use trends::TrendsSummary;

pub use intelligence::Signal as IntelligenceSignal;

pub use intelligence::SignalCategory as IntelligenceSignalCategory;

pub use intelligence::SignalManager;

pub use intelligence::SignalManagerConfig;

pub use intelligence::SignalQueryOptions;

pub use intelligence::SignalSummary as IntelligenceSignalSummary;

pub use intelligence::TopSignalType as IntelligenceTopSignalType;

pub use geo::calculate_speed;

pub use geo::haversine_distance;

pub use geo::is_valid_coordinates;

pub use geo::GeoLocation;

pub use geo::ImpossibleTravelDetector;

pub use geo::LoginEvent;

pub use geo::Severity as GeoSeverity;

pub use geo::TravelAlert;

pub use geo::TravelConfig;

pub use geo::TravelStats;

pub use waf::boolean_operands;

pub use waf::build_rule_index;

pub use waf::get_candidate_rule_indices;

pub use waf::method_to_mask;

pub use waf::now_ms;

pub use waf::repeat_multiplier;

pub use waf::Action as WafRuleAction;

pub use waf::AnomalyContribution as WafAnomalyContribution;

pub use waf::AnomalySignal as WafAnomalySignal;

pub use waf::AnomalySignalType as WafAnomalySignalType;

pub use waf::AnomalyType as WafAnomalyType;

pub use waf::ArgEntry;

pub use waf::BlockingMode as WafBlockingMode;

pub use waf::CandidateCache;

pub use waf::CandidateCacheKey;

pub use waf::Engine as WafEngine;

pub use waf::EvalContext;

pub use waf::Header as WafHeader;

pub use waf::IndexedRule;

pub use waf::MatchCondition;

pub use waf::MatchValue;

pub use waf::Request as WafRequest;

pub use waf::RiskConfig as WafRiskConfig;

pub use waf::RiskContribution as WafRiskContribution;

pub use waf::RuleIndex;

pub use waf::StateStore;

pub use waf::Synapse;

pub use waf::Verdict as WafVerdict;

pub use waf::WafError;

pub use waf::WafRule;

pub use detection::AuthAttempt;

pub use detection::AuthMetrics;

pub use detection::AuthResult;

pub use detection::CredentialStuffingDetector;

pub use detection::DistributedAttack;

pub use detection::EntityEndpointKey;

pub use detection::StuffingConfig;

pub use detection::StuffingEvent;

pub use detection::StuffingSeverity;

pub use detection::StuffingState;

pub use detection::StuffingStats;

pub use detection::StuffingVerdict;

pub use detection::TakeoverAlert;

Modules

access

Access control lists with CIDR-based allow/deny rules.

actor

Actor State Management Module

admin_server

Admin HTTP server for Pingora configuration management.

api

Management HTTP API for runtime configuration and monitoring.

block_log

Block event logging for dashboard visibility. Maintains a circular buffer of recent WAF block events.

block_page

Custom Block Page Rendering Module

body

Request/Response Body Inspection Module

config

Configuration loading and validation for Synapse-Pingora.

config_manager

Centralized configuration manager with coordinated updates.

correlation

Campaign Correlation Module

crawler

Crawler Detection and Bad Bot Identification.

detection

Detection module for attack pattern recognition.

dlp

Data Loss Prevention (DLP) Module

entity

Entity Tracking Module for Per-IP Risk Accumulation

fingerprint

JA4+ TLS/HTTP Fingerprinting Module

geo

Geographic analysis and impossible travel detection.

headers

Header manipulation logic for request and response headers.

health

Health check endpoint for monitoring and load balancer integration.

horizon

Signal Horizon Hub integration for fleet-wide threat intelligence.

intelligence

Signal intelligence aggregation for Synapse-Pingora.

interrogator

Interrogator System - Progressive Challenge Escalation

metrics

Prometheus metrics endpoint for observability.

payload

Payload Profiling subsystem for bandwidth tracking and anomaly detection.

persistence

Persistence module for saving and loading WAF state.

profiler

API Endpoint Profiler Module

ratelimit

Per-site rate limiting with token bucket algorithm.

reload

Configuration hot-reload via SIGHUP signal.

session

Session State Management Module

shadow

Shadow Mirroring Module

signals

site_waf

Per-site WAF configuration management.

sni_validation

SNI vs Host Header Validation

tarpit

Tarpitting Module for Progressive Response Delays

telemetry

Signal Horizon Telemetry Integration Module

tls

TLS certificate management with SNI-based certificate selection.

trap

Honeypot trap endpoint detection and blocking.

trends

Trends subsystem for signal tracking and anomaly detection.

tui

Terminal User Interface for Synapse-Pingora monitoring. Built with ratatui for high-performance terminal visualization.

tunnel

Signal Horizon tunnel client for remote operations.

utils

validation

Validation utilities for TLS certificates, domains, and configuration.

vhost

Virtual host matching for multi-site routing.

waf

WAF Rule Engine module.