A High-Performance, Asynchronous AI Compliance Proxy.
Proxy Shield allows you to inspect network traffic for compliance violations (e.g., sensitive data leaks) using an AI/Embedding model without slowing down the user.
It uses a "Traffic Mirroring" architecture: traffic is instantly forwarded to a configured destination (zero latency), while a copy is sent asynchronously to an AI analyzer. If a violation is detected, the AI updates a shared Redis state to ban the offender's IP address temporarily.
[ Client ] ---> [ OpenResty (Nginx) ] --------------------> [ Configured Target ] | +---> (Mirror Copy) ---> [ AI Service ] | <--- (Ban Command) -----------+ (via Redis)
- The Check: Nginx checks Redis. If IP is banned, return
403 Forbidden. - The Forward: If clean, Nginx forwards the packet to the configured target instantly.
- The Mirror: Nginx sends a background copy to the Python AI Service.
- The Verdict: Python analyzes the text. If "secret" is found:
- Strike System: 3 strikes in 30 seconds = BAN.
- Ban: The IP is added to Redis with a TTL (Time To Live).
The proxy is configured at startup with a specific destination. All traffic will be forwarded to this target regardless of the original request's destination.
Set the TARGET_HOST environment variable in your .env file:
# Example: Forward all traffic to an internal API server
TARGET_HOST=api.internal.example.com:443
# Example: Forward to a local development server
TARGET_HOST=localhost:3000- Proxy: OpenResty (Nginx + LuaJIT)
- State/Cache: Redis (Alpine)
- AI Service: Python (FastAPI + Uvicorn)
- Orchestration: Docker Compose
- Docker & Docker Compose
-
Copy
.env.exampleto.env:cp .env.example .env
-
Edit
.envand set your target host:TARGET_HOST=your-target-server:port
docker-compose up --build