Web Application Firewall for bext — rate limiting, IP filtering, GeoIP, SQLi/XSS detection.
Part of the bext stack.
[dependencies]
bext-waf = "0.2"bext-waf is the web application firewall module used by the bext HTTP
server. It's also usable standalone in any async Rust project — pass it
requests, it returns allow/deny decisions.
- Rate limiting — per-IP, per-host, per-path, configurable windows.
- IP filtering — allowlist / blocklist with CIDR ranges.
- GeoIP blocking — MaxMind database integration (feature-gated).
- SQLi / XSS detection — pattern-based, low false-positive rules.
- Bot detection — known bot UAs, behavioral heuristics.
- Redis-backed distributed rate limiting — optional, for horizontal scaling.
[dependencies]
bext-waf = { version = "0.2", features = ["geoip", "redis"] }geoip— enable MaxMind GeoIP database lookupsredis— enable distributed rate limiting backed by Redis
Business Source License 1.1 — see LICENSE.md in this crate for the full text.
In plain English: production use on your own infrastructure is fully permitted. You may NOT offer this crate to third parties as a hosted or managed service that provides access to a substantial set of its features.
Change Date: 2030-04-11. On that date this crate automatically converts to the MIT License with no further restrictions.
Questions about commercial licensing? Open an issue at
github.com/bext-stack/bext with
the licensing label.
- github.com/bext-stack/bext — the bext meta repo
- Full ecosystem — all bext crates at a glance