CSSWAF is a unique Proof of Concept designed to combat bot attacks without relying on JavaScript. By utilizing CSS animations to load hidden images, it cleverly verifies request legitimacy. This innovative approach ensures only genuine requests reach your server, providing an added layer of security against automated threats.
CSSWAF is a CSS-based, NoJS Anti-BOT Web Application Firewall (WAF) designed as a proof of concept. This innovative approach utilizes random hidden empty.gif files within CSS animation progress, enabling the browser to sequentially load these images. The server monitors the loading order; if the sequence is correct, the request is forwarded to the target server. Any deviation results in a blocked request.
Key Features
- Honeypot Mechanism: In addition to the GIF loading method, CSSWAF includes honeypot
empty.giffiles embedded in HTML<img>tags, which are configured not to load. If a bot attempts to access these GIFs, the request is denied. Furthermore, invisible<a>tags are placed in the HTML, and any interaction with these honeypots triggers a block.
Configuration Options
The CSSWAF can be configured with several command-line options:
Usage of csswaf:
-bind string
address to bind to (default ":8081")
-target string
target to reverse proxy to (default "http://localhost:8080")
-ttl duration
session expiration time (default 1h0m0s)
Demo
Experience CSSWAF in action at the following demo link: CSSWAF Demo.
Important Note
Please note that CSSWAF is a basic proof of concept and should not be used in production. It is intended for educational purposes and to explore potential anti-bot strategies.
No comments yet.
Sign in to be the first to comment.