High-Performance WAF

Argus Shield

High-throughput Web Application Firewall reverse proxy in Go. Protects HTTP upstreams by scanning request structures, checking signatures, resolving GeoIP ASN maps, enforcing rate limits, and performing leak scanning.

// reverse proxy pipeline

Public Ingress Request
HTTP Pipeline Rules Gating
GeoIP + OWASP CRS + Custom Regex Filters
Challenge Bots if Anomalous
Safe Forward to Upstream Servers

// Key Features & Performance Specs

Hot Reloading Rules

Rules and configurations can be hot-reloaded dynamically on the fly using `fsnotify` file system observers without dropping active client connections or websocket streams.

Proof of Work Bots Gating

Suspicious clients are prompted with cryptographic Proof-of-Work Javascript bot checks, allowing standard users to verify automatically without friction.

Token Bucket Rate Limiting

Maintains precise token-bucket rate limits. Connects to Redis for distributed cluster limiting with a transparent, local fallback if connection is lost.