express-defend v1.0.9
express-defend 
NodeJS Express middleware that detects malicious requests on your site (originated from automated website vulnerability scanner, or an attacker) like:
http://<your website>/page.html?name=<script>alert('hello world')</script>
http://<your website>/page.html?path=../../etc/passwdOnce a possible security threat is detected by express-defend, you can block all other requests sent from the attacker. If file logging is enabled, you can check the logfile and see how attackers try to find a security vulnerabilties on your server (it makes sense to see it, there might be real issues as well).
Current implementation supports the followings:
- Cross Site Scripting detection
- Path Traversal detection
- SQL Injection detection
Please note that this module will never be able to detect security threats with 100% precision. The goal of this project is to catch and report the very first 'obvious' attempts, if possible.
Usage
$ npm install express-defendSetting up your express server with express-defend support
var expressDefend = require('express-defend');
app.use(expressDefend.protect({
maxAttempts: 5, // (default: 5) number of attempts until "onMaxAttemptsReached" gets triggered
dropSuspiciousRequest: true, // respond 403 Forbidden when max attempts count is reached
consoleLogging: true, // (default: true) enable console logging
logFile: 'suspicious.log', // if specified, express-defend will log it's output here
onMaxAttemptsReached: function(ipAddress, url){
console.log('IP address ' + ipAddress + ' is considered to be malicious, URL: ' + url);
}
}));Above example in action
Please note that only suspicious traffic will be dropped from a malicious host when "dropSuspiciousRequest" is enabled. If you want to put the host on blacklist on your server, you might want to use this module with express-blacklist.