security-gateway v1.0.0
Security Gateway
A plug-and-play security gateway that detects malicious traffic and redirects it to a decoy API. This middleware/gateway sits between your clients and your actual API to protect against various types of attacks.
Features
- Attack Detection: Identifies SQL injection, XSS, path traversal, and command injection attempts
- Traffic Redirection: Redirects suspicious traffic to a decoy API
- Rate Limiting: Prevents brute force attacks
- Honeypot Features: Adds misleading headers and response data
- Admin Dashboard: Real-time monitoring of suspicious activities
- Configurable: Easy configuration via environment variables or options object
- Docker Support: Ready-to-use Docker configuration for quick deployment
Installation
npm install security-gatewayUsage
As a standalone gateway
The simplest way to use Security Gateway is as a standalone service:
// server.js
const createSecurityGateway = require('security-gateway');
const gateway = createSecurityGateway({
server: {
port: 3000
},
endpoints: {
realApi: "http://your-real-api.com",
decoyApi: "http://your-decoy-api.com"
}
});
gateway.start().then(() => {
console.log('Security Gateway is running!');
});As Express middleware
You can also use it as middleware in an existing Express application:
const express = require('express');
const createSecurityGateway = require('security-gateway');
const app = express();
const gateway = createSecurityGateway();
// Use the gateway's app as middleware
app.use(gateway.app);
app.listen(3000, () => {
console.log('Application with Security Gateway is running on port 3000');
});Using Docker Compose
For a quick setup with Docker:
- Clone this repository
- Configure your environment variables in a
.envfile (see.env.example) - Run with Docker Compose:
docker-compose up -dConfiguration
You can configure the Security Gateway using environment variables or by passing an options object.
Available Options
| Option | Environment Variable | Default | Description |
|---|---|---|---|
| server.port | PORT | 3000 | Port for the gateway server |
| server.logFormat | LOG_FORMAT | combined | Morgan log format |
| endpoints.realApi | API_URL | http://localhost:8080 | URL of your real API |
| endpoints.decoyApi | DECOY_URL | http://localhost:8081 | URL of the decoy API |
| endpoints.adminDashboard | ADMIN_DASHBOARD_PATH | /admin/dashboard | Path to access the admin dashboard |
| security.rateLimit.enabled | RATE_LIMIT_ENABLED | true | Enable/disable rate limiting |
| security.rateLimit.max | RATE_LIMIT_MAX | 100 | Maximum requests per time window |
| security.rateLimit.windowMs | RATE_LIMIT_WINDOW_MS | 900000 | Time window in milliseconds (15 minutes) |
| security.attackPatterns.sqlInjection | DETECT_SQL_INJECTION | true | Enable SQL injection detection |
| security.attackPatterns.xss | DETECT_XSS | true | Enable XSS detection |
| security.attackPatterns.pathTraversal | DETECT_PATH_TRAVERSAL | true | Enable path traversal detection |
| security.attackPatterns.commandInjection | DETECT_COMMAND_INJECTION | true | Enable command injection detection |
| security.honeypot.addHeaders | ADD_HONEYPOT_HEADERS | true | Add fake server headers |
| security.honeypot.modifyResponses | MODIFY_RESPONSES | true | Add honeypot data to responses |
Admin Dashboard
Access the admin dashboard at /admin/dashboard (or your configured path) to monitor:
- Suspicious IP addresses
- Attack history
- Real-time statistics
Creating a Decoy API
The Security Gateway redirects suspicious traffic to a decoy API. You can use the included decoy-api.js file as a starting point or create your own.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
License
This project is licensed under the MIT License.
5 months ago