A high-performance eBPF-based web security tool that monitors HTTP traffic in real-time and automatically blocks malicious requests at the kernel level.
BotSentry uses eBPF (Extended Berkeley Packet Filter) technology to inspect network packets directly in the Linux kernel. When an HTTP request matches a security policy, the source IP is immediately added to a blocklist, and all subsequent packets from that IP are dropped at the XDP layer.
- Linux Kernel: 4.18+ with XDP support
- Rust Toolchain:
rustup install stable rustup install nightly
- BPF Linker:
cargo install bpf-linker
- Root Privileges: Required for XDP program attachment
git clone https://github.com/hynseok/botsentry.git
cd botsentry
cargo build --releaseBotSentry uses a policy.toml file for security policies.
[security_policy]
# Exact path matching (starts_with)
exact_paths = [
"/admin",
"/administrator",
"/wp-admin",
"/phpmyadmin",
"/admin.php",
"/login",
"/dashboard"
]
# Pattern matching (contains)
suspicious_patterns = [
".env",
".git",
"config.php",
"database",
"backup",
"sql",
"shell",
"cmd",
"eval",
"exec"
]- Exact Paths (
exact_paths): Blocks requests where the path starts with specified strings - Suspicious Patterns (
suspicious_patterns): Blocks requests containing specified substrings anywhere in the path
sudo ./target/release/botsentryThis project is licensed under the MIT License - see the LICENSE file for details.