express-defend
NodeJS Express middleware that detects malicious requests on your site (originated from automated website vulnerability scanner, or an attacker) like:
http://<your website>/page.html?name=<script>alert('hello world')</script>
http://<your website>/page.html?path=../../etc/passwd
Once a possible security threat is detected by express-defend, you can block all other requests sent from the attacker. If file logging is enabled, you can check the logfile and see how attackers try to find a security vulnerabilties on your server (it makes sense to see it, there might be real issues as well).
Current implementation supports the followings:
- Cross Site Scripting detection
- Path Traversal detection
- SQL Injection detection
Please note that this module will never be able to detect security threats with 100% precision. The goal of this project is to catch and report the very first 'obvious' attempts, if possible.
Usage
$ npm install express-defend
Setting up your express server with express-defend support
var expressDefend = ; app;
Above example in action
Please note that only suspicious traffic will be dropped from a malicious host when "dropSuspiciousRequest" is enabled. If you want to put the host on blacklist on your server, you might want to use this module with express-blacklist.