Show HN: Shibuya – A High-Performance WAF in Rust with eBPF and ML Engine
10 by germainluperto | 1 comments on Hacker News.
Hi HN, I’ve been working on Shibuya, a next-generation Web Application Firewall (WAF) built from the ground up in Rust. I wanted to build a WAF that didn't just rely on legacy regex signatures but could understand intent and perform at line-rate using modern kernel features. What makes Shibuya different: Multi-Layer Pipeline: It integrates a high-performance proxy (built on Pingora) with rate limiting, bot detection, and threat intelligence. eBPF Kernel Filtering: For volumetric attacks, Shibuya can drop malicious packets at the kernel level using XDP before they consume userspace resources. Dual ML Engine: It uses an ONNX-based engine for anomaly detection and a Random Forest classifier to identify specific attack classes like SQLi, XSS, and RCE. API & GraphQL Protection: Includes deep inspection for GraphQL (depth and complexity analysis) and OpenAPI schema validation. WASM Extensibility: You can write and hot-load custom security logic using WebAssembly plugins. Ashigaru Lab: The project includes a deliberately vulnerable lab environment with 6 different services and a "Red Team Bot" to test the WAF against 100+ simulated payloads. The Dashboard: The dashboard is built with SvelteKit and offers real-time monitoring (ECharts), a "Panic Mode" for instant hardening, and a visual editor for the YAML configuration. I'm looking for feedback on the architecture and the performance of the Rust-eBPF integration.
Monday, February 23, 2026
Sunday, February 22, 2026
Saturday, February 21, 2026
Friday, February 20, 2026
New top story on Hacker News: KFC, Nando's, and others ditch chicken welfare pledge
KFC, Nando's, and others ditch chicken welfare pledge
27 by penguin_booze | 6 comments on Hacker News.
27 by penguin_booze | 6 comments on Hacker News.
Subscribe to:
Comments (Atom)