Zen, developed by Aikido, is designed to protect your web applications from a wide range of vulnerabilities.
This is a live example app. Zen is installed and configured to protect this application.
Here you can experiment with different types of injection attacks, user blocking, rate-limiting, bot blocking to see how Zen is able to
protect against unwanted behavior at runtime.
→ Install Zen and start securing your web applications today!
→ GitHub page
You can test our rate limiting features with the following button, this is equivalent to running the following cURL command
curl https://demo.webfirewall.dev/test_ratelimiting_1
(max 3 requests / minute)
You can test our bot blocking features with the following button, this is equivalent to running the following cURL command
Note: This only works on Firefox, Chromium-based browsers currently have an issue with setting the User-Agent in a fetch request (see here). You can still test it out with the cURL command below
curl \
-H "User-Agent: Mozilla/5.0 (compatible; Bytespider/1.0; +http://bytespider.com/bot.html)" \
-X GET https://demo.webfirewall.dev/test_bot_blocking
In this example app the user is determined by a user header, we provided some examples here
curl \
-H "user: 123456" \
-X GET https://demo.webfirewall.dev/test_user_blocking
with allowed user (ID: 123456)
curl \
-H "user: 789" \
-X GET https://demo.webfirewall.dev/test_user_blocking
with blocked user (ID: 789)
Demo-ing the IP Blocking capabilities isn't super easy. We offer support for geo-ip blocking, blocking of malicious actor and blocking Tor traffic
We enabled the blocking of Tor traffic on this site to demo the IP Blocking capabilities as best as we could.
→ Download Tor Browser