Drop-in security middleware for Python ASGI apps.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for brianchenhao from gravatar.com brianchenhao

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: brianchenhao
  • Tags security , waf , middleware , asgi , fastapi , starlette
  • Requires: Python >=3.10
  • Provides-Extra: test , docs
Classifiers
Report project as malware

Project description

antsilk

tests coverage PyPI Python License

Drop-in security middleware for Python ASGI apps.

antsilk is a small, zero-dependency middleware that sits in front of your FastAPI / Starlette / Litestar app and does the boring half of web security for you. Two lines of glue and every incoming request gets rate-limited, scanned for SQL injection / XSS / path traversal, checked against an IP threat-intel blocklist, and inspected for suspicious headers. Blocks are recorded as structured events in a local SQLite ledger.

Install

pip install antsilk

Two-line install

from fastapi import FastAPI
from antsilk import AntsilkMiddleware

app = FastAPI()
app.add_middleware(AntsilkMiddleware)

Restart your server. Antsilk is now active with defaults:

  • 60 requests per minute per IP
  • threat-intel from FireHOL Level 1 + Spamhaus DROP, refreshed every 6h
  • SQLi / XSS / path-traversal regex over URL, query, non-UA headers
  • structural header check (missing UA, bad UA, malformed Cookie)
  • events written to ./antsilk_events.db (SQLite, WAL mode)

What it catches

Layer What it catches Response
threat-intel Traffic from IPs on FireHOL Level 1 or Spamhaus DROP 403
rate limit Per-IP token bucket; default 60 req/min 429
headers Missing User-Agent, sqlmap/nikto/masscan/nmap, malformed Cookie 403
patterns SQLi, XSS, path traversal regex over path / query / non-UA headers 403

Why

  • Zero runtime dependencies. Standard library only. Every dep is friction for adopters and a supply-chain risk.
  • < 1ms p99 latency overhead on a typical FastAPI route.
  • Sensible defaults. Two-line install gives you a real WAF on day one.
  • Pluggable. Swap SQLiteSink for JSONLinesSink, or write your own.
  • Carve-outs that match how apps actually look. Webhooks bypass rate limit; user-content endpoints bypass pattern scan; payment endpoints bypass threat-intel — all wired through RouteRule.

Docs

Full docs site: docs.antsilk.com (coming online with the v0.1.0 launch).

Status

v0.1.0 — first published release. Public API frozen during the v0.1.x line; breaking changes wait for v0.2.0 after a deprecation warning. Body scanning is deferred to v0.3.0.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for brianchenhao from gravatar.com brianchenhao

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: brianchenhao
  • Tags security , waf , middleware , asgi , fastapi , starlette
  • Requires: Python >=3.10
  • Provides-Extra: test , docs
Classifiers

Release history Release notifications | RSS feed

This version

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

antsilk-0.1.0.tar.gz (27.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

antsilk-0.1.0-py3-none-any.whl (17.7 kB view details)

Uploaded Python 3

File details

Details for the file antsilk-0.1.0.tar.gz.

File metadata

  • Download URL: antsilk-0.1.0.tar.gz
  • Upload date:
  • Size: 27.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for antsilk-0.1.0.tar.gz
Algorithm Hash digest
SHA256 f61374a3703e7481c0afc14147f54fd9e0f82c98400cf507bbeef20090539722
MD5 4568b25db5990b70fa008c3c0ee31e7c
BLAKE2b-256 d4ac1f9c78598731f7219cb8c9d34bf83446bf66bcbdb22adba84c92d506dff7

See more details on using hashes here.

Provenance

The following attestation bundles were made for antsilk-0.1.0.tar.gz:

Publisher: publish.yml on brianchenhao/antsilk

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file antsilk-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: antsilk-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 17.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for antsilk-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 797fd1f7415f61754b6a89b3268a3aa16afb73e79d8f2d225cb7fe7ddc1c1f9d
MD5 94b80f64ccd2d6b24409537ec94ddd8e
BLAKE2b-256 da18b1d3e086be096bec479192adad6d8a4212ed04ff4e812b72c8f05bd652c1

See more details on using hashes here.

Provenance

The following attestation bundles were made for antsilk-0.1.0-py3-none-any.whl:

Publisher: publish.yml on brianchenhao/antsilk

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page