feat: add connection tarpit for malicious bot traffic

Implements slow-drip response handler for known bot paths (wp-admin, phpmyadmin, etc.) to waste attacker resources. Includes per-IP and global connection limits, configurable delays, and random chunking. Also applies clippy lint fixes across codebase.
2026-01-31 00:26:31 -06:00 · 2026-01-05 18:19:09 -06:00
parent 553bae5a7f
commit 2a710d584e
12 changed files with 799 additions and 137 deletions
@@ -75,10 +75,12 @@ dependencies = [
 "aws-sdk-s3",
 "axum",
 "clap",
+ "dashmap",
 "futures",
 "include_dir",
 "mime_guess",
 "nu-ansi-term",
+ "rand",
 "reqwest",
 "serde",
 "serde_json",
@@ -814,6 +816,12 @@ dependencies = [
 "cfg-if",
 ]

+[[package]]
+name = "crossbeam-utils"
+version = "0.8.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
+
 [[package]]
 name = "crypto-bigint"
 version = "0.4.9"
@@ -846,6 +854,20 @@ dependencies = [
 "typenum",
 ]

+[[package]]
+name = "dashmap"
+version = "6.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf"
+dependencies = [
+ "cfg-if",
+ "crossbeam-utils",
+ "hashbrown 0.14.5",
+ "lock_api",
+ "once_cell",
+ "parking_lot_core",
+]
+
 [[package]]
 name = "der"
 version = "0.6.1"
@@ -1180,6 +1202,12 @@ dependencies = [
 "tracing",
 ]

+[[package]]
+name = "hashbrown"
+version = "0.14.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
+
 [[package]]
 name = "hashbrown"
 version = "0.15.5"