core

Token bucket rate limiting with configurable windows and limits per route, IP, or custom keys.

Authentication and authorization agent supporting JWT, API keys, OAuth, and custom auth providers.

OWASP CRS-compatible web application firewall with SQL injection, XSS, and attack detection.

Block requests based on IP addresses, CIDR ranges, or custom patterns with real-time updates.

Embed custom Lua scripts for flexible request/response processing and business logic.