Csswaf
A CSS-based NoJS Anti-BOT WAF (Proof of Concept)
Install / Use
/learn @yzqzss/CsswafREADME
CSSWAF
Inspired by anubis
!WARNING! This is a very simple Proof of Concept and should not be used in production.
https://github.com/user-attachments/assets/bbc3b8f1-82f7-4b36-8be3-0af238f4e44c
Demo: https://csswaf-demo.othing.xyz
What is CSSWAF?
CSSWAF places random hidden empty.gif files in CSS animation progress, allowing the browser to load these images one by one.
The backend measures the loading order. If the loading order is correct, it passes the request to the target server. Otherwise, 🙅.
HoneyPot
CSSWAF places some honeypot empty.gif files in HTML <img> tags but instructs the browser not to load them. If someone loads the honeypot GIFs, 🙅.
CSSWAF also places some unvisible <a> tags in HTML, if someone clicks the honeypot links, 🙅.
Usage
Usage of csswaf:
-bind string
address to bind to (default ":8081")
-target string
target to reverse proxy to (default "http://localhost:8080")
-ttl duration
session expiration time (default 1h0m0s)
Related Skills
node-connect
349.9kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
109.8kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
349.9kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
349.9kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
