Sovereign Security

Block the bad.
Pass the good.

Roadblock is your self-hosted WAF, rate limiter, and access control layer. Sits in front of every service. Inspects every request. Blocks threats before they reach your infrastructure.

View Threat Feed
Live Feed

Real-time threat visibility

Every request inspected. Every decision logged. See what Roadblock catches in real time.

Roadblock / last 60 seconds 151 domains protected
BLOCKED 185.220.101.x SQL injection attempt on /api/search
RATE LIMITED 45.33.32.x 100+ req/min to /login — throttled to 10/min
BLOCKED 192.241.xx.x Known scanner (Shodan) — blocked by reputation
PASSED WireGuard Internal fleet request — trusted network
BLOCKED 103.xx.xx.x Path traversal attempt: /../../../etc/passwd
151
Domains
99.7%
Uptime
<5ms
Inspect Time
24/7
Active
Defense Layers

Seven layers of protection

Every request passes through each layer. If any layer rejects, the request is blocked.

L1IP reputationKnown bad actors, scanners, botnets
L2Rate limitingPer-IP, per-route, sliding window
L3Geo-blockingCountry-level allow/deny lists
L4WAF rulesSQL injection, XSS, path traversal, RCE
L5Bot detectionChallenge suspicious user agents
L6Auth verificationJWT validation, API key checks
L7Content inspectionPayload scanning, size limits, type validation
Features

Security you control

🛡

WAF engine

OWASP Top 10 protection out of the box. Custom rules in simple config. No vendor lock-in.

Rate limiting

Sliding window rate limits. Per-IP, per-route, per-API-key. Configurable burst allowance.

🔒

Access control

IP allowlists, WireGuard trust, JWT verification. Layer access controls per domain and route.

📊

Real-time dashboard

Live threat feed, request volume, block rate, top attackers. All in one view.

🤖

AI threat analysis

Local Ollama models classify novel attack patterns. Learn from traffic. Adapt rules automatically.

🌐

Self-hosted

Runs on your edge. Caddy + nginx integration. No Cloudflare dependency. Your rules, your network.