SkyEye stands in front of your application and bans attackers before your server ever hears from them. One binary, on your machine, not on someone else's cloud.
Leaked secrets. Stolen keys. Hidden backdoors. SkyEye recognizes every classic move on first contact and closes the door before it opens.
Attackers wrap exploits in layer after layer of encoding to slip past filters. SkyEye peels every layer, in the path and in the query string, and judges what's underneath. The disguise itself is what gives them away.
Most servers forgive and forget. SkyEye remembers. A single wrong move costs the attacker a full week. No warnings. No second chances.
A second offense costs two weeks. A third costs a month. SkyEye keeps the record for ninety days. Scanners that plan to wait out their sentence find a longer one waiting.
SkyEye reads behavior, not just signatures. Thirty suspicious not-founds in a minute reads as a scan, even with an attack no one has seen before.
Every visitor gets a fair pace. Cross it and SkyEye slows you down. Abuse it and you stop being a visitor. The door closes for an hour.
A broken image link never bans a customer. An office sharing one IP never trips the alarm. And your own address can be made untouchable with a single line of config. Permanently, across restarts.
Not a filter you bolt onto your proxy. SkyEye is the guarded front door itself. It owns the port, terminates the connection, and forwards only clean traffic to your app. The protection comes for free because nothing reaches your server any other way.
If it runs on a port, SkyEye stands in front of it: APIs, app servers, microservices, WebSocket services. If your site is files on a disk, that's a web server's job. SkyEye guards applications. It doesn't host pages.
Path routing, WebSocket support, request limits, real client IPs. For a typical reverse-proxy setup it does the front-door job nginx was doing, in one binary with a config a human can actually read.
Point your domain at the server and SkyEye fetches its certificate from Let's Encrypt on the first request, then renews it forever. No certbot, no cron jobs, no expired-certificate outages at 3am.
Send /livekit to one service, everything else to your app, cap the upload route at 50MB, inject a header on another. A few lines of readable config, applied live.
List several servers on a route and SkyEye spreads your visitors across them. A server that stops answering is taken out of rotation, and its traffic flows to the others until it recovers. No health checks to configure, no extra software.
WebSockets and live event streams are first-class. Signaling, driver events, passenger listeners. They hold for hours without being cut, and every byte is flushed through the moment it arrives.
No web panel to secure. No login to leak. SkyEye is administered through a local socket that never touches the network. It answers to the person at the keyboard of that machine, and no one else.
Live counters at a glance. Uptime, active bans grouped by reason, and the size of every tracker. One command tells you the whole state of the wall.
Traffic totals, requests per second, and the leaderboards. Top requesters, top 404 sources, top repeat offenders. The black box becomes a glass one.
Every active ban with its ID, target, time remaining and reason. IPv6 entries show the whole /64 block they cover.
You spot an abuser in the logs. Ban them by hand, without waiting for a rule to trip. Durations the way you think them. Plain seconds, 30m, 2h, 7d. Manual bans always apply exactly what you typed.
The full story of one address. Banned or not, why, until when, its offense history and how it behaves right now. The command you reach for when someone says they're blocked.
Lift any ban by ID or by address. It forgives the offense history too, so a wrongly banned visitor never faces escalation for your mistake.
Thresholds, ban lengths and the never-ban allowlist live in one config file. Edit it, reload, and the new rules apply between one request and the next, with zero dropped connections and zero restarts.
Graceful shutdown that cleans up after itself. No PID hunting, nothing left behind. Restarting clears every ban. The ultimate undo button.
264 attack paths recognized on first contact. Ninety days of offense memory. Zero dependencies, zero databases, zero accounts, zero third parties. Everything that follows ships in a single file.
Env files, git internals, SSH keys, cloud credentials, database dumps, webshells, admin panels, WordPress probes. All compiled at startup into a constant-time lookup, so recognition costs nothing per request.
Percent-encoding is peeled layer by layer until the request stops changing. The double-encoded tricks that slide past naive filters are precisely what gets caught here.
Probes don't ride in on parameters either. A page parameter reaching for a traversal path is decoded, read, and banned like the attack it is.
Zero-day tools give themselves away by probing. Thirty suspicious misses a minute, or 120 of any kind, reads as a scan with no signature required. Your own broken asset links never count.
A sliding 60-second window with a hard abuse line. Static assets are exempt, so an image-heavy page loaded by a whole office behind one IP punishes no one.
The first automatic ban lasts a week, the second two weeks, the third a month. Manual bans always honor your exact duration. The machine escalates, the operator decides.
Bans cover the attacker's whole /64 block. Rotating through trillions of neighbouring addresses buys exactly nothing.
Behind Cloudflare or nginx, one flag honors real client IPs, read from the trusted end of the forwarding chain, so a forged header can't frame someone else or save the attacker.
Every ban, block and rate-limit is one structured line on your disk. Sensitive query data is deliberately never written, so your logs can't leak what they don't contain.
All state lives in memory. Stop it and the socket is cleaned up. Restart it and every questionable ban is forgiven. Delete the binary and SkyEye was never here. That's the whole uninstall guide.
No error page to fingerprint. No server to probe. Just a closed door, a reason, and a date one week away.