Silker AISilker AI
Get started

Configuration

Security features

Detection features are toggled via the features option (or remotely from the dashboard). Most are on by default; a few are opt-in to keep false positives low.

Enable or disable any feature explicitly:

features
initSilker({
  features: {
    sqliDetection: true,
    xssDetection: true,
    ssrfDetection: true,        // inbound SSRF is opt-in
    promptInjectionDetection: true,
    dataLeakageDetection: { strategy: 'redact' },
  },
});

Core detection

rateLimitDefault: on

Limits requests per IP (sliding window, default 60/min) to blunt brute-force and DoS.

sqliDetectionDefault: on

Detects SQL injection patterns in query params, body, and headers.

xssDetectionDefault: on

Detects cross-site scripting payloads in request input.

pathTraversalDetectionDefault: on

Blocks directory-traversal attempts (e.g. ../etc/passwd).

ipBanningDefault: on

Auto-bans IPs after detected attacks or limit breaches; bans sync across instances and the dashboard.

scannerTrapDetectionDefault: on

Honeypot paths (/.env, /wp-login.php, /.git/config, /phpmyadmin...) bots probe before attacking. A hit is flagged as a Scanner Probe and - with ipBanning on - the IP is banned instantly. Near-zero false positives on Node/Next.

AI / LLM protection

promptInjectionDetectionDefault: on

Detects attempts to manipulate LLM behavior - jailbreaks, instruction overrides, and context leaks.

OWASP Top 10

accessControlDetectionDefault: on

A01: Broken Access Control. Flags privilege-escalation and unauthorized resource access.

cryptographicValidationDefault: on

A02: Cryptographic Failures. Checks for weak crypto usage and sensitive data exposed in transit.

sqliDetection / xssDetectionDefault: on

A03: Injection. SQL injection, XSS, and command-injection protection.

zeroTrustDetectionDefault: on

A04: Insecure Design. Enforces zero-trust request-integrity checks.

securityHeadersValidationDefault: on

A05: Security Misconfiguration. Validates CSP, HSTS, X-Frame-Options and flags defaults.

vulnerableComponentsDetectionDefault: on

A06: Vulnerable & Outdated Components. Surfaces use of known-vulnerable dependencies (CVEs).

authenticationValidationDefault: on

A07: Identification & Authentication Failures. Detects weak auth, credential stuffing, brute force.

softwareIntegrityValidationDefault: on

A08: Software & Data Integrity Failures. Verifies integrity of updates, CI/CD, and critical flows.

auditLoggingDefault: on

A09: Logging & Monitoring Failures. Ensures security events are logged and alertable.

ssrfDetectionOpt-in

A10: SSRF (inbound). Blocks requests targeting internal networks and metadata services. Opt-in to avoid false positives; outbound fetch SSRF protection is on by default.

Advanced web security

csrfDetectionDefault: on

Verifies Origin/Referer on state-changing requests.

idorDetectionDefault: on

Flags Insecure Direct Object Reference access via predictable IDs.

hostHeaderInjectionDetectionDefault: on

Prevents Host-header manipulation (cache poisoning, password-reset poisoning).

dataLeakageDetectionDefault: on

Scans responses for secrets and PII (API keys, credit cards, SSN/PESEL). Accepts a strategy: block, redact, or monitor.

sessionAnomaliesDetectionDefault: on

Behavioral analysis for session hijacking and unusual user patterns.

apiSchemaValidationDefault: on

Validates requests against expected API schemas/structures.

fileUploadDetectionDefault: on

Validates uploaded file types/extensions and scans for malicious content.

thirdPartyDetectionDefault: on

Monitors interactions with third-party APIs and services.

complianceDetectionDefault: on

Flags GDPR/HIPAA and other regulatory violations.

threatIntelligenceDefault: on

Matches IPs and signatures against threat-intelligence lists (extendable via threatIntel).

cloudCommunicationDefault: on

Sends sanitized security events to Silker Cloud for dashboard reporting and remote config.

Running behind Cloudflare or another WAF? Set disableLegacySecurity: true to skip the legacy web-security checks (CSRF, SSRF, IDOR, Host-header) and avoid duplicate work.