Arcjet attack protection example

This page is protected by Arcjet Shield.

Once a certain suspicion threshold is reached, subsequent requests from that client are blocked for a period of time. Shield detects suspicious behavior, such as SQL injection and cross-site scripting attacks.

Try it

Simulate an attack using curl:

curl -v -H "x-arcjet-suspicious: true" https://example.arcjet.com/attack/test

After the 5th request, your IP will be blocked for 15 minutes. Suspicious requests must meet a threshold before they are blocked to avoid false positives.

Shield can also be installed in middleware to protect your entire site.

See the code

The API route imports a centralized Arcjet client which sets base rules.