Humadroid logo
Humadroid
Beta
🛡️ Open Source • Rails Native • Production Ready

Beskar
Rails Security Engine

Multi-layered, proactive security for Rails applications. Named after Mandalorian armor because your app deserves legendary protection.

View on GitHub Get Started
Web Application Firewall
Real-time threat detection
Impossible Travel
Geolocation anomaly detection
Smart Banning
Persistent IP protection
The Gap Between Basic and Paranoid

Why Beskar?

You already have Devise for authentication and Rack::Attack for rate limiting. But there's a gap between basic security hygiene and actually sleeping at night.

Without Beskar

  • Bots scanning /wp-admin on your Rails app (constantly)
  • Brute force attacks you don't even know about
  • Compromised accounts accessed from impossible locations
  • Manual IP blocking when you finally notice
  • No pattern detection or risk scoring

With Beskar

  • WAF automatically detects and blocks vulnerability scans
  • Smart rate limiting with pattern recognition
  • Impossible travel detection locks suspicious accounts
  • Automatic IP banning with escalating durations
  • Comprehensive security event tracking and analysis

Beskar is the layer between basic authentication and paranoid security.
It learns from behavior, responds automatically, and gives you visibility into what's actually happening.

Layered Protection

Security Features

Multiple layers of protection working together to secure your Rails application

Web Application Firewall

Detects and blocks vulnerability scanning across 7 attack categories: WordPress, PHP panels, config files, path traversal, and more.

Monitor-only mode available

Impossible Travel Detection

Automatically locks accounts when logins occur from physically impossible locations within a short timeframe using Haversine calculations.

MaxMind GeoLite2 integration

Smart Rate Limiting

Pattern-aware throttling detects brute force, distributed attacks, credential stuffing, and complex attack signatures.

Exponential backoff support

Risk-Based Locking

Risk scores based on geographic anomalies, device fingerprints, login patterns, and IP reputation. Auto-locks high-risk logins.

Devise lockable integration

Persistent IP Banning

Hybrid cache + database blocking survives restarts. Escalating bans: 1h → 6h → 24h → 7d → permanent for repeat offenders.

Auto-bans after violations

IP Whitelisting

Trusted IPs (office networks, VPN gateways) bypass blocking while maintaining audit logs. CIDR notation and IPv6 supported.

Full audit trail maintained
Quick Start

Get Started in 5 Minutes

Add Beskar to your Rails application with just a few commands

1

Add to Gemfile

# Gemfile
gem 'beskar'
2

Install and Migrate

bundle install
bin/rails beskar:install
bin/rails db:migrate
3

Add to User Model

# app/models/user.rb
class User < ApplicationRecord
  include Beskar::SecurityTrackable
  devise :database_authenticatable, :registerable, ...
end
4

Configure (Optional)

Beskar runs in monitor-only mode by default. Review logs for 24-48 hours, then enable blocking:

# config/initializers/beskar.rb
Beskar.configure do |config|
  config.waf = {
    enabled: true,
    monitor_only: false # Enable blocking
  }
end

That's it! Beskar is now protecting your application.

View Full Documentation

Free & Open Source

Beskar is our contribution to the Rails community. Built by Humadroid as part of our commitment to open source security.

MIT
Licensed
100%
Free Forever
Rails
Native Engine
Star on GitHub Report an Issue

Built with ❤️ by the team at Humadroid

Using Beskar in production? We'd love to hear about it. Share your story on GitHub or reach out to us.