baffle-hub/README.md

Baffle Hub

Rails 8 WAF analytics and automated rule management system

Baffle Hub provides intelligent Web Application Firewall (WAF) analytics with automated rule generation. It combines real-time threat detection with SQLite-based local storage for ultra-fast request filtering.

Features

• Real-time Analytics - Process WAF events and detect attack patterns
• Automated Rule Generation - Create rules automatically from threat intelligence
• Fast Local Storage - SQLite for sub-millisecond request evaluation
• Forward Auth Integration - Compatible with Caddy, Traefik, and NGINX
• Docker Ready - Containerized deployment with Kamal

Quick Start

Prerequisites

• Ruby 3.x
• PostgreSQL 14+
• Docker (optional)

Installation

# Clone the repository
git clone <repository-url>
cd baffle-hub

# Install dependencies
bundle install

# Copy environment files
cp .env.example .env

# Setup database
rails db:create db:migrate

# Start the server
rails server

With Docker

# Build and run
docker-compose up -d

Architecture

Request → Reverse Proxy → Baffle (SQLite check) → Decision
                            ↓
                    Async analytics processing
                            ↓
                    Pattern detection → New rules

Configuration

Key environment variables:

• DATABASE_URL - PostgreSQL connection string
• RAILS_ENV - Environment (development/production)
• SECRET_KEY_BASE - Rails secret key

API Endpoints

• POST /api/:project_id/events - Ingest WAF events
• GET /projects/:id - View project analytics
• GET /dashboard - Analytics dashboard

Deployment

Deploy with Kamal:

# Setup deployment
kamal setup

# Deploy to production
kamal deploy

Development

# Run tests
rails test

# Run background jobs
rails jobs:work

# View analytics
rails console

License

MIT License - see LICENSE file for details.