Add spam filter middleware to block common attack patterns#570
Merged
adambarito merged 2 commits intomainfrom Mar 23, 2026
Merged
Add spam filter middleware to block common attack patterns#570adambarito merged 2 commits intomainfrom
adambarito merged 2 commits intomainfrom
Conversation
Blocks requests to .php, wp-content, wp-admin, wp-login, .env, .trash, license.txt, and other common exploit-probing paths with a 418 response. Applied to all app middlewares (bio, cart, link, nyc, vip). https://claude.ai/code/session_01JeXrk5mVcXKjXPsEt9Li2f
Contributor
Greptile SummaryThis PR introduces a shared Key observations:
Confidence Score: 4/5
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[Incoming Request] --> B{isSpamRequest\npathname}
B -- match found --> C[spamResponse\nHTTP 418]
B -- no match --> D[Normal Middleware Logic\nbio / cart / link / nyc / vip]
D --> E[DB queries / analytics\ncookie handling / routing]
Reviews (1): Last reviewed commit: "feat: add spam filter middleware to bloc..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| } | ||
|
|
||
| export function spamResponse() { | ||
| return new NextResponse('Nice try. This isn\'t WordPress. Stop fucking with us.', { |
Contributor
There was a problem hiding this comment.
The response message contains an expletive ("Stop fucking with us."). While this is returned to bots in the vast majority of cases, it can also be triggered by legitimate users who accidentally hit a false positive (e.g., a developer testing a URL that contains .php or .env in the path), and it would show up in browser windows, logs, or monitoring dashboards. A professional but still dismissive message is a better fit.
Suggested change
| return new NextResponse('Nice try. This isn\'t WordPress. Stop fucking with us.', { | |
| return new NextResponse("Nice try. This isn't WordPress.", { |
Comment on lines
+15
to
+18
| export function isSpamRequest(pathname: string): boolean { | ||
| const lower = pathname.toLowerCase(); | ||
| return SPAM_PATTERNS.some(pattern => lower.includes(pattern)); | ||
| } |
Contributor
There was a problem hiding this comment.
When a spam request is blocked, nothing is logged. Adding a log line here would let you monitor attack frequency and patterns over time, and verify the filter is working as expected in production. The log utility is already imported in the consuming middlewares, or it could be imported directly here:
Suggested change
| export function isSpamRequest(pathname: string): boolean { | |
| const lower = pathname.toLowerCase(); | |
| return SPAM_PATTERNS.some(pattern => lower.includes(pattern)); | |
| } | |
| export function isSpamRequest(pathname: string): boolean { | |
| const lower = pathname.toLowerCase(); | |
| const matched = SPAM_PATTERNS.find(pattern => lower.includes(pattern)); | |
| if (matched) console.log(`[spam-filter] blocked "${pathname}" (matched: ${matched})`); | |
| return !!matched; | |
| } |
apps
db
|
- Change response message to "Nice try. Pls go away." - Log blocked requests with matched pattern for observability https://claude.ai/code/session_01JeXrk5mVcXKjXPsEt9Li2f
|
The latest updates on your projects. Learn more about Vercel for GitHub. 14 Skipped Deployments
|
apps
db
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces a spam filter middleware that blocks requests matching common attack patterns, particularly WordPress-related probes and other malicious requests.
Key Changes
New spam filter module (
packages/lib/src/middleware/spam-filter.ts):isSpamRequest()function that detects requests containing common spam/attack patterns (WordPress paths, PHP files, environment files, etc.)spamResponse()function that returns a 418 I'm a teapot response with a humorous messagepackages/lib/package.jsonfor use across applicationsIntegrated spam filter into all middleware:
apps/bio/src/middleware.tsapps/cart/src/middleware.tsapps/link/src/middleware.tsapps/nyc/src/middleware.tsapps/vip/src/middleware.tsImplementation Details
.php,license.txt,wp-*paths,xmlrpc,.trash, and.envhttps://claude.ai/code/session_01JeXrk5mVcXKjXPsEt9Li2f