The product
Dhal is an open-source, application-native web application firewall and request-security middleware for Node.js. It runs inside the application request path, where route, identity, body, response, and operational context are available.
It is designed to complement edge, CDN, network, authentication, authorization, validation, and infrastructure controls—not replace them.
The engineering problem
External security layers can stop broad classes of malicious traffic, but often lack the context required to distinguish one application route, user, tenant, API key, request body, or business action from another.
Dhal brings deterministic controls closer to the application while preserving a monitor-first rollout model and production evidence for every enforcement decision.
Core capabilities
- Express, Fastify, raw
node:http, and core-engine integrations. - Route-aware policy and operating modes.
- IP controls, reputation, rate limiting, and shared Redis or Valkey counters.
- SQL injection, XSS, traversal, SSRF, RCE, SSTI, probe, and API-security controls.
- Bot, automation, honeypot, and credential-stuffing detection.
- Identity-aware enforcement using user, tenant, route, IP, and API-key context.
- Structured events, signed telemetry, OpenTelemetry integration, and replay testing.
- Diagnostics, readiness checks, compatibility metadata, SBOMs, and release artifacts.
Controlled adoption
Dhal starts safely in monitor mode. Teams can inspect wouldBlock decisions, tune route profiles and suppressions, validate latency and false positives, and then enable blocking selectively on higher-risk routes.
This approach keeps security rollout observable and reversible instead of forcing an immediate all-or-nothing switch.
Stable v1
The public v1 release established a frozen compatibility contract, lifecycle controls, distributed stores, diagnostics, signed telemetry, supply-chain artifacts, and production documentation.
The roadmap continues with additional framework adapters, OpenAPI inspection, resource budgets, rule bundles, metrics, Redis resilience, and optional cloud-connected capabilities.
Role within Rokad
Dhal is both a maintained public security product and a practical expression of Rokad's application-security, Node.js, observability, DevSecOps, and production-engineering capability.