All notable changes to this project will be documented in this file.

0.1.0

  • Initial release: Rbtz.WAF plug — halts scanner probes with an early plain 404 before the router. Rules: invalid UTF-8 / null-byte segments, dot segments (except /.well-known/*), scanner extensions (.php, .asp, .jsp, .cgi, and variants), and wp-* / wordpress / phpmyadmin / cgi-bin first segments. Supports :allow_prefixes to exempt routes that serve arbitrary external paths.