# Checkpoint Security Gateway > High-performance, TypeScript-based security gateway with advanced threat detection, behavioral analysis, and adaptive protection. **Features:** - ๐Ÿ” **Checkpoint Security:** Proof-of-work (PoW) and proof-of-space-time (PoST) challenges for suspicious traffic - ๐Ÿ›ก๏ธ **Web Application Firewall:** Advanced pattern matching against SQL injection, XSS, command injection, and more - ๐ŸŒŽ **IP & Geo-Filtering:** Block or allow traffic based on country, continent, or ASN using MaxMind GeoIP2 - ๐Ÿ”€ **Reverse Proxy:** High-performance request forwarding with WebSocket support - ๐Ÿง  **Behavioral Detection:** ML-inspired pattern recognition with adaptive scoring - ๐Ÿ“Š **Threat Scoring:** Real-time risk assessment with configurable thresholds - ๐Ÿค– **Bot Verification:** Identifies and handles good bots vs malicious automation - ๐Ÿงฉ **Plugin Architecture:** Modular design for easy extension and customization - ๐Ÿ“‚ **Data Persistence:** Secure token storage with LevelDB + TTL and HMAC protection ## ๐Ÿš€ Quick Start 1. **Clone the repository** ```bash git clone https://git.caileb.com/Caileb/Checkpoint.git cd Checkpoint ``` 2. **Install dependencies** ```bash npm install ``` 3. **Set up configuration files** ```bash cp config/*.toml.example config/*.toml ``` 4. **Configure your settings** - Edit TOML files in `config/` directory - Set proxy mappings in `proxy.toml` - Configure security rules in `waf.toml` - Adjust thresholds in `threat-scoring.toml` 5. **Development mode** ```bash npm run dev ``` 6. **Production mode** ```bash npm start ``` 7. **Daemonize with PM2** ```bash npm run daemon # Start in background npm run stop # Stop daemon npm run restart # Restart daemon npm run logs # View logs ``` ## โš™๏ธ Configuration All settings are stored in TOML files within the `config/` directory: - `checkpoint.toml` โ€” Proof-of-work parameters, token storage, exclusion rules - `waf.toml` โ€” Web Application Firewall rules, scoring, and bot verification - `behavioral-detection.toml` โ€” Pattern detection rules and correlations - `proxy.toml` โ€” Hostname-to-backend mappings, timeouts, and body size limits - `ipfilter.toml` โ€” Geographic and network filtering with MaxMind integration - `threat-scoring.toml` โ€” Advanced scoring thresholds and feature weights ### Environment Variables - `PORT` โ€” Server port (default: 3000) - `NODE_ENV` โ€” Environment mode (production/development) - `MAXMIND_ACCOUNT_ID` โ€” MaxMind account ID for GeoIP databases - `MAXMIND_LICENSE_KEY` โ€” MaxMind license key - `MAX_BODY_SIZE` โ€” Request body size limit (default: 10mb) - `MAX_BODY_SIZE_MB` โ€” WAF body size limit in MB (default: 10) ## ๐Ÿ“‚ Project Structure ```plaintext . โ”œโ”€โ”€ config/ # TOML configuration files โ”œโ”€โ”€ data/ # Runtime data (secrets, downloads) โ”œโ”€โ”€ db/ # LevelDB token stores โ”œโ”€โ”€ pages/ # Static assets and UI templates โ”‚ โ”œโ”€โ”€ interstitial/ # Proof-of-work challenge pages โ”‚ โ”œโ”€โ”€ ipfilter/ # Custom geo-block pages โ”‚ โ””โ”€โ”€ dashboard/ # Admin dashboard (if enabled) โ”œโ”€โ”€ src/ # TypeScript source code โ”‚ โ”œโ”€โ”€ plugins/ # Plugin modules โ”‚ โ”‚ โ”œโ”€โ”€ ipfilter.ts # Geographic filtering โ”‚ โ”‚ โ””โ”€โ”€ waf.ts # Web Application Firewall โ”‚ โ”œโ”€โ”€ utils/ # Utility modules โ”‚ โ”‚ โ”œโ”€โ”€ behavioral-detection.ts โ”‚ โ”‚ โ”œโ”€โ”€ behavioral-middleware.ts โ”‚ โ”‚ โ”œโ”€โ”€ bot-verification.ts โ”‚ โ”‚ โ”œโ”€โ”€ cache-utils.ts โ”‚ โ”‚ โ”œโ”€โ”€ logs.ts โ”‚ โ”‚ โ”œโ”€โ”€ network.ts โ”‚ โ”‚ โ”œโ”€โ”€ performance.ts โ”‚ โ”‚ โ”œโ”€โ”€ plugins.ts โ”‚ โ”‚ โ”œโ”€โ”€ proof.ts โ”‚ โ”‚ โ”œโ”€โ”€ threat-scoring/ โ”‚ โ”‚ โ””โ”€โ”€ time.ts โ”‚ โ”œโ”€โ”€ checkpoint.ts # Checkpoint security middleware โ”‚ โ”œโ”€โ”€ index.ts # Main application entry โ”‚ โ””โ”€โ”€ proxy.ts # Reverse proxy implementation โ”œโ”€โ”€ dist/ # Compiled JavaScript (generated) โ”œโ”€โ”€ .tests/ # Test files โ”œโ”€โ”€ docker-compose-synology.yml โ”œโ”€โ”€ Dockerfile โ”œโ”€โ”€ jest.config.cjs โ”œโ”€โ”€ package.json โ”œโ”€โ”€ tsconfig.json โ””โ”€โ”€ README.md ``` ## ๐Ÿ—๏ธ Architecture The gateway processes requests through a layered security pipeline: 1. **Pre-filtering** โ€” Request exclusion rules 2. **IP Filter** โ€” Geographic and ASN-based blocking 3. **WAF** โ€” Pattern matching and attack detection 4. **Behavioral Detection** โ€” Cross-request pattern analysis 5. **Threat Scoring** โ€” Aggregate risk assessment 6. **Checkpoint** โ€” Challenge suspicious requests 7. **Proxy** โ€” Forward legitimate traffic to backends ## ๐Ÿ”’ Security Features ### Web Application Firewall - SQL injection detection with evasion handling - XSS prevention across multiple vectors - Command injection blocking - Path traversal protection - XXE and SSRF prevention - Bot detection and verification ### Behavioral Analysis - Request pattern tracking - Rate limit enforcement - Geo-velocity detection - User agent consistency checks - Automated attack pattern recognition ### Threat Scoring Engine - Real-time risk calculation - Adaptive thresholds - Feature extraction from multiple sources - Configurable scoring weights - Automatic severity classification ## ๐Ÿ“Š Default Security Thresholds **Critical Threats (Immediate Block):** - `javascript:` URLs โ€” Score: 100+ - `