Node.js (Next.js standalone)

Install Zen Firewall by Aikido

Install Zen in your project:

npm install --save-exact @aikidosec/firewall

yarn add --exact @aikidosec/firewall

pnpm add --save-exact @aikidosec/firewall

Enable standalone output in next.config.js:

const nextConfig = {
  output: "standalone",
};

Copy the firewall package to the standalone output after build:

mkdir -p .next/standalone/node_modules/@aikidosec
cp -r node_modules/@aikidosec/firewall .next/standalone/node_modules/@aikidosec

Run the standalone server with Zen preloaded:

node -r @aikidosec/firewall .next/standalone/server.js

Start Zen Firewall in dry / detection-only mode

AIKIDO_BLOCK=false AIKIDO_TOKEN=AIK_RUNTIME_ node -r @aikidosec/firewall .next/standalone/server.js

Set the token as an environment variable so the Aikido Zen agent can pick it up. If you don't have a token yet, follow instructions here.

AIKIDO_TOKEN=AIK_RUNTIME_

We recommend to start your app in dry mode to ensure it works as expected without blocking any requests. We advise running Zen Firewall in staging for two weeks to avoid false positives.

AIKIDO_BLOCK=false

Test your app

Browse to your application and perform a couple of actions or open a couple of pages. Zen will automatically discover the routes in your application.

You can verify a working agent by looking at the following pages of your Zen application:

• Events: Should show an "Application started" event.

• Routes: After some time your application routes will start showing here with the method, route and requests.

• Instances: Should show the number of active instances for your application where Zen is installed.

Framework caveats

• User-based rate limiting and manual user blocking are not supported because setUser is not supported in this setup.

• Detection coverage depends on modules being externalized by Next.js bundling behavior.

Setup rate limiting in the dashboard

After you've added the Zen Firewall middleware, you can test it out by logging in to your Aikido account and navigating to the Zen dashboard.

To protect a route from brute force attacks, set up rate limiting in the Aikido Dashboard:

1. Click on the created app.

2. Go to the Routes tab.

3. Find the route you would like to limit and click Setup rate limiting.

4. Follow the instructions to configure the rate limit (e.g., 5 requests per minute).

Verify Rate Limiting

Start your app and try to access the route you've rate limited 5 times within a minute. After the fifth attempt, you should receive a rate limit error:

You are rate limited by Aikido firewall. (Your IP: 1.2.3.4)

Next steps

Congrats you've successfully installed Zen Firewall. If you encountered any problems, have concerns or feature requests, don't hesitate to reach out to support.

You can now go and explore the many features that Zen Firewall provides:

• Blocking Bot traffic with Zen Firewall

• Blocking or Monitoring Tor traffic with Zen Firewall

• Blocking Users with Zen Firewall

• Blocking Known Threat Actors with Zen Firewall

• Blocking Traffic by Country with Zen Firewall

• Setting Up Rate Limiting for Routes

• Monitor Outbound Domains

Additional information:

• Zen Performance & Reliability

• Blocking vs Detection Mode in Zen Firewall

• Understanding Your Zen Statistics