CloFix Core API | Security Engine

01 What is CloFix Core API?

CloFix Core API is the security engine that powers the entire CloFix ecosystem. It provides:

Protect your forms from SQL Injection, XSS, CSRF, and other OWASP Top 10 attacks.

Domain-based licensing, IP whitelisting, monthly quota, and feature-based access control.

Instant threat detection and blocking with sub-millisecond latency.

Create custom security rules in JSON, Lua, Python, JavaScript, or Go.

02 Use Cases - All Frameworks

Integrate CloFix Core API with any framework in minutes. Here's how:

🌐

HTML + JavaScript

One-line CDN integration for any HTML page.

<script src="https://clofix.com/api/clofix-waf.js"></script>


<form data-waf-protected>
<input type="text" name="email">
<button type="submit">Submit</button>
</form>

⚛️

React.js

Protect your React forms with a custom hook.

// Install: npm install @clofix/react
import { useCloFixWAF } from '@clofix/react';

function LoginForm() {
    const { validate, loading } = useCloFixWAF({
        domain: 'example.com'
    });

    const handleSubmit = async (data) => {
        const result = await validate('login', data);
        if (result.allowed) { // Submit }
    };
}

▲

Next.js

Protect your Next.js forms with SSR support.

// Install: npm install @clofix/next
import { useCloFixWAF } from '@clofix/next';

export function LoginPage() {
    const { validate, isReady } = useCloFixWAF({
        domain: 'example.com',
        apiUrl: process.env.NEXT_PUBLIC_API_URL
    });

    const handleSubmit = async (e) => {
        e.preventDefault();
        const result = await validate(formData);
        if (result.allowed) { // Submit }
    };
}

🟢

Vue.js

Protect your Vue forms with a composable.

// Install: npm install @clofix/vue
<script setup>
import { useCloFixWAF } from '@clofix/vue';

const { validate, loading } = useCloFixWAF({
    domain: 'example.com'
});

const handleSubmit = async (data) => {
    const result = await validate('login', data);
    if (result.allowed) { // Submit }
};
</script>

🅰️

Angular

Protect your Angular forms with a service.

// Install: npm install @clofix/angular
import { Injectable } from '@angular/core';
import { CloFixWAF } from '@clofix/angular';

@Injectable({ providedIn: 'root' })
export class SecurityService {
    constructor() {
        this.waf = new CloFixWAF({
            domain: 'example.com'
        });
    }

    async validate(data: any) {
        return await this.waf.validate('login', data);
    }
}

⚡

Svelte

Protect your Svelte forms with a store.

<script>
    import { clofix } from '@clofix/svelte';

    let email, password;

    async function handleSubmit() {
        const result = await clofix.validate('login', { email, password });
        if (result.allowed) { // Submit }
    }
</script>

🟡

Laravel (PHP)

Protect your Laravel routes with middleware.

// Install: composer require clofix/laravel
// app/Http/Middleware/CloFixWAF.php
public function handle($request, $next) {
    $response = CloFix::validate($request);
    if (!$response->allowed) {
        return response()->json([
            'error' => $response->reason
        ], 403);
    }
    return $next($request);
}

🐍

Python Django

Protect your Django views with middleware.

# Install: pip install clofix-django
# middleware.py
from clofix import CloFixWAF

class CloFixMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response
        self.waf = CloFixWAF(domain='example.com')

    def __call__(self, request):
        response = self.waf.validate(request)
        if not response.allowed:
            return JsonResponse({'error': response.reason}, status=403)
        return self.get_response(request)

☕

Spring Boot (Java)

Protect your Spring Boot endpoints with filter.

// Install: implementation 'com.clofix:spring-boot-starter'
@Component
public class CloFixFilter implements Filter {
    private CloFixWAF waf;

    @Override
    public void doFilter(ServletRequest request,
        ServletResponse response, FilterChain chain) {
        ValidationResult result = waf.validate(request);
        if (!result.isAllowed()) {
            ((HttpServletResponse) response).setStatus(403);
            return;
        }
        chain.doFilter(request, response);
    }
}

🔷

Kotlin (Ktor)

Protect your Ktor routes with interceptor.

// Install: implementation 'com.clofix:ktor-clofix'
fun Application.module() {
    install(CloFixWAF) {
        domain = "example.com"
        apiUrl = "https://api.clofix.com"
    }

    routing {
        post("/login") {
            val result = call.validate()
            if (result.allowed) {
                // Process login
            }
        }
    }
}

🔵

.NET (C#)

Protect your .NET endpoints with middleware.

// Install: dotnet add package CloFix.NET
public class CloFixMiddleware {
    private readonly RequestDelegate _next;
    private readonly CloFixWAF _waf;

    public async Task InvokeAsync(HttpContext context) {
        var result = await _waf.ValidateAsync(context);
        if (!result.Allowed) {
            context.Response.StatusCode = 403;
            await context.Response.WriteAsync(result.Reason);
            return;
        }
        await _next(context);
    }
}

📱

Flutter (Dart)

Protect your Flutter app with HTTP interceptor.

// Install: flutter pub add clofix_flutter
import 'package:clofix_flutter/clofix_flutter.dart';

class CloFixInterceptor extends Interceptor {
    final CloFixWAF waf = CloFixWAF(domain: 'example.com');

    @override
    Future onRequest(RequestOptions options,
        RequestInterceptorHandler handler) async {
        final result = await waf.validate(options);
        if (!result.allowed) {
            throw DioError('Blocked');
        }
        handler.next(options);
    }
}

🚀 Quick Integration
✅ One-Line Setup - Add the script tag to your HTML
✅ Framework Agnostic - Works with all frameworks
✅ Auto Domain Detection - No configuration needed
✅ Zero Configuration - Just add data-waf-protected to your forms

03 Core Features

Feature	Description
`Form Protection`	Protects forms from SQL Injection, XSS, CSRF, and other attacks
`License Management`	Domain-based, IP whitelisting, quota, feature-based access
`Real-time Detection`	Instant threat detection and blocking
`Custom Security Rules`	Create custom rules in JSON, Lua, Python, JavaScript, or Go
`Auto-Reload`	Automatic reload on script changes
`Multi-Language Support`	JSON, Lua, Python, JavaScript, Go, YAML

04 License Management

License Configuration Example

{
    "license_key": "CLOFIX-ACME-001",
    "plan": "enterprise",
    "organization_name": "Acme-Corporation",
    "email": "admin@acme.com",
    "allowed_ips": ["0.0.0.0/0"],
    "allowed_domains": ["*.acme.com"],
    "nano_agent_connect": "0.0.0.0/0, ::1, 127.0.0.1",
    "expire_date": "2036-12-31",
    "total_monthly_requests": 1000000,
    "max_agents": 100,
    "features": ["waf", "challenge_page", "rate_limit", "bot_detection"],
    "status": "active",
    "challenge_mode": "cloud"
}

05 Form Protection

CloFix Core API protects your forms from:

Prevents SQL injection attacks on all form inputs.

Blocks cross-site scripting attempts.

Prevents cross-site request forgery attacks.

Blocks command injection attempts.

06 Integration

JavaScript Client Integration

// JavaScript Client Integration
const waf = new CloFixWAF({
    apiUrl: 'https://api.clofix.com',
    debug: true
});

// Protect a form
document.querySelector('form').addEventListener('submit', async (e) => {
    e.preventDefault();
    const formData = new FormData(e.target);
    const data = {};
    formData.forEach((value, key) => { data[key] = value; });
    
    const result = await waf.verify('login', data);
    if (result.allowed) {
        // Submit form normally
        e.target.submit();
    } else {
        alert('Security check failed: ' + result.reason);
    }
});

07 Frequently Asked Questions - Everything you need to know

❓ What is CloFix Core API?
It's the security engine that powers CloFix WAF with license management, form protection, and real-time threat detection. It acts as the central brain that validates all incoming requests and applies security rules.

❓ What languages are supported?
CloFix Core API supports multiple scripting languages for custom security rules: JSON, Lua, Python, JavaScript (Node.js), Go plugins, and YAML. You can write rules in the language you're most comfortable with.

❓ How does license management work?
License management includes:

✅ Domain-based licensing - Protect specific domains
✅ IP whitelisting - Allow only trusted IPs
✅ Monthly quota - Control request limits
✅ Feature-based access - Enable/disable features per license

❓ Is there a free trial?
Yes! We offer a 14-day free trial with 5 domains included. No credit card required. Contact us to get started.

❓ Can I use it with any framework?
Absolutely! CloFix Core API works with:

✅ Frontend - React, Vue, Angular, Next.js, Svelte, HTML/JS
✅ Backend - Laravel, Django, Spring Boot, .NET, Kotlin
✅ Mobile - Flutter, React Native

❓ How does form protection work?
Protects forms from:

🛡️ SQL Injection - Blocks malicious SQL queries
🛡️ XSS - Prevents cross-site scripting
🛡️ CSRF - Stops cross-site request forgery
🛡️ Command Injection - Blocks OS command attacks

❓ Can I create custom security rules?
Yes! You can create custom rules using:

✅ JSON - Simple rule-based configuration
✅ Lua/Python/JS - Complex logic with full programming power
✅ Go Plugins - High-performance custom modules

❓ What happens if the API server is down?
The system enters fallback mode:

🔄 Bypass - Allow all requests (high availability)
🔄 Cache Only - Use cached decisions
🔄 Deny - Block all requests (maximum security)

❓ How do I integrate with my existing app?
Integration is simple:

✅ Frontend - Add <script src="https://clofix.com/api/clofix-waf.js"></script>
✅ Backend - Install package and add middleware
✅ API - Call /api/v1/validate endpoint

❓ Does it support Kubernetes/Cloud?
Yes! CloFix Core API is cloud-native:

☸️ Kubernetes - DaemonSet, Ingress, Sidecar
☁️ AWS - ALB, ECS, Lambda
🐳 Docker - Containerized deployment

❓ Is there a free tier for small projects?
Yes! We offer:

🎯 Community Edition - Free forever with 1 domain
🎯 Startup Plan - $5/month with 5 domains
🎯 Custom Pricing - For enterprise needs

❓ How is it different from Cloudflare?
CloFix Core API offers:

✅ Self-hosted option - Full control over your data
✅ Custom rules - Write rules in your preferred language
✅ Lower cost - Up to 70% cheaper for the same features
✅ Local support - Direct access to engineering team

💬 Still have questions?
Our team is here to help you!