SPIP WAF: A web application firewall for SPIP

Posted Wednesday 6 May 2026 by Urs Riggenbach.

Everyone who runs a website and checks their logs can see an increased internet traffic. Much of this new traffic is from dumb AI-bots that send 100s of request per minute, but also vulnerability scanners and automated hacking attacks. Time to do something.

Because we can expect more of this. AI is reducing the cost of finding zero-day exploits and speeding up the time-to-exploit.
We can also see a decrease in the software quality of bots that are deployed by AI companies to ingest the last human-written content on the web. Things that were complicated before used to need an expert, now we see vibe-coded tools in the wild without any expert review. It "works", but at the cost of carbon emissions equivalent to a small rainforest.

That also goes for the whole AI industry at this point.

Anyway, seeing hundreds of requests per minute on my websites downloading the exact same pages over and over again, to train the next AI model, enraged me. What a waste.

If you are harvesting all of humanity knowledge, at least do it... Intelligently?

So.

4 weeks ago I started developing a Web Application Firewall plugin for SPIP (my favorite software to code websites). This WAF identifies automated hacking attacks, and blocks the traffic. It also allows the person running the website to selectively block AI bots.

Within a week another developer from the community joined the project, added features and even picked up some of the todos that I had noted throughout the code. SPIP’s broader community provided encouragement, performance tests, feedback and technical inputs. It was really amazing to be part of a dynamic open source development.

This morning, I recived this amazing feedback:

"We had moved a site from a shared hosting account to the dedicated server where it continued to experience downtime because of exhausted ressources during attack waves.
"Since the SPIP-WAF setup this has stopped and the website is working without interruption.
"Thank you so much Urs for your work. Without you I would have had to figure out filtering at the server level. This would have taken so much time that I would have had to abandon several important projects in favour of my essential tasks which pay my rent.
"Caveat:
"Today’s situation makes it impossible to run ambitious website projects on low end or shared hosting servers which are not compatible with SPIP-WAF [...].
"I regret this because since it’s launch in 2001 SPIP has always been the CMS running on the smallest, least costly or even free LAMP servers available.
"This is always true but any mission critical website now needs SPIP-WAF and all features required to use it.
"Thank you again, Urs, you made my (this and the next 365) day !

It’s truly heartwarming to get this feedback. Thank you klaus++!

For those running SPIP websites, the WAF plugin is under active development, with a stable relase planned in the next weeks.

More info:
 About SPIP: https://www.spip.net/
 SPIP Plugins: https://plugins.spip.net/



Also posted on:
https://www.linkedin.com/posts/ursriggenbach_waf-security-spip-share-7457801852504633344-G_Pm?utm_source=share&utm_medium=member_desktop&rcm=ACoAAALGAJgBzUDuc5Z-yoowpvoNiJRnnItyV28

Latest Posts

On DIY building in wood
 A baker worth noting
 International Women’s Day: An obvious cause...
 Yesterday I was at the UN in Geneva, speaking at the round table for energy sovereignty
 Supporting a 100% Women Powered Solar Bakery Community in Kenya
 Spediteur: WYSIWYG Editor for SPIP

Riggenbach Technologies

Urs Riggenbach
Weissensteinstrasse 76
4500 Solothurn
Switzerland

To get in touch:
Send me an email to mail@ursrig.com