Going through SOC 2 compliance for Humadroid made me realize there’s a gap in Rails security - between basic authentication and actually sleeping at night.

Beskar is a Rails engine that fills that gap with layered protection:

• WAF that detects vulnerability scanning patterns (WordPress, config files, path traversal)
• Impossible travel detection using geolocation and Haversine calculations
• Smart rate limiting that identifies attack patterns (brute force, credential stuffing, distributed attacks)
• Risk-based account locking with automatic responses
• Persistent IP banning with escalating durations

Named after Mandalorian armor because security should come in layers.

Installation is deliberately simple - drop it in your Gemfile, run the installer, add one line to your User model. Runs in monitor-only mode by default so you can tune thresholds before blocking real traffic.

Full disclosure: mostly vibe-coded, currently running in monitor mode on my own app because I’m not quite paranoid enough to trust my own paranoia gem in full blocking mode yet.

Open source, MIT licensed.

Learn more: https://humadroid.io/beskar
GitHub: https://github.com/humadroid-io/beskar
Backstory: https://maciej.litwiniuk.net/posts/2025-10-16-beskar-announcement/