Security Simulation
Fire real HTTP requests against Arcjet-protected API routes and watch live decisions stream in. Each panel targets a different Arcjet rule. Stats are shown after each attack run.
3 / 14
Protected Routes
20 req/min
Rate Limit (Upload)
LIVE
Bot Detection
ACTIVE
WAF Shield
All timestamps are in your local time. Each test run is independent.
Rate Limiter Simulation
Fires 20 rapid requests against a 5-req/min bucket
Token Bucket Capacity100%
Bucket refills at 5 tokens / 60s. Requests beyond capacity are denied.
No events yet — run an attack to see live decisions
Bot Detection Probe
Sends 8 requests with varying User-Agents (bot vs human)
Sample Bot Agents
Googlebot/2.1 (+http://www.google.com/bot.html)
curl/7.68.0
python-requests/2.28.1
No events yet — run an attack to see live decisions
WAF / Shield Test
Sends known attack payloads — SQLi, XSS, path traversal
Attack Payloads
' OR '1'='1
<script>alert(1)</script>
../../../etc/passwd
No events yet — run an attack to see live decisions
Full Combined Attack
12-request sequence mixing rate bursts, bot agents, and WAF payloads simultaneously
No events yet — run an attack to see live decisions