Skip to main content
by shop owners, for shop owners

PARC Security — open-source module for Magento protection

by shop owners for shop owners.

Our open-source module that protects Magento shops from bots, scrapers and known attackers via curated blacklists, IP groups and rules.

PARC Security is our own open-source module. It complements the WAF and the firewall with a Magento-aware layer: curated blacklists, IP groups and rules that keep known attackers, bots and scrapers out — right in the context of the shop.

View the module on GitHub

What the module does

PARC Security sits between the pure network/WAF layer and the Magento application. While WAF and firewall work generically, PARC Security knows the Magento context — which routes are sensitive, which bots are legitimate (e.g. Google) and which aren’t.

  • Blacklist matching: incoming requests are checked against curated IP blacklists.
  • IP groups: grouping of address ranges (e.g. known scraper networks, hosting providers, Tor exit nodes) into groups with their own rules.
  • Rule set: per group/list, definable whether to block, throttle or just log.

Which lists & sources are tapped

The module draws its data from several publicly recognised threat-intelligence sources as well as our own observations. Typical categories:

  • IP reputation / abuse lists — known attacker IPs, spam sources, compromised hosts.
  • Bot & scraper lists — distinguishing legitimate search-engine bots from unwanted scrapers / fake crawlers.
  • Hosting & datacenter ranges — traffic from data centres posing as end customers.
  • Our own observations — patterns we see operating our own shops feed back into the rule set.

(Note: concrete feed sources and update intervals will be added here.)

Why our own module

  • Magento context: generic WAFs don’t know that /checkout should be treated differently from a static CMS page. PARC Security does.
  • Open source: transparently inspectable, no black box, no vendor lock-in. You can review the module on GitHub and use it yourself.
  • Part of our defense in depth: it comes in addition to WAF and firewall, not instead of them.

Deployment

The module is part of our standard architecture (shown in the diagram as a dedicated “PARC Security” component), but can also be integrated independently into existing Magento installations.

Get in touch