New features to protect your site from AI scrapers and other bots
New bot protection functionality with detection of AI scrapers, bot categories, and an open source list of bot identifiers.
Arcjet changelog of product updates for March 2024.
Arcjet helps developers protect their apps in just a few lines of code. Implement rate limiting, bot protection, email verification & defend against common attacks.
This is the changelog of product updates for March 2024.
We released 2 new JS SDK versions in March: v1.0.0-alpha.9 and v1.0.0-alpha.10.
Our first SDK targeted the Next.js framework so the release of our Node.js SDK broadens our support to all Node.js applications. Whether you're using vanilla node:http
or a framework like Express, you can now protect all Node.js code.
Rate limits can be used to protect endpoints from attack, but are also used to enforce quotas for APIs. In the latter case, you may want to inform users about the remaining limits.
The common approach is to add RateLimit
and RateLimit-Policy
headers as defined by the draft IETF spec. The new @arcjet/decorate
package allows you to easily add those headers to your response.
The aj
instance is usually defined outside of the route handler so it can be created once and stay alive across requests for better performance. Rules are defined when you create the instance, but sometimes you might want to adjust the rule from within the handler e.g. to apply different rules for different users.
The withRule
API (Next.js docs, Node.js docs) now allows you to do this.
We use Arcjet on our own dashboard NextAuth login routes to protect against brute-force attacks, so we created integration guides. There is now documentation for protecting NextAuth 4 and Auth.js 5 login routes and example apps for both.
The requests inspector defaults to showing timestamps in your local timezone, but you can now toggle into UTC. Hover over the timestamp to see the other time. Useful if you're following the rule that all servers should be configured in UTC!
We're now running a Discord server if you want to come by and ask any questions.
And I'll leave you with a notable mention on Twitter:
New bot protection functionality with detection of AI scrapers, bot categories, and an open source list of bot identifiers.
Detect, block, and redact PII locally without sending it to the cloud using Arcjet's sensitive information detection, plus the new integration with LangChain.
Arcjet changelog of product updates for July & August 2024.
Get the full posts by email every week.