abuse-controls — demo stand

If you can see this page, your browser passed the verdict pipeline. A request from curl or python-requests on the same URL would get 403.

Why your browser is allowed

The pipeline computed a TLS-handshake-derived fingerprint for your connection and looked it up in a small seed blocklist. Browser fingerprints are not in the seed; default automation tool fingerprints are. The seed entries are visible at /__admin.

To see your own fingerprint, visit /__fp.

What to try

Action	Expected
Open this page in a browser	`200` (you just did)
`curl -k https://<host>/`	`403`
`python3 -c "import requests; requests.get('https://<host>/', verify=False)"`	`403`
Visit /__fp	Your fp + raw `$ssl_*` components
Visit /__admin	Live counters + blocklist
Visit /metrics	Prometheus scrape text
Bench `wrk -c100 -d10s https://<host>/` vs `wrk -c100 -d10s https://<host>/baseline/`	~32K vs ~40K RPS — the antibot overhead

What this is

This stand runs the production verdict pipeline from abuse-controls (infra/nginx-lua-poc/lua/verdict.lua + dependencies). The code is unit-tested, lint-clean, and documented:

Demo stand spec: infra/demo-stand/README.md.