Security

Glyph11 provides two layers of security:

Parse-time validation — The HardenedParser enforces RFC 9110/9112 syntax rules and resource limits during parsing.
Post-parse validation — The RequestSemantics class detects protocol-level attacks after parsing.

Defense in Depth

Input → [HardenedParser] → [RequestSemantics] → Application
         │                   │
         ├─ Token validation ├─ Smuggling detection
         ├─ Size limits      ├─ Path traversal
         └─ Format checks    └─ Header conflicts

The parser rejects malformed input (invalid characters, oversized fields, missing delimiters). Semantic checks catch valid-but-dangerous patterns like conflicting Content-Length headers or Transfer-Encoding combined with Content-Length.

Parser Limits

Configure resource limits for DoS prevention.

Request Semantics

Post-parse validation for protocol attacks.