Skip to main content

Snakeway

CICoverageTestsIntegration Tests

A programmable reverse proxy built on Pingora. Configure routing, middleware, TLS, and traffic policy with HCL. Extend behavior with WebAssembly devices.

Get StartedConfiguration

Device Pipeline

Requests pass through a composable pipeline of devices. Each device inspects or transforms the request at a well-defined point in the lifecycle. Builtin devices handle identity resolution, network policy, rate limiting, and request filtering.

Protocol Safety

Request smuggling detection (CL.TE, TE.CL, duplicate Content-Length), header normalization, body size enforcement, and Content-Length validation run automatically on every request.

TLS Automation

ACME certificate issuance and renewal via HTTP-01 challenges. Supports Let's Encrypt and compatible CAs. Manual TLS configuration is also available for environments that manage certificates externally.

WebAssembly Extensibility

Write custom devices in any language that compiles to WASM. Devices run in a sandboxed environment with access to request context. The WIT interface defines the contract between the proxy and user code.

Observability

Structured logging with field-selectable identity signals, OpenTelemetry tracing, and an admin API for health checks, upstream status, traffic statistics, and configuration reload.

HCL Configuration

Configuration is split across focused files: server settings, ingress definitions, and device pipelines. Validation runs at load time with clear error messages and source locations.