- XSS protection and SQL injection prevention built into the core - Rate limiting with IP tracking and automatic blocking - Comprehensive security headers (CSP, HSTS, CORS) - Multi-threaded architecture with connection pooling - Zero-copy file serving for performance - 100% test coverage with integration tests - Pure C99, no external dependencies beyond POSIX
The goal was to create a web server that's secure by default and easy to audit (under 2000 lines of C). All security features are enabled out of the box with sensible defaults.
GitHub: https://github.com/erson/misewe
I am looking for feedback, especially on the security implementation and test coverage. The code is MIT-licensed.