We Open-Sourced Our Edge Security. Deploy 1M+ IOCs to Cloudflare in 30 Seconds.

A single-file Cloudflare Worker that blocks known malicious IPs, trolls scanners, and tells you who's visiting — powered by our STIX feed.

We built something for ourselves and decided to give it away.

The Problem

Your firewall rules are static. Your threat intel updates daily — maybe. And between the moment a new IOC is published and the moment it reaches your infrastructure, attackers have a window.

That window is where breaches happen.

What Edge Shield Does

DugganUSA Edge Shield is a Cloudflare Worker. One file. Zero dependencies. It sits between the internet and your origin server and does three things:

1. Blocks Known Threats

The Worker caches our STIX feed — 1M+ indicators of compromise — in memory at the Cloudflare edge. When a known malicious IP hits your site, it gets a 403 before your server ever sees the request.

No firewall rules to update. No lists to maintain. The IOCs refresh automatically.

2. Detects and Trolls Scanners

LeakIX, Censys, Shodan, Nuclei, SQLMap — we know their User-Agents and ASN organizations. When they probe your site, they get this:

{
  "message": "We see you. We indexed you.",
  "your_ip": "68.183.9.16",
  "your_org": "DigitalOcean, LLC",
  "your_city": "Amsterdam",
  "score": "You scored 0/95 on our scanner detection. Congratulations."
}

HTTP 418. I'm a Teapot. Because scanners deserve to know they've been seen.

3. Enriches Every Request

Every clean request passes through to your origin with new headers:

X-CF-City: Minneapolis
X-CF-Region: Minnesota
X-CF-ASN-Org: US Bancorp
X-DugganUSA-Shield: active
X-DugganUSA-IOCs: 47832

You know the city, the state, the organization, and the latitude/longitude of every visitor — without any JavaScript, without any cookies, without any consent banners. It's network-level data that Cloudflare already has.

Why Open Source?

Because the Worker isn't the product. The intelligence is.

The Worker is MIT-licensed. Clone it, modify it, deploy it, sell it. We don't care. What powers it — the 1M+ IOCs, the behavioral scoring, the STIX 2.1 feed with Splunk and OPNsense integration — that's the subscription.

Free tier gets you 48-hour delayed data and one refresh per day. Enough to see the value. Not enough for production security.

Deploy in 30 Seconds

git clone https://github.com/pduggusa/dugganusa-edge-shield.git
cd dugganusa-edge-shield
npx wrangler secret put DUGGANUSA_API_KEY
npx wrangler deploy

Add a route in Cloudflare. Done.

Get your API key →

The SASE Problem (And How We Solved It)

Here's something nobody talks about: if you're blocking traffic by ASN organization, you're probably blocking your own customers.

Zscaler, Netskope, Palo Alto Prisma — every enterprise routes traffic through these SASE proxies. A request from "Zscaler Inc." isn't Zscaler. It's an employee at a Fortune 500 company behind Zscaler's cloud proxy.

Edge Shield explicitly safelists 12 SASE proxy organizations. Your enterprise visitors get through. The actual scanners don't.

What's Next

This is v1.0.0. The Worker will get smarter:

• Real-time IOC streaming (not just hourly cache)

• Bot scoring using behavioral signals

• Geographic anomaly detection

• Custom block/allow rules via API

The repo is at github.com/pduggusa/dugganusa-edge-shield. Star it, fork it, deploy it.

DugganUSA LLC builds threat intelligence tools in Minneapolis. 1M+ IOCs. 42 indexes. One Cloudflare Worker.

The cheapest, fastest, most accurate threat feed on the internet.

275+ enterprises pulling daily. 1M+ IOCs. 17.4M indexed documents. We beat Zscaler by 43 days on NrodeCodeRAT. Starter tier $9/mo — less than any competitor’s sales demo.

Look up an IOC → · Audit your brand on AIPM → · See pricing →