Axon

Bot protection on the edge with Cloudflare - analyzing web requests in real-time with zero infrastructure to manage. Deploy globally in seconds and scale automatically without touching a single server

Comment

Axon - Project Story

Inspiration

I wanted to build something with Cloudflare because honestly, I don't know much about it and it looks really cool. As someone deeply interested in cybersecurity, the idea of running AI-powered security analysis directly on the edge—detecting attacks in real-time without traditional infrastructure—was too compelling to pass up.

I'm also relatively new to Python development and still learning the fundamentals of building apps with proper version control on GitHub. For this project, I relied heavily on Claude Code and GitHub Copilot to help with the actual coding while I focused on understanding the architecture and security concepts. This felt like the perfect opportunity to level up my skills while building something genuinely useful.

What it does

Axon is real-time bot detection that runs at the edge, not in your data center.

Traditional bot detection systems require expensive servers, introduce latency, and create single points of failure. Axon flips this model entirely by running AI-powered traffic classification on Cloudflare's global edge network—no servers, no infrastructure to manage, globally distributed by default.

Every incoming HTTP request is analyzed in real-time. Axon extracts features like path entropy, user-agent patterns, and attack signatures to classify traffic as legitimate or malicious. It detects SQL injection, path traversal, XSS attempts, WordPress exploits, and other common attack patterns, all with confidence scoring.

What makes it different:

  • Zero infrastructure: Runs entirely on Cloudflare Workers—deploy globally in seconds with no servers to manage
  • Real-time visibility: WebSocket-powered dashboard streams live traffic classifications as they happen
  • Edge-native performance: Sub-millisecond classification with no added latency
  • Production-ready: Complete REST API for analytics, D1 database for persistent logging, and comprehensive test suite

The technical stack:

Built with Python Workers, Durable Objects for WebSocket coordination, D1 for persistent storage, and a heuristic classifier that's designed to be replaced with ML models trained on real attack data. Every single component runs on the edge—there are no traditional servers anywhere in the architecture.

Real-world impact:

Security teams get instant visibility into attack patterns without managing any infrastructure. The same system that blocks attacks also generates training data for continuous improvement. And because it runs on Cloudflare's edge network, it automatically scales to handle traffic spikes without any configuration.

How we built it

I started by brainstorming with Claude to narrow down the scope to something achievable in a weekend hackathon. Once we had the concept locked in, Claude helped me lay out a realistic timeline for building each component.

For data collection, I set up two traffic sources: a cloud-hosted Linux box running as a honeypot, and a bot deployed on Cloudflare to attract real-world attack traffic. Claude assisted with creating the real-time WebSocket dashboard and handling the deployment to Cloudflare Workers.

To demonstrate the system for the video, I wrote a script that generates various types of legitimate and malicious traffic patterns. While the ML model training is still in progress, I plan to finish it this week—not just for the hackathon, but because I genuinely want the learning experience.

Claude helped write all the documentation, and I generated the project logo using Leonardo.ai.

Challenges we ran into

Data collection setup: Getting the cloud-hosted Linux honeypot configured correctly took some trial and error, but once it was running properly, it collected a substantial amount of real attack data over several nights.

pywrangler installation: Installing and configuring pywrangler was more challenging than expected. I'm not entirely sure if this was due to my inexperience or because the tool is relatively new, but it required some troubleshooting to get working properly.

Worker configuration: Getting the .toml configuration files correct for the Cloudflare Workers took multiple iterations. The binding configuration for D1 and Durable Objects was particularly tricky to get right.

Git disaster recovery: At one point I accidentally merged in the wrong direction and deleted everything. Thankfully, with Claude's help, I was able to recover all the code from Git history. This was a valuable (if stressful) lesson in version control!

Accomplishments that we're proud of

This is my first hackathon submission ever. I've participated in other hackathons before, but this is the first time I've actually finished and submitted a complete project.

Beyond that milestone, I'm proud of building a working, production-ready security tool that runs entirely on edge infrastructure. The real-time dashboard looks great, the API works smoothly, and the detection actually catches real attack patterns. It feels good to have built something that could genuinely be useful.

What we learned

I learned a tremendous amount about Cloudflare's edge platform—Workers, Durable Objects, D1 databases, and how to architect applications that run entirely on distributed edge infrastructure. This was completely new territory for me.

I also leveled up significantly on Git workflows and version control best practices. After the merge disaster (and recovery), I now understand the importance of frequent commits, meaningful commit messages, and careful branch management. The recovery process taught me more about Git internals than any tutorial could have.

On the Python development side, building a complete application with proper structure, testing, and documentation helped solidify concepts I'd only read about before. Working with Claude Code and Copilot showed me how to leverage AI tools effectively while still understanding what the code is doing.

What's next for Axon

Immediate plans:

I'm going to complete the ML model training phase and deploy it to Cloudflare Workers AI. I have real attack data collected over several nights, so I'm excited to see how a trained model compares to the heuristic-based classifier.

Experimental idea:

I have a Raspberry Pi sitting around, and I'm curious whether I can run Axon's detection code on it as a local edge device. It would be interesting to see if the same architecture that works on Cloudflare's global edge can work on a literal edge device in a home network.

Long-term vision:

If the ML model works well, I'd like to add automatic retraining capabilities so the system improves over time based on the traffic it sees. I'm also interested in building out webhook notifications for security teams and exploring multi-tenancy support for protecting multiple applications with a single Axon deployment.

Built With

Share this project:

Updates