A WAF engine similar to Cloudflare's would be super neat as a native Railway feature. It could have customizable rules that filter traffic based on pre-determined conditions and rejects them before they even reach our Railway services.

I saw in the recent Next.js vulnerability awareness post and it said that you guys already have an internal WAF, I think it could be a very nice feature if it were polished up and made available to customize.