iprepd-firewall

module

v0.0.0-...-0fb52df Latest Latest Go to latest Published: Oct 15, 2022 License: MPL-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

iprepd-firewall

Seamless IP reputation based firewall in the form of an HTTP middleware -- using an IPrepd server as the source of truth

Usage

NOTE that full examples can be found in the /examples directory

Create a fwmw.Firewall struct with the appropriate configuration

fw := fwmw.Firewall{
	// [required] url of the iprepd instance to use
	IPrepdURL: os.Getenv("IPREPD_HOST_URL"),
	
	// [required] auth string to authenticate against iprepd
	IPrepdAuthStr: os.Getenv("IPREPD_AUTH_STR"),
	
	// [required] reject any ip with reputation below a given score
	RejectBelowScore: 100,
	
	// optionally add IPs you wish to unconditionally allow
	Whitelist: []net.IP{},
	
	// optionally log all dropped http requests
	LogBlocked: true,
	
	// optionally allow any request if there was a problem reaching iprepd
	FailOpen: false,
	
	// optionally use non-default http client settings
	HTTPClient: &http.Client{Timeout: time.Second * 10},
}

Wrap your http.Handler with the Wrap() method. The returned http.Handler will only serve requests from IPs which are either whitelisted or have a reputation above the given RejectBelowScore in iprepd.

h := yourHandler()
hProtected := fw.Wrap(h)

err := http.ListenAndServe(":8080", hProtected)
if err != nil {
	// handle listen and serve error
}

Directories ¶

Path	Synopsis
examples
endpoints
whole-server
fwmw

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL