firewall

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 2, 2021 License: MIT Imports: 10 Imported by: 0

README

firewall

Middleware for Blocking IP ranges by inserting CIDR Blocks and searching IPs through those blocks.

Features

  • Easy to use
  • Efficient and Fast
  • Convenient Default option Blocks Major Cloud Providers

Usage

See the full Example

package main

import (
  "net/http"

  "github.com/go-chi/chi/v5"
  "github.com/go-chi/chi/v5/middleware"
  "github.com/goware/firewall"
)

func main() {
    // Create New Router
    r := chi.NewRouter()
    // Create Block list
    // firewall.CloudProviderBlockList() returns a list of string of ip ranges of
    // gcp, aws, azure
    blockList, err := firewall.NewIPList(firewall.CloudProviderBlockList())
    if err != nil {
      panic(err.Error())
    }
    // Add more IP range Blocks to the list
    err = blockList.AppendIPBlocks([]string{"127.0.0.0/1", "::1/128"})
    if err != nil {
      panic(err.Error())
    }
    // Create an allowList
    // if an ip range is in the blocklist ranges, but is inside allowlist
    // then the request is served
    // This is usefull to unblock your own hosted services
    // make allowList with ip addr in cidr notation,
    // so we can insert ip ranges and ip addr
    // refer https://whatismyipaddress.com/cidr
    allowList, err := firewall.NewIPList([]string{"192.168.0.1/32"})
    if err != nil {
      panic(err.Error())
    }
    // fwBlockOverride is a function that is called if 
    // an ip is inside the blocklist, and is not in allowlist
    // this function returns a bool
    // if its true, then the client is approved and served
    fwBlockOverride := func(r *http.Request) bool {
      if r.Header.Get("internal") == "true" {
        return true
      }
      return false
    }
    r.Use(firewall.Firewall(allowList, blockList, fwBlockOverride))
    r.Use(middleware.Logger)
    r.Get("/", func(w http.ResponseWriter, r *http.Request) {
      w.Write([]byte("welcome"))
    })
    http.ListenAndServe(":3000", r)
}

Friendly Tip we get ip address of clients by parsing the list of X-FORWARDED-FOR header, so that we can avoid proxy addresses, to learn more visit: CloudFlare Real IP Also Read: Blog

Credits

  • go-cidranger This middleware is based on this implementation of storing ip ranges in a data structre It makes it very efficient to store ip ranges and check if an ip is in one of those ranges

LICENSE

MIT

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CloudProviderBlockList 

func CloudProviderBlockList() (blockList []string)

CloudProviderBlockList returns a slice of IP Ranges of aws, azure and gcp

func Firewall 

func Firewall(allowList *IPList, blockList *IPList, fwBlockOverride func(r *http.Request) bool) func(http.Handler) http.Handler

Types

type IPList 

type IPList struct {
	cidranger.Ranger
}

IPList inherits from cidranger.Ranger credits github.com/libp2p/go-cidranger

func NewIPList 

func NewIPList(IPBlocks []string) (*IPList, error)

NewIPList returns a new IPList with inserted CIDR Ranges

func (*IPList) AppendIPBlocks 

func (bl *IPList) AppendIPBlocks(IPBlocks []string) error

AppendIPBlocks Appends more CIDR Ranges to the IPList Struct

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.