Skip to content

Latest commit

 

History

History
51 lines (36 loc) · 2.13 KB

README.md

File metadata and controls

51 lines (36 loc) · 2.13 KB

iprepd-firewall

Go Report Card GitHub issues Documentation license

Seamless IP reputation based firewall in the form of an HTTP middleware -- using an IPrepd server as the source of truth

Usage

NOTE that full examples can be found in the /examples directory

  • Create a fwmw.Firewall struct with the appropriate configuration
fw := fwmw.Firewall{
	// [required] url of the iprepd instance to use
	IPrepdURL: os.Getenv("IPREPD_HOST_URL"),
	
	// [required] auth string to authenticate against iprepd
	IPrepdAuthStr: os.Getenv("IPREPD_AUTH_STR"),
	
	// [required] reject any ip with reputation below a given score
	RejectBelowScore: 100,
	
	// optionally add IPs you wish to unconditionally allow
	Whitelist: []net.IP{},
	
	// optionally log all dropped http requests
	LogBlocked: true,
	
	// optionally allow any request if there was a problem reaching iprepd
	FailOpen: false,
	
	// optionally use non-default http client settings
	HTTPClient: &http.Client{Timeout: time.Second * 10},
}
  • Wrap your http.Handler with the Wrap() method. The returned http.Handler will only serve requests from IPs which are either whitelisted or have a reputation above the given RejectBelowScore in iprepd.
h := yourHandler()
hProtected := fw.Wrap(h)

err := http.ListenAndServe(":8080", hProtected)
if err != nil {
	// handle listen and serve error
}