Skip to content

Seamless IP reputation based application-layer firewall for services written in Go

License

Notifications You must be signed in to change notification settings

adrianosela/iprepd-firewall

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

iprepd-firewall

Go Report Card GitHub issues Documentation license

Seamless IP reputation based firewall in the form of an HTTP middleware -- using an IPrepd server as the source of truth

Usage

NOTE that full examples can be found in the /examples directory

  • Create a fwmw.Firewall struct with the appropriate configuration
fw := fwmw.Firewall{
	// [required] url of the iprepd instance to use
	IPrepdURL: os.Getenv("IPREPD_HOST_URL"),
	
	// [required] auth string to authenticate against iprepd
	IPrepdAuthStr: os.Getenv("IPREPD_AUTH_STR"),
	
	// [required] reject any ip with reputation below a given score
	RejectBelowScore: 100,
	
	// optionally add IPs you wish to unconditionally allow
	Whitelist: []net.IP{},
	
	// optionally log all dropped http requests
	LogBlocked: true,
	
	// optionally allow any request if there was a problem reaching iprepd
	FailOpen: false,
	
	// optionally use non-default http client settings
	HTTPClient: &http.Client{Timeout: time.Second * 10},
}
  • Wrap your http.Handler with the Wrap() method. The returned http.Handler will only serve requests from IPs which are either whitelisted or have a reputation above the given RejectBelowScore in iprepd.
h := yourHandler()
hProtected := fw.Wrap(h)

err := http.ListenAndServe(":8080", hProtected)
if err != nil {
	// handle listen and serve error
}

About

Seamless IP reputation based application-layer firewall for services written in Go

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages