Skip to content

goware/firewall

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits

_examples/basic

_examples/basic

 
 

cloud-provider-data

cloud-provider-data

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

cloud_provider.go

cloud_provider.go

 
 

firewall.go

firewall.go

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

ip.go

ip.go

 
 

ip_list.go

ip_list.go

 
 

update-cloud-data.sh

update-cloud-data.sh

 
 

Repository files navigation

firewall

Middleware for Blocking IP ranges by inserting CIDR Blocks and searching IPs through those blocks.

Features

  • Easy to use
  • Efficient and Fast
  • Convenient Default option Blocks Major Cloud Providers

Usage

See the full Example

package main

import (
  "net/http"

  "github.com/go-chi/chi/v5"
  "github.com/go-chi/chi/v5/middleware"
  "github.com/goware/firewall"
)

func main() {
    // Create New Router
    r := chi.NewRouter()
    // Create Block list
    // firewall.CloudProviderBlockList() returns a list of string of ip ranges of
    // gcp, aws, azure
    blockList, err := firewall.NewIPList(firewall.CloudProviderBlockList())
    if err != nil {
      panic(err.Error())
    }
    // Add more IP range Blocks to the list
    err = blockList.AppendIPBlocks([]string{"127.0.0.0/1", "::1/128"})
    if err != nil {
      panic(err.Error())
    }
    // Create an allowList
    // if an ip range is in the blocklist ranges, but is inside allowlist
    // then the request is served
    // This is usefull to unblock your own hosted services
    // make allowList with ip addr in cidr notation,
    // so we can insert ip ranges and ip addr
    // refer https://whatismyipaddress.com/cidr
    allowList, err := firewall.NewIPList([]string{"192.168.0.1/32"})
    if err != nil {
      panic(err.Error())
    }
    // fwBlockOverride is a function that is called if 
    // an ip is inside the blocklist, and is not in allowlist
    // this function returns a bool
    // if its true, then the client is approved and served
    fwBlockOverride := func(r *http.Request) bool {
      if r.Header.Get("internal") == "true" {
        return true
      }
      return false
    }
    r.Use(firewall.Firewall(allowList, blockList, fwBlockOverride))
    r.Use(middleware.Logger)
    r.Get("/", func(w http.ResponseWriter, r *http.Request) {
      w.Write([]byte("welcome"))
    })
    http.ListenAndServe(":3000", r)
}

Friendly Tip we get ip address of clients by parsing the list of X-FORWARDED-FOR header, so that we can avoid proxy addresses, to learn more visit: CloudFlare Real IP Also Read: Blog

Credits

  • go-cidranger This middleware is based on this implementation of storing ip ranges in a data structre It makes it very efficient to store ip ranges and check if an ip is in one of those ranges

LICENSE

MIT

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

7 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages