{"id":23974432,"url":"https://github.com/cperciva/imds-filterd","last_synced_at":"2025-04-13T22:24:56.906Z","repository":{"id":54645907,"uuid":"235910533","full_name":"cperciva/imds-filterd","owner":"cperciva","description":"Intercepts and filters requests to the EC2 Instance Metadata Service","archived":false,"fork":false,"pushed_at":"2021-02-06T07:02:14.000Z","size":110,"stargazers_count":71,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-06T06:37:42.656Z","etag":null,"topics":["ec2","ec2-instance-metadata","instance-metadata","security","security-hardening"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cperciva.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-01-24T00:01:39.000Z","updated_at":"2024-10-08T18:54:12.000Z","dependencies_parsed_at":"2022-08-13T22:40:30.900Z","dependency_job_id":null,"html_url":"https://github.com/cperciva/imds-filterd","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cperciva%2Fimds-filterd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cperciva%2Fimds-filterd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cperciva%2Fimds-filterd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cperciva%2Fimds-filterd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cperciva","download_url":"https://codeload.github.com/cperciva/imds-filterd/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248790032,"owners_count":21161934,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ec2","ec2-instance-metadata","instance-metadata","security","security-hardening"],"created_at":"2025-01-07T05:35:57.675Z","updated_at":"2025-04-13T22:24:56.877Z","avatar_url":"https://github.com/cperciva.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"imds-filterd\n============\n\n**`imds-filterd`** (pronounced \"I M D S Filter D\") is a pair of utilities\nwhich work together to intercept and filter requests to the EC2 Instance\nMetadata Service -- or theoretically any other service at 169.254.169.254:80.\n\nIt validates requests against a configured ruleset which specifies whether\ngiven users and groups should be allowed or denied access to certain prefixes\nin the Instance Metadata Service.  For example, \"root\" could be granted\naccess to everything; most unprivileged users granted access to everything\nexcept IAM role credentials; but the www user denied access to the entire\nInstance Metadata Service in order to guard against SSRF and similar attacks.\n\nAt present this code only works on FreeBSD; we hope to support other\nplatforms (e.g., Linux) in the future.  (Send patches!)\n\nCode layout\n-----------\n\n```\nimds-filterd/*  -- Privileged code\n  main.c        -- Initialization and event loop\n  netconfig.c   -- Gathers information about the network configuration (e.g.\n                   where and how to access the IMDS).\n  tunsetup.c    -- Creates a virtualized environment and creates tunnels used\n                   to redirect packets in and out of it.\n  packets.c     -- Pushes packets in and out of the virtualized environment.\n  conns.c       -- Provides a mechanism for imds-proxy to connect to the IMDS.\n  ident.c       -- Provides an \"ident\" service used by imds-proxy.\nimds-proxy/*    -- Unprivileged filtering HTTP proxy\n  main.c        -- Command line parsing, initialization, and connection\n                   acceptance.\n  conf.c        -- Reads the configuration and performs queries against it.\n  http.c        -- Handles an HTTP connection (possibly forwarding it).\n  ident.c       -- Uses imds-filterd to determine the source of a request.\n  request.c     -- Parses an HTTP request.\n  uri2path.c    -- Extracts and normalizes the path from a Request-URI.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcperciva%2Fimds-filterd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcperciva%2Fimds-filterd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcperciva%2Fimds-filterd/lists"}