{"id":34852189,"url":"https://github.com/groovy-sky/nlap","last_synced_at":"2026-04-27T02:31:43.079Z","repository":{"id":154469417,"uuid":"624324158","full_name":"groovy-sky/nlap","owner":"groovy-sky","description":"CLI tool for configuring network access of Azure PaaS","archived":false,"fork":false,"pushed_at":"2023-05-31T09:26:49.000Z","size":66,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-27T04:27:34.245Z","etag":null,"topics":["azure","golang","microsoft"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/groovy-sky.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-04-06T08:09:06.000Z","updated_at":"2023-04-26T11:21:15.000Z","dependencies_parsed_at":"2024-03-22T01:45:08.075Z","dependency_job_id":null,"html_url":"https://github.com/groovy-sky/nlap","commit_stats":null,"previous_names":["groovy-sky/net-limit-azure-paas"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/groovy-sky/nlap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/groovy-sky%2Fnlap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/groovy-sky%2Fnlap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/groovy-sky%2Fnlap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/groovy-sky%2Fnlap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/groovy-sky","download_url":"https://codeload.github.com/groovy-sky/nlap/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/groovy-sky%2Fnlap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32320236,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T23:26:28.701Z","status":"online","status_checked_at":"2026-04-27T02:00:06.769Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","golang","microsoft"],"created_at":"2025-12-25T19:26:47.490Z","updated_at":"2026-04-27T02:31:43.033Z","avatar_url":"https://github.com/groovy-sky.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Network Limiter for Azure PaaS\n\n## Overview\n\n![](/logo.svg)\n\nNetwork Limiter for Azure PaaS (aka nlap) is CLI tool, written on Golang, that limits network access to Azure PaaS (Platform-as-a-Service) instances. Under the hood it uses [Azure Go SDK](https://github.com/Azure/azure-sdk-for-go).\n\n## Quick start\n\n### Installation\n\nTo build from scratch you'll need Go \u003e= 1.19. Open the terminal and execute the following command:\n\n```\nexport GOPATH=\"$HOME/go\"\nPATH=\"$GOPATH/bin:$PATH\"\ngo install github.com/groovy-sky/nlap/v2@latest\n```\n\nAnother way how you can get this tool - check the latest version under [releases section](/releases)\n\n### Examples\n\nTo check available commands run the tool with -h flag:\n```\n./nlap -h\n```\n\nBy default, CLI does not overwrite existing rules (if there are any), but append them. As a source, for whitelisting, could be used list of IPs (separated by semicolon) from CLI or/and external URLs with allowed IPs(supports 'https' only). \n\nAdd to allowed IPs a list stored in URL (appends only):\n```\n./nlap set -u \"https://raw.githubusercontent.com/groovy-sky/azure-ip-ranges/main/ip/ApiManagement.WestEurope.txt\" -s \"/subscriptions/\u003csub-id\u003e/resourceGroups/\u003cres-grp\u003e/Microsoft.Storage/storageAccounts/\u003cres-name\u003e\"\n```\n\nAllow to access storage accounts from certain IPs only (existing rules will be removed):\n```\n./nlap set -i \"1.1.1.1;2.2.2.2\" -s \"/subscriptions/\u003csub-id-1\u003e/resourceGroups/\u003cres-grp-1\u003e/Microsoft.Storage/storageAccounts/\u003cres-name-1\u003e;/subscriptions/\u003csub-id-2\u003e/resourceGroups/\u003cres-grp-2\u003e/Microsoft.Storage/storageAccounts/\u003cres-name-2\u003e\" -f\n```\nAppend access with current environment public IP (using external service for showing IP) and enable enhanced security (setup Minimum TLS version to 1.2, no anonymous access to blob containers will be allowed, HTTPS access accepted only):\n\n```\n./nlap set -u \"https://api.ipify.org\" -s \"/subscriptions/\u003csub-id\u003e/resourceGroups/\u003cres-grp\u003e/Microsoft.Storage/storageAccounts/\u003cres-name\u003e\" -e\n```\n\nFully disable access (if you planning to use Private Endpoints only):\n```\n./nlap set -s \"/subscriptions/\u003csub-id\u003e/resourceGroups/\u003cres-grp\u003e/Microsoft.Storage/storageAccounts/\u003cres-name\u003e\" -f \n```\n\n## ToDo\n- [x] Check how it works for V1 Storage\n- [x] Add the possibility to get inputs from the web\n- [] Develop Azure Function, which would trigger by timer and blob modification\n- [x] Implement goroutine for parallel exec\n- [x] Implement force\n- [x] Implement secure mode - force use https only, denies public access etc.\n- [x] Change CLI lib\n- [] Add Windows OS for build\n- [] Add disable public access option with existing rules cleanup\n- [] Add another PaaS service support\n- [] Add get command\n\n## Related materials\n\nhttps://github.com/Azure/azure-sdk-for-go/tree/main/sdk/azidentity\n\nhttps://learn.microsoft.com/en-us/rest/api/\n\nhttps://github.com/Azure/azure-sdk-for-go/blob/main/sdk/storage/azblob/examples_test.go\n\nhttps://github.com/Azure-Samples/azure-sdk-for-go-samples/blob/main/sdk/resourcemanager/resource/resources/main.go\n\nhttps://learn.microsoft.com/en-us/rest/api/storagerp/storage-accounts/get-properties?tabs=Go#storageaccountgetproperties\n\nhttps://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage#section-readme\n\nhttps://learn.microsoft.com/en-us/rest/api/resources/tenants/list?tabs=HTTP\n\nhttps://google.github.io/styleguide/go/","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgroovy-sky%2Fnlap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgroovy-sky%2Fnlap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgroovy-sky%2Fnlap/lists"}