https://github.com/adrianosela/iprepd-firewall

Seamless IP reputation based application-layer firewall for services written in Go
https://github.com/adrianosela/iprepd-firewall

Last synced: 2 months ago
JSON representation

Seamless IP reputation based application-layer firewall for services written in Go

• Host: GitHub
• URL: https://github.com/adrianosela/iprepd-firewall
• Owner: adrianosela
• License: mpl-2.0
• Created: 2019-07-15T00:44:44.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2022-10-15T18:11:12.000Z (over 2 years ago)
• Last Synced: 2025-03-29T06:03:10.910Z (3 months ago)
• Language: Go
• Homepage:
• Size: 38.1 KB
• Stars: 4
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# iprepd-firewall

[![Go Report Card](https://goreportcard.com/badge/github.com/adrianosela/iprepd-firewall)](https://goreportcard.com/report/github.com/adrianosela/iprepd-firewall)

[![GitHub issues](https://img.shields.io/github/issues/adrianosela/iprepd-firewall.svg)](https://github.com/adrianosela/iprepd-firewall/issues)

[![Documentation](https://godoc.org/github.com/adrianosela/iprepd-firewall/fwmw?status.svg)](https://godoc.org/github.com/adrianosela/iprepd-firewall/fwmw)

[![license](https://img.shields.io/github/license/adrianosela/iprepd-firewall.svg)](https://github.com/adrianosela/iprepd-firewall/blob/master/LICENSE)

Seamless IP reputation based firewall in the form of an HTTP middleware -- using an [IPrepd](https://github.com/mozilla-services/iprepd) server as the source of truth

### Usage

> **NOTE** that full examples can be found in the ```/examples``` directory

* Create a [fwmw.Firewall](https://godoc.org/github.com/adrianosela/iprepd-firewall/fwmw#Firewall) struct with the appropriate configuration

```

fw := fwmw.Firewall{

	// [required] url of the iprepd instance to use

	IPrepdURL: os.Getenv("IPREPD_HOST_URL"),

	

	// [required] auth string to authenticate against iprepd

	IPrepdAuthStr: os.Getenv("IPREPD_AUTH_STR"),

	

	// [required] reject any ip with reputation below a given score

	RejectBelowScore: 100,

	

	// optionally add IPs you wish to unconditionally allow

	Whitelist: []net.IP{},

	

	// optionally log all dropped http requests

	LogBlocked: true,

	

	// optionally allow any request if there was a problem reaching iprepd

	FailOpen: false,

	

	// optionally use non-default http client settings

	HTTPClient: &http.Client{Timeout: time.Second * 10},

}

```

* Wrap your [http.Handler](https://golang.org/pkg/net/http/#Handler) with the [Wrap()](https://godoc.org/github.com/adrianosela/iprepd-firewall/fwmw#Firewall.Wrap) method. The returned http.Handler will only serve requests from IPs which are either whitelisted or have a reputation above the given RejectBelowScore in iprepd.

```

h := yourHandler()

hProtected := fw.Wrap(h)

err := http.ListenAndServe(":8080", hProtected)

if err != nil {

	// handle listen and serve error

}

```