https://github.com/imgurbot12/httpf

Dead Simple HTTP Reverse Proxy Firewall.
https://github.com/imgurbot12/httpf

firewall http http-server rust waf

Last synced: 7 months ago
JSON representation

Dead Simple HTTP Reverse Proxy Firewall.

• Host: GitHub
• URL: https://github.com/imgurbot12/httpf
• Owner: imgurbot12
• Created: 2024-08-07T23:26:55.000Z (over 1 year ago)
• Default Branch: master
• Last Pushed: 2025-06-25T23:57:40.000Z (10 months ago)
• Last Synced: 2025-06-26T00:25:48.755Z (10 months ago)
• Topics: firewall, http, http-server, rust, waf
• Language: Rust
• Homepage:
• Size: 119 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
httpf

-----

Dead Simple HTTP Reverse Proxy Firewall.

### Features:

  - Blazingly Fast 🔥

  - Simple and Easy Reverse Proxy

  - Stupid Easy IP Whitelist/Blacklist

  - Simple Fail2Ban Integration

### Install

```bash

$ cargo install --path .

```

### Quick Start

1. Configure `httpf.yaml` to specify your listener, protected resolution,

and firewall options.

```yaml

---

listen:

  host: '127.0.0.1' # httpf listener host

  port: 8001        # httpf listener port

# protected resources that valid requests resolve to

resolve:

  default:

    - https://example.com

  # write glob rules for host specific resolution

  '*.example.com':

    - https://www.example.com

# useful if httpf is behind another proxy (only allow headers you trust)

proxy:

  trust_headers:   false

  trusted_headers: ['cf-connecting-ip']

# permanent and cached blacklist/whitelist entries

firewall:

  database:  'httpf.db'

  blacklist: []

  # whitelist: ['127.0.0.1']

# block & ratelimit access rules

controls:

  - path: '/'

    match: ['1.2.3.4', '1.2.4.0/24']

    action:

      type: 'block'

  # javascript challenge to filter bots

  - path: '/'

    skip:  ['/robots.txt', '/api/']

    match: ['all']

    action:

      type: 'challenge'

  # nginx style matchers for denying/allowing access per ip

  # https://www.digitalocean.com/community/tutorials/nginx-location-directive

  - path: '= /limit'

    match: ['all']

    action:

      type:  'ratelimit'

      limit: 30 # requests/second

```

2. Run httpf:

```bash

$ httpf

```

### Fail2Ban Setup

Declare a new Fail2ban Action via `/etc/fail2ban/action.d/httpf.conf`

```

[Definition]

actionstart =

actionstop =

actioncheck =

actionban = httpf blacklist add 

actionunban = httpf blacklist remove 

```

Configure your jail of choice in `/etc/fail2ban/jail.d/`

and include: `action = httpf`