Seamless IP reputation based firewall in the form of an HTTP middleware -- using an IPrepd server as the source of truth
NOTE that full examples can be found in the
/examplesdirectory
- Create a fwmw.Firewall struct with the appropriate configuration
fw := fwmw.Firewall{
// [required] url of the iprepd instance to use
IPrepdURL: os.Getenv("IPREPD_HOST_URL"),
// [required] auth string to authenticate against iprepd
IPrepdAuthStr: os.Getenv("IPREPD_AUTH_STR"),
// [required] reject any ip with reputation below a given score
RejectBelowScore: 100,
// optionally add IPs you wish to unconditionally allow
Whitelist: []net.IP{},
// optionally log all dropped http requests
LogBlocked: true,
// optionally allow any request if there was a problem reaching iprepd
FailOpen: false,
// optionally use non-default http client settings
HTTPClient: &http.Client{Timeout: time.Second * 10},
}
- Wrap your http.Handler with the Wrap() method. The returned http.Handler will only serve requests from IPs which are either whitelisted or have a reputation above the given RejectBelowScore in iprepd.
h := yourHandler()
hProtected := fw.Wrap(h)
err := http.ListenAndServe(":8080", hProtected)
if err != nil {
// handle listen and serve error
}