Middleware for Blocking IP ranges by inserting CIDR Blocks and searching IPs through those blocks

firewall

Middleware for Blocking IP ranges by inserting CIDR Blocks and searching IPs through those blocks.

Features

  • Easy to use
  • Efficient and Fast
  • Convenient Default option Blocks Major Cloud Providers

Usage

See the full Example

package main

import (
  "net/http"

  "github.com/go-chi/chi/v5"
  "github.com/go-chi/chi/v5/middleware"
  "github.com/goware/firewall"
)

func main() {
    // Create New Router
    r := chi.NewRouter()
    // Create Block list
    // firewall.CloudProviderBlockList() returns a list of string of ip ranges of
    // gcp, aws, azure
    blockList, err := firewall.NewIPList(firewall.CloudProviderBlockList())
    if err != nil {
      panic(err.Error())
    }
    // Add more IP range Blocks to the list
    err = blockList.AppendIPBlocks([]string{"127.0.0.0/1", "::1/128"})
    if err != nil {
      panic(err.Error())
    }
    // Create an allowList
    // if an ip range is in the blocklist ranges, but is inside allowlist
    // then the request is served
    // This is usefull to unblock your own hosted services
    // make allowList with ip addr in cidr notation,
    // so we can insert ip ranges and ip addr
    // refer https://whatismyipaddress.com/cidr
    allowList, err := firewall.NewIPList([]string{"192.168.0.1/32"})
    if err != nil {
      panic(err.Error())
    }
    // fwBlockOverride is a function that is called if 
    // an ip is inside the blocklist, and is not in allowlist
    // this function returns a bool
    // if its true, then the client is approved and served
    fwBlockOverride := func(r *http.Request) bool {
      if r.Header.Get("internal") == "true" {
        return true
      }
      return false
    }
    r.Use(firewall.Firewall(allowList, blockList, fwBlockOverride))
    r.Use(middleware.Logger)
    r.Get("/", func(w http.ResponseWriter, r *http.Request) {
      w.Write([]byte("welcome"))
    })
    http.ListenAndServe(":3000", r)
}

Friendly Tip we get ip address of clients by parsing the list of X-FORWARDED-FOR header, so that we can avoid proxy addresses, to learn more visit: CloudFlare Real IP Also Read: Blog

Credits

  • go-cidranger This middleware is based on this implementation of storing ip ranges in a data structre It makes it very efficient to store ip ranges and check if an ip is in one of those ranges

LICENSE

MIT

Owner
Golang libraries for everyone
Golang libraries for everyone
https://github.com/goware/firewall
Similar Resources

Netpoll is a high-performance non-blocking I/O networking framework, which focused on RPC scenarios, developed by ByteDance.

Netpoll is a high-performance non-blocking I/O networking framework, which focused on RPC scenarios, developed by ByteDance.

Netpoll is a high-performance non-blocking I/O networking framework, which focused on RPC scenarios, developed by ByteDance. RPC is usually heavy on processing logic and therefore cannot handle I/O serially. But Go's standard library net designed blocking I/O API, so that the RPC framework can only follow the One Conn One Goroutine design.

Jan 2, 2023

High-performance, non-blocking, event-driven, easy-to-use networking framework written in Go, support tls/http1.x/websocket.

High-performance, non-blocking, event-driven, easy-to-use networking framework written in Go, support tls/http1.x/websocket.

Jan 8, 2023

meek is a blocking-resistant pluggable transport for Tor.

meek is a blocking-resistant pluggable transport for Tor. It encodes a data stream as a sequence of HTTPS requests and responses. Requests are reflect

Nov 9, 2021

A Go package for creating contributor list by release, Help full for those organization that use one repository for platform release

This is a Go package which create contributors list by release by scanning across all repository that exist in organisation, Only helpful for those or

Dec 26, 2021

Minecraft noise searching tool written in go

Commotion A minecraft world generation imitation library written in golang. TODO

Aug 7, 2022

A client software for acme-dns with emphasis on usability and guidance through setup and additional security safeguard mechanisms

acme-dns-client A client software for acme-dns with emphasis on usability and guidance through setup and additional security safeguard mechanisms. It

Dec 2, 2022

This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic again and send it to the target of your choice. Unlike most SSL stripping solutions this tool will negotiate ALPN and preserve the negotiated protocol all the way to the target.

ALPN Pass This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic a

Dec 31, 2022

Package telnet provides TELNET and TELNETS client and server implementations, for the Go programming language, in a style similar to the "net/http" library that is part of the Go standard library, including support for "middleware"; TELNETS is secure TELNET, with the TELNET protocol over a secured TLS (or SSL) connection.

go-telnet Package telnet provides TELNET and TELNETS client and server implementations, for the Go programming language. The telnet package provides a

Dec 28, 2022

HTTP API traffic recording and replay middleware based on GoReplay, can be used for migration and refactoring testing

gorc HTTP API traffic recording and replay middleware based on GoReplay, can be used for migration and refactoring testing. English | 中文 Requirements

Feb 13, 2022
Comments
  • [wip] Initial Commit

    [wip] Initial Commit

    Initial Stuff is done, this is still a work in progress, I have to add IPv6 Private Subnets

    Please suggest changes in the code

    I will open issues on stuff that is to do from now in this package

    ToDo:

    • [ ] Add IPv6 Addresses
    • [ ] Write Tests
    • [ ] Write Github Actions to publish tags and pull new IP ranges
    • [ ] Add more cloud Provider Support ( Linode, digital ocean)
Related tags
Network firewall
Fast IP to CIDR lookup in Golang
 Fast IP to CIDR lookup in Golang

cidranger Fast IP to CIDR block(s) lookup using trie in Golang, inspired by IPv4 route lookup linux. Possible use cases include detecting if a IP addr

Dec 30, 2022
Log4Shell is a middleware plugin for Traefik which blocks JNDI attacks based on HTTP header values.

Log4Shell Mitigation Log4Shell is a middleware plugin for Traefik which blocks JNDI attacks based on HTTP header values. Related to the Log4J CVE: htt

Dec 20, 2022
Updating DNS records for dynamically changing IPs via the Cloudflare API

Cloudflare Dynamic IP Server About The Project About The Project Updating DNS re

Dec 24, 2021
Cdn - CDN microservice to upload files to zachlatta.com that only accepts traffic from Tailscale IPs

cdn CDN microservice to upload files to zachlatta.com that only accepts traffic from Tailscale IPs. source code available at https://github.com/zachla

Jun 26, 2022
Whereis - Displays management information for IPs associated with the domain
 Whereis - Displays management information for IPs associated with the domain

"whereis" is Displays management information for IPs associated with the domain.

Jan 7, 2023
🚀Gev is a lightweight, fast non-blocking TCP network library based on Reactor mode. Support custom protocols to quickly and easily build high-performance servers.
🚀Gev is a lightweight, fast non-blocking TCP network library based on Reactor mode. Support custom protocols to quickly and easily build high-performance servers.

gev 中文 | English gev is a lightweight, fast non-blocking TCP network library based on Reactor mode. Support custom protocols to quickly and easily bui

Jan 6, 2023
Portexporter - A HTTP(S) Proxy that registers one or more Gateways across a network boundary and proxies requests to those Gateways

portexporter An HTTP(S) Proxy that registers one or more Gateways across a netwo

Mar 21, 2022
Announces the comings and goings of those it presides over.

Overview Installing Install the herald binary. For the sake of this example, I chose to install it to /usr/local/bin/herald. Create a herald user: # a

Feb 6, 2022
🚀 gnet is a high-performance, lightweight, non-blocking, event-driven networking framework written in pure Go./ gnet 是一个高性能、轻量级、非阻塞的事件驱动 Go 网络框架。
 🚀 gnet is a high-performance, lightweight, non-blocking, event-driven networking framework written in pure Go./ gnet 是一个高性能、轻量级、非阻塞的事件驱动 Go 网络框架。

English | ???? 中文 ?? Introduction gnet is an event-driven networking framework that is fast and lightweight. It makes direct epoll and kqueue syscalls

Jan 2, 2023
Network-wide ads & trackers blocking DNS server
 Network-wide ads & trackers blocking DNS server

Privacy protection center for you and your devices Free and open source, powerful network-wide ads & trackers blocking DNS server. AdGuard.com | Wiki

Dec 31, 2022