denyip

package module

v1.0.2 Latest Latest Go to latest Published: Jul 1, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/developmentaid-org/denyip

Links

Open Source Insights

README ¶

DenyIP

DenyIP is a middleware plugin for Traefik which accepts IP addresses or IP address ranges and blocks requests originating from those IPs. Supports both IPv4 and IPv6 addresses.

Configuration

Static

In the example below fowardedHeaders.insecure is enabled in order to allow the IP address to be available from proxied requests. In a production environment, you may want to consider using forwardedHeaders.trustedIPs

experimental:
  pilot:
    token: "xxxxx"
  plugins:
    denyip:
      modulename = "github.com/developmentaid-org/denyIP"
      version = "v1.0.0"

entryPoints:
  http:
    address: ":80"
    forwardedHeaders:
      insecure: true

Dynamic

To configure the DenyIP plugin you should create a middleware in your dynamic configuration as explained here. The following example creates and uses the denyip middleware plugin to deny all requests originating from the configured ipDenyList array. ipDenyList will accept:

IPv4 addresses (e.g., 127.0.0.1)
IPv4 CIDR ranges (e.g., 192.168.0.0/24)
IPv6 addresses (e.g., 2001:db8::1)
IPv6 CIDR ranges (e.g., 2001:db8::/32)

Note: Providing invalid ip addresses or ranges in ipDenyList will cause an error and the plugin will not load.

http:
  # Add the router
  routers:
    my-router:
      entryPoints:
      - http
      middlewares:
      - denyip
      service: service-foo
      rule: Path(`/foo`)

  # Add the middleware
  middlewares:
    denyip:
      plugin:
        ipDenyList:
          # IPv4 examples
          - 24.0.0.0/12
          - 127.0.0.1
          # IPv6 examples
          - 2001:db8::/32
          - 2001:db8::1
          # ... rest of your deny list ...

  # Add the service
  services:
    service-foo:
      loadBalancer:
        servers:
        - url: http://localhost:5000/

Documentation ¶

Overview ¶

Package denyip - middleware for denying request based on IP. Supports both IPv4 and IPv6 addresses in both single IP and CIDR notation.

Index ¶

func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error)
type Checker
- func NewChecker(deniedIPs []string) (*Checker, error)
- func (ip *Checker) Contains(addr string) (bool, error)
- func (ip *Checker) ContainsIP(addr net.IP) bool
type Config
- func CreateConfig() *Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func New ¶

func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error)

New creates a new DenyIP plugin.

Types ¶

type Checker ¶

type Checker struct {
	// contains filtered or unexported fields
}

Checker allows to check that addresses are in a denied IPs.

func NewChecker ¶

func NewChecker(deniedIPs []string) (*Checker, error)

NewChecker builds a new Checker given a list of CIDR-Strings to denied IPs.

func (*Checker) Contains ¶

func (ip *Checker) Contains(addr string) (bool, error)

Contains checks if provided address is in the denied IPs.

func (*Checker) ContainsIP ¶

func (ip *Checker) ContainsIP(addr net.IP) bool

ContainsIP checks if provided address is in the denied IPs.

type Config ¶

type Config struct {
	IPDenyList []string `json:"ipDenyList,omitempty"`
}

Config the plugin configuration.

func CreateConfig ¶

func CreateConfig() *Config

CreateConfig creates the default plugin configuration.

Source Files ¶

View all Source files

denyip.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL