acl-proxy

command

v1.4.1 Latest Latest Go to latest Published: Feb 9, 2021 License: MIT Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/schibsted/sebase

Links

Open Source Insights

Documentation ¶

Overview ¶

A privilege separation HTTP proxy

The privilege it's guarding is the permission to talk to the upstream server. Incoming requests are checked against an ACL before forwarded using the configured client certificate, which should be kept private. In addition, the incoming client must authenticate with a separate client certificate that the proxy accepts. This can be done with a simple valid cert check or by specifying an exact common name or key signature.

Thus you can have a certificate with more permissions and this proxy reduces it to a lower set. Obviously the incoming client can't have access to the upstream client certificate file or this is pointless.

The program will exit with status code 10 if it detects that any of the certificates expires. You can use that exit code to detect this condition.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL