teapot_hacker_isolation

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 1, 2024 License: MIT Imports: 11 Imported by: 0

README

Teapot Hacker Isolation Plugin

This plugin will isolate hackers and intercept requests for hackers that a backend system returns 418 I'm a teapot responses for.

Configuration:

http:
  middlewares:
    teapot-hacker-isolation:
      plugin:
        teapot_hacker_isolation:
  • minInstances 2 requires that the user trigger twice with the expirySeconds timeframe
  • expirySeconds: 2 sets an expiration of knowledge of a given IP to 2 seconds
  • returnCurrentStatusHeader: X-Teapot-Status if set, returns the status to the user (primarily meant for debugging)
  • returnCurrentCountHeader: X-Teapot-Count if set, returns the count of violating items in the timeframe (extends expiration too!)
  • returnCurrentExpiresHeader: X-Teapot-Expires if set, returns when the ban expires (only returned if blocked)
  • storageSystem: Redis can be either Memory or Redis - memory is not meant for more than one instance of Traefik (likely not production)
  • redisHost: 127.0.0.1 is the host/IP to connect to if using storageSystem: Redis
  • redisPort: 6379 is the port if not standard (6379) to connect to if using storageSystem: Redis
  • loggingPrefix: "Teapot -> " is the string that is included in the log output of this plugin
  • triggerOnHeaders: [ "X-Hacker-Detected" ] allows you to specify header(s) to trigger violations on
  • triggerOnStatusCodes: [ 418, 405 ] allows you to specify HTTP status code(s) to trigger violations on
  • blockedStatusCode: 418 if set, this sets the status code returns when a user is blocked (default: 418 I'm a teapot)
  • blockedHeaders: [ "Content-Type: tea/earl-grey" ] if set, this sets headers in the response when a user is blocked
  • blockedBody: This is a coffee shop! if set, this sets the response body string when a user is blocked

Local testing

Powershell Windows:

docker run --rm -it -p 8888:80 `
-v C:\devel\traefik-teapot\:/srv/plugins-local/src/github.com/cdwiegand/teapot-hacker-isolation:ro `
-w /srv `
traefik:3.0 `
--entryPoints.web.address=:80 `
--experimental.localPlugins.teapot_hacker_isolation.modulename=github.com/cdwiegand/teapot-hacker-isolation `
--providers.file.filename=/srv/plugins-local/src/github.com/cdwiegand/teapot-hacker-isolation/testing.traefik.yml `
--api=true `
--api.dashboard=true

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New 

func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error)

for Traefik plugin integration

Types

type Config 

type Config struct {
	MinInstances               int      `json:"minInstances"`
	ExpirySeconds              int      `json:"expirySeconds"`
	ReturnCurrentExpiresHeader string   `json:"returnCurrentExpiresHeader"`
	ReturnCurrentStatusHeader  string   `json:"returnCurrentStatusHeader"`
	ReturnCurrentCountHeader   string   `json:"returnCurrentCountHeader"`
	StorageSystem              string   `json:"storageSystem"`
	RedisHost                  string   `json:"redisHost"`
	RedisPort                  int      `json:"redisPort"`
	LoggingPrefix              string   `json:"loggingPrefix"`
	TriggerOnHeaders           []string `json:"triggerOnHeaders"`
	TriggerOnStatusCodes       []int    `json:"triggerOnStatusCodes"`
	ReturnStatusCodeOnBlock    int      `json:"blockedStatusCode"`
	ReturnBodyOnBlock          string   `json:"blockedBody"`
	ReturnHeadersOnBlock       []string `json:"blockedHeaders"`
}

Config the plugin configuration.

func CreateConfig 

func CreateConfig() *Config

CreateConfig creates the DEFAULT plugin configuration - no access to config yet!

type IStorage 

type IStorage interface {
	GetIpViolations(ip string) StorageItem
	IncrIpViolations(ip string, jailTime time.Duration) StorageItem
}

type MemoryStorage 

type MemoryStorage struct {
	// contains filtered or unexported fields
}

func NewMemoryStorage 

func NewMemoryStorage() *MemoryStorage

func (*MemoryStorage) GetIpViolations 

func (r *MemoryStorage) GetIpViolations(ip string) StorageItem

func (*MemoryStorage) IncrIpViolations 

func (r *MemoryStorage) IncrIpViolations(ip string, jailTime time.Duration) StorageItem

type MyTraefikLogger 

type MyTraefikLogger struct {
	// contains filtered or unexported fields
}

func NewMyTraefikLogger 

func NewMyTraefikLogger(prefix string) *MyTraefikLogger

func (*MyTraefikLogger) Debug 

func (logger *MyTraefikLogger) Debug(message string)

func (*MyTraefikLogger) Debuge 

func (logger *MyTraefikLogger) Debuge(err error, message string)

func (*MyTraefikLogger) Debugef 

func (logger *MyTraefikLogger) Debugef(err error, format string, v ...any)

func (*MyTraefikLogger) Debugf 

func (logger *MyTraefikLogger) Debugf(format string, v ...any)

func (*MyTraefikLogger) Error 

func (logger *MyTraefikLogger) Error(message string)

func (*MyTraefikLogger) Errore 

func (logger *MyTraefikLogger) Errore(err error, message string)

func (*MyTraefikLogger) Erroref 

func (logger *MyTraefikLogger) Erroref(err error, format string, v ...any)

func (*MyTraefikLogger) Errorf 

func (logger *MyTraefikLogger) Errorf(format string, v ...any)

func (*MyTraefikLogger) Info 

func (logger *MyTraefikLogger) Info(message string)

func (*MyTraefikLogger) Infoe 

func (logger *MyTraefikLogger) Infoe(err error, message string)

func (*MyTraefikLogger) Infoef 

func (logger *MyTraefikLogger) Infoef(err error, format string, v ...any)

func (*MyTraefikLogger) Infof 

func (logger *MyTraefikLogger) Infof(format string, v ...any)

func (*MyTraefikLogger) Warn 

func (logger *MyTraefikLogger) Warn(message string)

func (*MyTraefikLogger) Warne 

func (logger *MyTraefikLogger) Warne(err error, message string)

func (*MyTraefikLogger) Warnef 

func (logger *MyTraefikLogger) Warnef(err error, format string, v ...any)

func (*MyTraefikLogger) Warnf 

func (logger *MyTraefikLogger) Warnf(format string, v ...any)

type RedisStorage 

type RedisStorage struct {
	// contains filtered or unexported fields
}

func NewRedisStorage 

func NewRedisStorage(config *Config) (*RedisStorage, error)

func (*RedisStorage) GetIpViolations 

func (r *RedisStorage) GetIpViolations(ip string) StorageItem

func (*RedisStorage) IncrIpViolations 

func (r *RedisStorage) IncrIpViolations(ip string, jailTime time.Duration) StorageItem

type RedisStorageConfig 

type RedisStorageConfig struct {
	Host string `json:"host"`
	Port int    `json:"port"`
}

type StorageItem added in v0.2.0 

type StorageItem struct {
	// contains filtered or unexported fields
}

type TeapotHackerIsolationPlugin 

type TeapotHackerIsolationPlugin struct {
	Config  *Config
	Logger  *log.Logger
	Storage IStorage
	// contains filtered or unexported fields
}

func NewTeapotHackerIsolationPlugin 

func NewTeapotHackerIsolationPlugin(ctx context.Context, next http.Handler, config *Config, name string) (*TeapotHackerIsolationPlugin, error)

for debugging and to get back a strongly typed plugin implementation

func (*TeapotHackerIsolationPlugin) AppendStatusHeaders added in v0.2.0 

func (t *TeapotHackerIsolationPlugin) AppendStatusHeaders(rw http.ResponseWriter, found StorageItem, blocked bool)

func (*TeapotHackerIsolationPlugin) DetectIfHacker 

func (t *TeapotHackerIsolationPlugin) DetectIfHacker(rw2 *http.Response) bool

func (*TeapotHackerIsolationPlugin) ReturnHackerResponse added in v0.2.0 

func (t *TeapotHackerIsolationPlugin) ReturnHackerResponse(rw http.ResponseWriter, found StorageItem)

func (*TeapotHackerIsolationPlugin) ServeHTTP 

func (t *TeapotHackerIsolationPlugin) ServeHTTP(rw http.ResponseWriter, req *http.Request)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.