networkpolicy
2021-04-09 19:18:25 Author: github.com(查看原文) 阅读量:47 收藏

The package acts as an embeddable configurable container handling allow/deny verdicts over a series of conditions including

  • IPs
  • CIDRs
  • Ports
  • Schemes (eg https, http, ftp)

General usage as allow/deny

The following program prevents the http client to follow targets belonging to the deny list:

Example - General allow/deny list

package main

import (
	"errors"
	"log"
	"net/http"

	"github.com/projectdiscovery/networkpolicy"
)

func main() {
	var npOptions networkpolicy.Options
	// deny connections to localhost
	npOptions.DenyList = append(npOptions.DenyList, "127.0.0.0/8")

	np, err := networkpolicy.New(npOptions)
	if err != nil {
		log.Fatal(err)
	}

	customRedirectHandler := func(req *http.Request, via []*http.Request) error {
		// if at least one address is valid we follow the redirect
		if _, ok := np.ValidateHost(req.Host); ok {
			return nil
		}
		return errors.New("redirected to a forbidden target")
	}

	client := &http.Client{
		CheckRedirect: customRedirectHandler,
	}
	req, err := http.NewRequest(http.MethodGet, "http://yourtarget", nil)
	if err != nil {
		log.Fatal(err)
	}
	resp, err := client.Do(req)
	if err != nil {
		log.Fatal(err)
	}
	log.Println(resp)
}

文章来源: https://github.com/projectdiscovery/networkpolicy
如有侵权请联系:admin#unsafe.sh