ring-firewall-middleware.core

Liking cljdoc? Tell your friends :D

Clojure only.

default-client-ident^clj

(default-client-ident request)

source

default-deny-handler^clj

(default-deny-handler request)

(default-deny-handler request respond raise)

Provides a default ring response for users who didn't meet the firewall requirements.

Provides a default ring response for users who didn't meet the firewall requirements.

source raw docstring

default-deny-limit-handler^clj

(default-deny-limit-handler request)

(default-deny-limit-handler request respond raise)

Provides a default ring response for users who didn't meet the firewall requirements.

Provides a default ring response for users who didn't meet the firewall requirements.

source raw docstring

get-forwarded-ip-addresses^clj

(get-forwarded-ip-addresses request)

Gets all the forwarded ip addresses from a request.

Gets all the forwarded ip addresses from a request.

source raw docstring

honored-proxy-headers^clj

source

in-cidr-range?^clj

(in-cidr-range? cidr client-ip)

Is a given client ip within a given cidr range?

Is a given client ip within a given cidr range?

source raw docstring

in-cidr-ranges?^clj

(in-cidr-ranges? cidr-ranges ip-address)

Is a given ip address in one of the provided cidr ranges?

Is a given ip address in one of the provided cidr ranges?

source raw docstring

private-address?^clj

(private-address? ip-address)

Is this a private ip address as defined by RFC 1918 or RFC 4193?

Is this a private ip address as defined by RFC 1918 or RFC 4193?

source raw docstring

public-address?^clj

(public-address? ip-address)

Is this not a private ip address as defined by RFC 1918 or RFC 4193?

Is this not a private ip address as defined by RFC 1918 or RFC 4193?

source raw docstring

public-ipv4-subnets^clj

source

public-ipv6-subnets^clj

source

public-subnets^clj

source

request-matches?^clj

(request-matches? request access-list)

Does the ring request satisfy the access list?

Does the ring request satisfy the access list?

source raw docstring

wrap-allow-ips^clj

(wrap-allow-ips handler)

(wrap-allow-ips handler
                {:keys [allow-list deny-handler]
                 :or {allow-list private-subnets
                      deny-handler default-deny-handler}})

Protect a ring handler with source ip authentication. Your allow-list ranges must cover any permitted clients as well as any intermediate proxy servers. The default allow-list ranges cover the entire internal network space as defined by RFC 1918 and RFC 4193.

allow-list - cidr ranges collection that, if matched, will result in an allowed request. optionally provide a ref type in which case it will be dereferenced before use.

deny-handler - a function of a ring request that returns a ring response in the event of a denied request.

Protect a ring handler with source ip authentication. Your allow-list ranges must cover
any permitted clients as well as any intermediate proxy servers. The default allow-list
ranges cover the entire internal network space as defined by RFC 1918 and RFC 4193.

allow-list    - cidr ranges collection that, if matched, will result in an allowed request. optionally
               provide a ref type in which case it will be dereferenced before use.

deny-handler - a function of a ring request that returns a ring response in the event of a denied request.

source raw docstring

wrap-concurrency-limit^clj

(wrap-concurrency-limit handler)

(wrap-concurrency-limit handler
                        {:keys [max-concurrent deny-handler ident-fn]
                         :or {max-concurrent 1
                              deny-handler default-deny-limit-handler
                              ident-fn (constantly :world)}})

Protect a ring handler against excessive concurrency. New requests after the concurrency limit is already saturated will receive a denied response.

max-concurrent - the maximum number of requests to be handled concurrently deny-handler - a function of a ring request that returns a ring response in the event of a denied request. ident-fn - a function of a request returning an opaque identifier by which to identify the semaphore. defaults to a global limit (shared by all clients) but you may set it to ring-firewall-middleware.core/default-client-ident to implement a per-ip limit instead or else write your own function to set it to some other group of clients like those representing one (of many) tenants.

Protect a ring handler against excessive concurrency. New requests
after the concurrency limit is already saturated will receive a
denied response.

max-concurrent - the maximum number of requests to be handled concurrently
deny-handler   - a function of a ring request that returns a ring response in the event of a denied request.
ident-fn       - a function of a request returning an opaque identifier by which to identify the
                 semaphore. defaults to a global limit (shared by all clients) but you may set it to
                 ring-firewall-middleware.core/default-client-ident to implement a per-ip limit
                 instead or else write your own function to set it to some other group of clients
                 like those representing one (of many) tenants.

source raw docstring

wrap-concurrency-throttle^clj

(wrap-concurrency-throttle handler)

(wrap-concurrency-throttle handler
                           {:keys [max-concurrent ident-fn]
                            :or {max-concurrent 1
                                 ident-fn (constantly :world)}})

Protect a ring handler against excessive concurrency. New requests after the concurrency limit is already saturated will block until a slot is available.

max-concurrent - the maximum number of requests to be handled concurrently ident-fn - a function of a request returning an opaque identifier by which to identify the semaphore. defaults to a global limit (shared by all clients) but you may set it to ring-firewall-middleware.core/default-client-ident to implement a per-ip limit instead or else write your own function to set it to some other group of clients like those representing one (of many) tenants.

Protect a ring handler against excessive concurrency. New requests
after the concurrency limit is already saturated will block until
a slot is available.

max-concurrent - the maximum number of requests to be handled concurrently
ident-fn       - a function of a request returning an opaque identifier by which to identify the
                 semaphore. defaults to a global limit (shared by all clients) but you may set it to
                 ring-firewall-middleware.core/default-client-ident to implement a per-ip limit
                 instead or else write your own function to set it to some other group of clients
                 like those representing one (of many) tenants.

source raw docstring

wrap-deny-ips^clj

(wrap-deny-ips handler)

(wrap-deny-ips handler
               {:keys [deny-list deny-handler]
                :or {deny-list public-subnets
                     deny-handler default-deny-handler}})

Protect a ring handler with source ip authentication. Your deny-list ranges must cover any forbidden clients / proxy servers. The default deny-list ranges cover the entire internal public network space.

deny-list - cidr ranges collection that, if matched, will result in a denied request. optionally provide a ref type in which case it will be dereferenced before use.

deny-handler - a function of a ring request that returns a ring response in the event of a denied request.

Protect a ring handler with source ip authentication. Your deny-list ranges must cover
any forbidden clients / proxy servers. The default deny-list ranges cover the entire internal
public network space.

deny-list    - cidr ranges collection that, if matched, will result in a denied request. optionally
               provide a ref type in which case it will be dereferenced before use.

deny-handler - a function of a ring request that returns a ring response in the event of a denied request.

source raw docstring

wrap-rate-limit^clj

(wrap-rate-limit handler)

(wrap-rate-limit handler
                 {:keys [max-requests period deny-handler ident-fn]
                  :or {max-requests 100
                       period 60000
                       ident-fn (constantly :world)
                       deny-handler default-deny-limit-handler}})

Protect a ring handler against excessive calls. New requests that would exceed the rate limit will receive a denied response.

max-requests - the maximum number of requests allowed within the time period. deny-handler - a function of a ring request that returns a ring response in the event of a denied request. period - the span of the sliding window (in milliseconds) over which requests are counted. ident-fn - a function of a request returning an opaque identifier by which to identify the rate limiter. defaults to a global limit (shared by all clients) but you may set it to ring-firewall-middleware.core/default-client-ident to implement a per-ip limit instead or else write your own function to set it to some other group of clients like those representing one (of many) tenants.

Protect a ring handler against excessive calls. New requests
that would exceed the rate limit will receive a denied response.

max-requests - the maximum number of requests allowed within the time period.
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
period       - the span of the sliding window (in milliseconds) over which requests are counted.
ident-fn     - a function of a request returning an opaque identifier by which to identify the
               rate limiter. defaults to a global limit (shared by all clients) but you may set it to
               ring-firewall-middleware.core/default-client-ident to implement a per-ip limit
               instead or else write your own function to set it to some other group of clients
               like those representing one (of many) tenants.

source raw docstring

wrap-rate-throttle^clj

(wrap-rate-throttle handler)

(wrap-rate-throttle
  handler
  {:keys [max-requests period ident-fn]
   :or {max-requests 100 period 60000 ident-fn (constantly :world)}})

Protect a ring handler against excessive calls. New requests that would exceed the rate limit will block until making them would no longer exceed the rate limit.

max-requests - the maximum number of requests allowed within the time period. period - the span of the sliding window (in milliseconds) over which requests are counted. ident-fn - a function of a request returning an opaque identifier by which to identify the rate limiter. defaults to a global limit (shared by all clients) but you may set it to ring-firewall-middleware.core/default-client-ident to implement a per-ip limit instead or else write your own function to set it to some other group of clients like those representing one (of many) tenants.

Protect a ring handler against excessive calls. New requests
that would exceed the rate limit will block until making
them would no longer exceed the rate limit.

max-requests - the maximum number of requests allowed within the time period.
period       - the span of the sliding window (in milliseconds) over which requests are counted.
ident-fn     - a function of a request returning an opaque identifier by which to identify the
               rate limiter. defaults to a global limit (shared by all clients) but you may set it to
               ring-firewall-middleware.core/default-client-ident to implement a per-ip limit
               instead or else write your own function to set it to some other group of clients
               like those representing one (of many) tenants.

source raw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

Keyboard shortcuts Report a problem cljdoc on GitHub

× close