ring-firewall-middleware.core
default-forbidden-handlerclj
(default-forbidden-handler request)(default-forbidden-handler request respond raise)Provides a default ring response for users who didn't meet the firewall requirements.
Provides a default ring response for users who didn't meet the firewall requirements.
default-limited-handlerclj
(default-limited-handler request)(default-limited-handler request respond raise)Provides a default ring response for users who exceeded the imposed limit.
Provides a default ring response for users who exceeded the imposed limit.
wrap-allow-ipsclj
(wrap-allow-ips handler)(wrap-allow-ips handler
{:keys [allow-list deny-handler]
:or {allow-list cidr/private-subnets
deny-handler default-forbidden-handler}})Protect a ring handler with source ip authentication. Your allow-list ranges must cover any permitted clients as well as any intermediate proxy servers. The default allow-list ranges cover the entire internal network space as defined by RFC 1918 and RFC 4193.
allow-list - cidr ranges collection that, if matched, will result in an allowed request. optionally provide a ref type in which case it will be dereferenced before use.
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
Protect a ring handler with source ip authentication. Your allow-list ranges must cover
any permitted clients as well as any intermediate proxy servers. The default allow-list
ranges cover the entire internal network space as defined by RFC 1918 and RFC 4193.
allow-list - cidr ranges collection that, if matched, will result in an allowed request. optionally
provide a ref type in which case it will be dereferenced before use.
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
wrap-concurrency-limitclj
(wrap-concurrency-limit handler)(wrap-concurrency-limit handler
{:keys [max-concurrent deny-handler ident-fn]
:or {max-concurrent 1
deny-handler default-limited-handler
ident-fn (constantly :world)}})Protect a ring handler against excessive concurrency. New requests after the concurrency limit is already saturated will receive a denied response.
max-concurrent - the maximum number of requests to be handled concurrently deny-handler - a function of a ring request that returns a ring response in the event of a denied request. ident-fn - a function of a request returning an opaque identifier by which to identify the semaphore. defaults to a global limit (shared by all clients) but you may set it to ring-firewall-middleware.core/default-client-ident to implement a per-ip limit instead or else write your own function to set it to some other group of clients like those representing one (of many) tenants.
Protect a ring handler against excessive concurrency. New requests
after the concurrency limit is already saturated will receive a
denied response.
max-concurrent - the maximum number of requests to be handled concurrently
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
ident-fn - a function of a request returning an opaque identifier by which to identify the
semaphore. defaults to a global limit (shared by all clients) but you may set it to
ring-firewall-middleware.core/default-client-ident to implement a per-ip limit
instead or else write your own function to set it to some other group of clients
like those representing one (of many) tenants.
wrap-concurrency-throttleclj
(wrap-concurrency-throttle handler)(wrap-concurrency-throttle handler
{:keys [max-concurrent ident-fn]
:or {max-concurrent 1
ident-fn (constantly :world)}})Protect a ring handler against excessive concurrency. New requests after the concurrency limit is already saturated will block until a slot is available.
max-concurrent - the maximum number of requests to be handled concurrently ident-fn - a function of a request returning an opaque identifier by which to identify the semaphore. defaults to a global limit (shared by all clients) but you may set it to ring-firewall-middleware.core/default-client-ident to implement a per-ip limit instead or else write your own function to set it to some other group of clients like those representing one (of many) tenants.
Protect a ring handler against excessive concurrency. New requests
after the concurrency limit is already saturated will block until
a slot is available.
max-concurrent - the maximum number of requests to be handled concurrently
ident-fn - a function of a request returning an opaque identifier by which to identify the
semaphore. defaults to a global limit (shared by all clients) but you may set it to
ring-firewall-middleware.core/default-client-ident to implement a per-ip limit
instead or else write your own function to set it to some other group of clients
like those representing one (of many) tenants.
wrap-deny-ipsclj
(wrap-deny-ips handler)(wrap-deny-ips handler
{:keys [deny-list deny-handler]
:or {deny-list cidr/public-subnets
deny-handler default-forbidden-handler}})Protect a ring handler with source ip authentication. Your deny-list ranges must cover any forbidden clients / proxy servers. The default deny-list ranges cover the entire internal public network space.
deny-list - cidr ranges collection that, if matched, will result in a denied request. optionally provide a ref type in which case it will be dereferenced before use.
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
Protect a ring handler with source ip authentication. Your deny-list ranges must cover
any forbidden clients / proxy servers. The default deny-list ranges cover the entire internal
public network space.
deny-list - cidr ranges collection that, if matched, will result in a denied request. optionally
provide a ref type in which case it will be dereferenced before use.
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
wrap-knock-knockclj
(wrap-knock-knock handler
{:keys [secret max-attempts access-period ban-period
deny-handler]
:or {secret (str (UUID/randomUUID))
max-attempts 5
access-period 1800000
ban-period 86400000
deny-handler default-forbidden-handler}})Protects a ring handler against access until a secret knock is presented. After the secret knock is satisfied access is granted for a configurable amount of time to the client that presented the knock. Too many attempts of the wrong knock will land you on the ban list for a longer period of time and even correct knocks will be rejected.
Protects a ring handler against access until a secret knock is presented. After the secret knock is satisfied access is granted for a configurable amount of time to the client that presented the knock. Too many attempts of the wrong knock will land you on the ban list for a longer period of time and even correct knocks will be rejected.
wrap-rate-limitclj
(wrap-rate-limit handler)(wrap-rate-limit handler
{:keys [max-requests period deny-handler ident-fn]
:or {max-requests 100
period 60000
ident-fn (constantly :world)
deny-handler default-limited-handler}})Protect a ring handler against excessive calls. New requests that would exceed the rate limit will receive a denied response.
max-requests - the maximum number of requests allowed within the time period. deny-handler - a function of a ring request that returns a ring response in the event of a denied request. period - the span of the sliding window (in milliseconds) over which requests are counted. ident-fn - a function of a request returning an opaque identifier by which to identify the rate limiter. defaults to a global limit (shared by all clients) but you may set it to ring-firewall-middleware.core/default-client-ident to implement a per-ip limit instead or else write your own function to set it to some other group of clients like those representing one (of many) tenants.
Protect a ring handler against excessive calls. New requests
that would exceed the rate limit will receive a denied response.
max-requests - the maximum number of requests allowed within the time period.
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
period - the span of the sliding window (in milliseconds) over which requests are counted.
ident-fn - a function of a request returning an opaque identifier by which to identify the
rate limiter. defaults to a global limit (shared by all clients) but you may set it to
ring-firewall-middleware.core/default-client-ident to implement a per-ip limit
instead or else write your own function to set it to some other group of clients
like those representing one (of many) tenants.
wrap-rate-throttleclj
(wrap-rate-throttle handler)(wrap-rate-throttle
handler
{:keys [max-requests period ident-fn]
:or {max-requests 100 period 60000 ident-fn (constantly :world)}})Protect a ring handler against excessive calls. New requests that would exceed the rate limit will block until making them would no longer exceed the rate limit.
max-requests - the maximum number of requests allowed within the time period. period - the span of the sliding window (in milliseconds) over which requests are counted. ident-fn - a function of a request returning an opaque identifier by which to identify the rate limiter. defaults to a global limit (shared by all clients) but you may set it to ring-firewall-middleware.core/default-client-ident to implement a per-ip limit instead or else write your own function to set it to some other group of clients like those representing one (of many) tenants.
Protect a ring handler against excessive calls. New requests
that would exceed the rate limit will block until making
them would no longer exceed the rate limit.
max-requests - the maximum number of requests allowed within the time period.
period - the span of the sliding window (in milliseconds) over which requests are counted.
ident-fn - a function of a request returning an opaque identifier by which to identify the
rate limiter. defaults to a global limit (shared by all clients) but you may set it to
ring-firewall-middleware.core/default-client-ident to implement a per-ip limit
instead or else write your own function to set it to some other group of clients
like those representing one (of many) tenants.
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close