ring-firewall-middleware.core
default-forbidden-handlerclj
(default-forbidden-handler request)(default-forbidden-handler request respond raise)Provides a default ring response for users who didn't meet the firewall requirements.
Provides a default ring response for users who didn't meet the firewall requirements.
default-limited-handlerclj
(default-limited-handler request)(default-limited-handler request respond raise)Provides a default ring response for users who exceeded the imposed limit.
Provides a default ring response for users who exceeded the imposed limit.
default-maintenance-handlerclj
(default-maintenance-handler request)(default-maintenance-handler request respond raise)Provides a default ring response for when the server is enforcing a maintenance mode.
Provides a default ring response for when the server is enforcing a maintenance mode.
with-maintenance-modecljmacro
(with-maintenance-mode ident & body)Enables maintenance mode for the given identity and executes body after all in-flight requests have completed.
Enables maintenance mode for the given identity and executes body after all in-flight requests have completed.
wrap-allow-ipsclj
(wrap-allow-ips handler)(wrap-allow-ips handler
{:keys [allow-list deny-handler]
:or {allow-list cidr/private-subnets
deny-handler default-forbidden-handler}})Protect a ring handler with source ip authentication. Your allow-list ranges must cover any permitted clients as well as any intermediate proxy servers. The default allow-list ranges cover the entire internal network space as defined by RFC 1918 and RFC 4193.
allow-list - cidr ranges collection that, if matched, will result in an allowed request. optionally provide a ref type in which case it will be dereferenced before use.
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
Protect a ring handler with source ip authentication. Your allow-list ranges must cover
any permitted clients as well as any intermediate proxy servers. The default allow-list
ranges cover the entire internal network space as defined by RFC 1918 and RFC 4193.
allow-list - cidr ranges collection that, if matched, will result in an allowed request. optionally
provide a ref type in which case it will be dereferenced before use.
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
wrap-concurrency-limitclj
(wrap-concurrency-limit handler)(wrap-concurrency-limit handler
{:keys [max-concurrent deny-handler ident-fn max-wait]
:or {max-concurrent 1
deny-handler default-limited-handler
ident-fn (constantly :world)
max-wait 50}})Protect a ring handler against excessive concurrency. New requests after the concurrency limit is already saturated will receive a denied response.
max-concurrent - the maximum number of requests to be handled concurrently deny-handler - a function of a ring request that returns a ring response in the event of a denied request. max-wait - the amount of time (in milliseconds) that a request should wait optimistically before succeeding or returning with a denied response. ident-fn - a function of a request returning an opaque identifier by which to identify the semaphore. defaults to a global limit (shared by all clients) but you may set it to ring-firewall-middleware.core/default-client-ident to implement a per-ip limit instead or else write your own function to set it to some other group of clients like those representing one (of many) tenants.
Protect a ring handler against excessive concurrency. New requests
after the concurrency limit is already saturated will receive a
denied response.
max-concurrent - the maximum number of requests to be handled concurrently
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
max-wait - the amount of time (in milliseconds) that a request should wait optimistically before
succeeding or returning with a denied response.
ident-fn - a function of a request returning an opaque identifier by which to identify the
semaphore. defaults to a global limit (shared by all clients) but you may set it to
ring-firewall-middleware.core/default-client-ident to implement a per-ip limit
instead or else write your own function to set it to some other group of clients
like those representing one (of many) tenants.
wrap-concurrency-throttleclj
(wrap-concurrency-throttle handler)(wrap-concurrency-throttle handler
{:keys [max-concurrent ident-fn]
:or {max-concurrent 1
ident-fn (constantly :world)}})Protect a ring handler against excessive concurrency. New requests after the concurrency limit is already saturated will block until a slot is available.
max-concurrent - the maximum number of requests to be handled concurrently ident-fn - a function of a request returning an opaque identifier by which to identify the semaphore. defaults to a global limit (shared by all clients) but you may set it to ring-firewall-middleware.core/default-client-ident to implement a per-ip limit instead or else write your own function to set it to some other group of clients like those representing one (of many) tenants.
Protect a ring handler against excessive concurrency. New requests
after the concurrency limit is already saturated will block until
a slot is available.
max-concurrent - the maximum number of requests to be handled concurrently
ident-fn - a function of a request returning an opaque identifier by which to identify the
semaphore. defaults to a global limit (shared by all clients) but you may set it to
ring-firewall-middleware.core/default-client-ident to implement a per-ip limit
instead or else write your own function to set it to some other group of clients
like those representing one (of many) tenants.
wrap-deny-ipsclj
(wrap-deny-ips handler)(wrap-deny-ips handler
{:keys [deny-list deny-handler]
:or {deny-list cidr/public-subnets
deny-handler default-forbidden-handler}})Protect a ring handler with source ip authentication. Your deny-list ranges must cover any forbidden clients / proxy servers. The default deny-list ranges cover the entire public network space.
deny-list - cidr ranges collection that, if matched, will result in a denied request. optionally provide a ref type in which case it will be dereferenced before use.
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
Protect a ring handler with source ip authentication. Your deny-list ranges must cover
any forbidden clients / proxy servers. The default deny-list ranges cover the entire
public network space.
deny-list - cidr ranges collection that, if matched, will result in a denied request. optionally
provide a ref type in which case it will be dereferenced before use.
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
wrap-maintenance-limitclj
(wrap-maintenance-limit handler)(wrap-maintenance-limit handler
{:keys [ident-fn deny-handler max-wait]
:or {ident-fn (constantly :world)
deny-handler default-maintenance-handler
max-wait 50}})Middleware that coordinates requests to establish a maintenance mode when requested. When maintenance mode is enabled any new requests will be denied but in-flight requests will be given a chance to finish prior to maintenance activities beginning.
ident-fn - a function of a request returning an opaque identifier by which to identify the request group that may be flipped into maintenance mode. useful if applying maintenance mode to one (of many) tenants at a time. deny-handler - a ring handler that should produce a response for requests that were denied due to being in maintenance mode. max-wait - the amount of time (in milliseconds) that a request should wait optimistically before succeeding or returning with a denied response.
Middleware that coordinates requests to establish a maintenance mode when
requested. When maintenance mode is enabled any new requests will be denied
but in-flight requests will be given a chance to finish prior to maintenance
activities beginning.
ident-fn - a function of a request returning an opaque identifier by which to identify the
request group that may be flipped into maintenance mode. useful if applying
maintenance mode to one (of many) tenants at a time.
deny-handler - a ring handler that should produce a response for requests that were denied due
to being in maintenance mode.
max-wait - the amount of time (in milliseconds) that a request should wait optimistically before
succeeding or returning with a denied response.
wrap-maintenance-throttleclj
(wrap-maintenance-throttle handler)(wrap-maintenance-throttle handler
{:keys [ident-fn]
:or {ident-fn (constantly :world)}})Middleware that coordinates requests to establish a maintenance mode when requested. When maintenance throttle is enabled any new requests will block but in-flight requests will be given a chance to finish prior to maintenance activities beginning.
ident-fn - a function of a request returning an opaque identifier by which to identify the request group that may be flipped into maintenance mode. useful if applying maintenance mode to one (of many) tenants at a time.
Middleware that coordinates requests to establish a maintenance mode when
requested. When maintenance throttle is enabled any new requests will block
but in-flight requests will be given a chance to finish prior to maintenance
activities beginning.
ident-fn - a function of a request returning an opaque identifier by which to identify the
request group that may be flipped into maintenance mode. useful if applying
maintenance mode to one (of many) tenants at a time.
wrap-rate-limitclj
(wrap-rate-limit handler)(wrap-rate-limit handler
{:keys [max-requests period deny-handler ident-fn max-wait]
:or {max-requests 500
period 60000
ident-fn (constantly :world)
deny-handler default-limited-handler
max-wait 50}})Protect a ring handler against excessive calls. New requests that would exceed the rate limit will receive a denied response.
max-requests - the maximum number of requests allowed within the time period. deny-handler - a function of a ring request that returns a ring response in the event of a denied request. period - the span of the sliding window (in milliseconds) over which requests are counted. max-wait - the amount of time (in milliseconds) that a request should wait optimistically before succeeding or returning with a denied response. ident-fn - a function of a request returning an opaque identifier by which to identify the rate limiter. defaults to a global limit (shared by all clients) but you may set it to ring-firewall-middleware.core/default-client-ident to implement a per-ip limit instead or else write your own function to set it to some other group of clients like those representing one (of many) tenants.
Protect a ring handler against excessive calls. New requests
that would exceed the rate limit will receive a denied response.
max-requests - the maximum number of requests allowed within the time period.
deny-handler - a function of a ring request that returns a ring response in the event of a denied request.
period - the span of the sliding window (in milliseconds) over which requests are counted.
max-wait - the amount of time (in milliseconds) that a request should wait optimistically before
succeeding or returning with a denied response.
ident-fn - a function of a request returning an opaque identifier by which to identify the
rate limiter. defaults to a global limit (shared by all clients) but you may set it to
ring-firewall-middleware.core/default-client-ident to implement a per-ip limit
instead or else write your own function to set it to some other group of clients
like those representing one (of many) tenants.
wrap-rate-throttleclj
(wrap-rate-throttle handler)(wrap-rate-throttle
handler
{:keys [max-requests period ident-fn]
:or {max-requests 100 period 60000 ident-fn (constantly :world)}})Protect a ring handler against excessive calls. New requests that would exceed the rate limit will block until making them would no longer exceed the rate limit.
max-requests - the maximum number of requests allowed within the time period. period - the span of the sliding window (in milliseconds) over which requests are counted. ident-fn - a function of a request returning an opaque identifier by which to identify the rate limiter. defaults to a global limit (shared by all clients) but you may set it to ring-firewall-middleware.core/default-client-ident to implement a per-ip limit instead or else write your own function to set it to some other group of clients like those representing one (of many) tenants.
Protect a ring handler against excessive calls. New requests
that would exceed the rate limit will block until making
them would no longer exceed the rate limit.
max-requests - the maximum number of requests allowed within the time period.
period - the span of the sliding window (in milliseconds) over which requests are counted.
ident-fn - a function of a request returning an opaque identifier by which to identify the
rate limiter. defaults to a global limit (shared by all clients) but you may set it to
ring-firewall-middleware.core/default-client-ident to implement a per-ip limit
instead or else write your own function to set it to some other group of clients
like those representing one (of many) tenants.
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close