http-client-restricted-0.0.1: restricting the servers that http-client will use

Safe HaskellNone





data Restriction Source #

Configuration of which HTTP connections to allow and which to restrict.

addressRestriction :: (AddrInfo -> Maybe ConnectionRestricted) -> Restriction Source #

Decide if a HTTP connection is allowed based on the IP address of the server.

After the restriction is checked, the same IP address is used to connect to the server. This avoids DNS rebinding attacks being used to bypass the restriction.

 myRestriction :: Restriction
 myRestriction = addressRestriction $ \addr ->
	if isPrivateAddress addr
		then Just $ connectionRestricted
			("blocked connection to private IP address " ++)
 		else Nothing

mkRestrictedManagerSettings :: Restriction -> Maybe ConnectionContext -> Maybe TLSSettings -> IO (ManagerSettings, Maybe ProxyRestricted) Source #

Makes a TLS-capable ManagerSettings with a Restriction applied to it.

The Restriction will be checked each time a Request is made, and for each redirect followed.

Aside from checking the Restriction, it should behave the same as mkManagerSettingsContext from http-client-tls.

 main = do
 	manager <- newManager . fst 
 		=<< mkRestrictedManagerSettings myRestriction Nothing Nothing
	request <- parseRequest ""
 	response <- httpLbs request manager
 	print $ responseBody response

The HTTP proxy is also checked against the Restriction, and will not be used if the Restriction does not allow it. Just ProxyRestricted is returned when the HTTP proxy has been restricted.

See mkManagerSettingsContext for why it can be useful to provide a ConnectionContext.

Note that SOCKS is not supported.

connectionRestricted :: (IPAddrString -> String) -> AddrInfo -> ConnectionRestricted Source #

Constructs a ConnectionRestricted, passing the function a string containing the IP address of the HTTP server.

data ProxyRestricted Source #

Value indicating that the http proxy will not be used.



type IPAddrString = String Source #

A string containing an IP address, for display to a user.