-- Hoogle documentation, generated by Haddock -- See Hoogle, http://www.haskell.org/hoogle/ -- | restricting the servers that http-client will use -- -- Addition to the http-client and http-client-tls libraries, that -- restricts the HTTP servers that can be used. -- -- This is useful when a security policy needs to eg, prevent connections -- to HTTP servers on localhost or a local network, or only allow -- connections to a specific HTTP server. -- -- It handles restricting redirects as well as the initial HTTP -- connection, and it also guards against DNS poisoning attacks. @package http-client-restricted @version 0.0.3 -- | Restricted ManagerSettings for -- https://haskell-lang.org/library/http-client module Network.HTTP.Client.Restricted -- | Configuration of which HTTP connections to allow and which to -- restrict. data Restriction checkAddressRestriction :: Restriction -> AddrInfo -> Maybe ConnectionRestricted -- | Decide if a HTTP connection is allowed based on the IP address of the -- server. -- -- After the restriction is checked, the same IP address is used to -- connect to the server. This avoids DNS rebinding attacks being used to -- bypass the restriction. -- -- 
--   myRestriction :: Restriction
--   myRestriction = addressRestriction $ \addr ->
--   if isPrivateAddress addr
--   	then Just $ connectionRestricted
--   		("blocked connection to private IP address " ++)
--   		else Nothing
--
addressRestriction :: (AddrInfo -> Maybe ConnectionRestricted) -> Restriction -- | Makes a TLS-capable ManagerSettings with a Restriction applied to it. -- -- The Restriction will be checked each time a Request is made, and for -- each redirect followed. -- -- Aside from checking the Restriction, it should behave the same as -- mkManagerSettingsContext from http-client-tls. -- -- 
--   main = do
--   	manager <- newManager . fst 
--   		=<< mkRestrictedManagerSettings myRestriction Nothing Nothing
--   request <- parseRequest "http://httpbin.org/get"
--   	response <- httpLbs request manager
--   	print $ responseBody response
--
-- -- The HTTP proxy is also checked against the Restriction, and will not -- be used if the Restriction does not allow it. Just ProxyRestricted is -- returned when the HTTP proxy has been restricted. -- -- See mkManagerSettingsContext for why it can be useful to -- provide a ConnectionContext. -- -- Note that SOCKS is not supported. mkRestrictedManagerSettings :: Restriction -> Maybe ConnectionContext -> Maybe TLSSettings -> IO (ManagerSettings, Maybe ProxyRestricted) -- | Value indicating that a connection was restricted, and giving the -- reason why. data ConnectionRestricted ConnectionRestricted :: String -> ConnectionRestricted -- | Constructs a ConnectionRestricted, passing the function a string -- containing the IP address of the HTTP server. connectionRestricted :: (IPAddrString -> String) -> AddrInfo -> ConnectionRestricted -- | Value indicating that the http proxy will not be used. data ProxyRestricted ProxyRestricted :: ProxyRestricted -- | A string containing an IP address, for display to a user. type IPAddrString = String instance GHC.Show.Show Network.HTTP.Client.Restricted.ProxyRestricted instance GHC.Show.Show Network.HTTP.Client.Restricted.ConnectionRestricted instance GHC.Base.Monoid Network.HTTP.Client.Restricted.Restriction instance GHC.Base.Semigroup Network.HTTP.Client.Restricted.Restriction instance GHC.Exception.Type.Exception Network.HTTP.Client.Restricted.ConnectionRestricted