http-client-restricted-0.0.4: restricting the servers that http-client will use
Safe HaskellNone
LanguageHaskell2010

Network.HTTP.Client.Restricted

Description

Restricted ManagerSettings for https://haskell-lang.org/library/http-client - - Copyright 2018 Joey Hess id@joeyh.name - - Portions from http-client-tls Copyright (c) 2013 Michael Snoyman - - License: MIT

Synopsis

Documentation

data Restriction Source #

Configuration of which HTTP connections to allow and which to restrict.

Instances

Instances details
Semigroup Restriction Source # 
Instance details

Defined in Network.HTTP.Client.Restricted

Methods

(<>) :: Restriction -> Restriction -> Restriction #

sconcat :: NonEmpty Restriction -> Restriction #

stimes :: Integral b => b -> Restriction -> Restriction #

Monoid Restriction Source #

mempty does not restrict HTTP connections in any way

Instance details

Defined in Network.HTTP.Client.Restricted

Methods

mempty :: Restriction #

mappend :: Restriction -> Restriction -> Restriction #

mconcat :: [Restriction] -> Restriction #

checkAddressRestriction :: Restriction -> AddrInfo -> Maybe ConnectionRestricted Source #

addressRestriction :: (AddrInfo -> Maybe ConnectionRestricted) -> Restriction Source #

Decide if a HTTP connection is allowed based on the IP address of the server.

After the restriction is checked, the same IP address is used to connect to the server. This avoids DNS rebinding attacks being used to bypass the restriction.

 myRestriction :: Restriction
 myRestriction = addressRestriction $ \addr ->
	if isPrivateAddress addr
		then Just $ connectionRestricted
			("blocked connection to private IP address " ++)
 		else Nothing

mkRestrictedManagerSettings :: Restriction -> Maybe ConnectionContext -> Maybe TLSSettings -> IO (ManagerSettings, Maybe ProxyRestricted) Source #

Makes a TLS-capable ManagerSettings with a Restriction applied to it.

The Restriction will be checked each time a Request is made, and for each redirect followed.

Aside from checking the Restriction, it should behave the same as mkManagerSettingsContext from http-client-tls.

 main = do
 	manager <- newManager . fst 
 		=<< mkRestrictedManagerSettings myRestriction Nothing Nothing
	request <- parseRequest "http://httpbin.org/get"
 	response <- httpLbs request manager
 	print $ responseBody response

The HTTP proxy is also checked against the Restriction, and will not be used if the Restriction does not allow it. Just ProxyRestricted is returned when the HTTP proxy has been restricted.

See mkManagerSettingsContext for why it can be useful to provide a ConnectionContext.

Note that SOCKS is not supported.

data ConnectionRestricted Source #

Value indicating that a connection was restricted, and giving the reason why.

Constructors

ConnectionRestricted String 

Instances

Instances details
Show ConnectionRestricted Source # 
Instance details

Defined in Network.HTTP.Client.Restricted

Methods

showsPrec :: Int -> ConnectionRestricted -> ShowS #

show :: ConnectionRestricted -> String #

showList :: [ConnectionRestricted] -> ShowS #

Exception ConnectionRestricted Source # 
Instance details

Defined in Network.HTTP.Client.Restricted

Methods

toException :: ConnectionRestricted -> SomeException #

fromException :: SomeException -> Maybe ConnectionRestricted #

displayException :: ConnectionRestricted -> String #

connectionRestricted :: (IPAddrString -> String) -> AddrInfo -> ConnectionRestricted Source #

Constructs a ConnectionRestricted, passing the function a string containing the IP address of the HTTP server.

data ProxyRestricted Source #

Value indicating that the http proxy will not be used.

Constructors

ProxyRestricted 

Instances

Instances details
Show ProxyRestricted Source # 
Instance details

Defined in Network.HTTP.Client.Restricted

Methods

showsPrec :: Int -> ProxyRestricted -> ShowS #

show :: ProxyRestricted -> String #

showList :: [ProxyRestricted] -> ShowS #

type IPAddrString = String Source #

A string containing an IP address, for display to a user.