wai-middleware-ip-block: Block requests by IP CIDR

This is a package candidate release! Here you can preview how this package release will appear once published to the main package index (which can be accomplished via the 'maintain' link below). Please note that once a package has been published to the main package index it cannot be undone! Please consult the package uploading documentation for more information.


A WAI middleware that blocks incoming requests based on their IPs, using CIDR ranges.

[Skip to ReadMe]


Change logCHANGELOG.md
Dependenciesaeson (>= && <1.1), base (>= && <4.10), bytestring (>= && <0.11), http-types (>=0.9.1 && <0.10), iproute (>=1.7.1 && <1.8), network (>= && <2.7), text (>= && <1.3), unordered-containers (>= && <0.3), wai (>= && <3.3), yaml (>=0.8.22 && <0.9) [details]
Copyright2017 Echo Nolan
AuthorEcho Nolan
Home pagehttps://github.com/enolan/wai-middleware-ip-block#readme
Source repositoryhead: git clone https://github.com/enolan/wai-middleware-ip-block
UploadedFri May 5 00:13:43 UTC 2017 by EchoNolan



Maintainers' corner

For package maintainers and hackage trustees

Readme for wai-middleware-ip-block-

[back to package description]

wai-middleware-ip-block: Block incoming requests by CIDR IP ranges.

This is a WAI middleware for blocking incoming requests by IP range.

See Haddock for documentation, including the YAML configuration format.

To use this with the Yesod scaffold, modify the makeApplication function in Application.hs like so:

makeApplication :: App -> IO Application
makeApplication foundation = do
    logWare <- makeLogWare foundation
    -- Create the WAI application and apply middlewares
    appPlain <- toWaiAppPlain foundation
    ipBlock <- ipBlockMiddlewareFromFileEnv "IP_BLOCK_CFG" basicDenyResponse
    return $ ipBlock $ logWare $ defaultMiddlewaresNoLogging appPlain

When your server launches, it'll look for an environment variable IP_BLOCK_CFG. That should have the path to a YAML formatted configuration file. The details of that format are in the Haddock.

Don't rely on this for security. I wrote this so I could put a site up on the internet before I was ready to make it public. IP based blocking is in general a weak measure and this package in particular has undergone relatively little testing, none of it adversarial.