• Stars
    star
    175
  • Rank 218,059 (Top 5 %)
  • Language
    Go
  • License
    GNU Affero Genera...
  • Created over 8 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Filtering reverse HTTP proxy

Filtron

Reverse HTTP proxy to filter requests by different rules. Can be used between production webserver and the application server to prevent abuse of the application backend.

The original purpose of this program was to defend searx, but it can be used to guard any web application.

Installation and setup

$ go install github.com/asciimoo/filtron
$ "$GOPATH/bin/filtron" --help

Rules

A rule has two required attributes: name and actions

A rule can contain all of the following attributes:

  • limit integer - Defines how many matching requests allowed to access the application within interval seconds. (Can be omitted if 0)
  • interval integer - Time range in seconds to reset rule numbers (Can be omitted if limit is 0)
  • filters list of selectors
  • aggregations list of selectors (if filters specified it activates only in case of the filter matches)
  • subrules list of rules (if filters specified it activates only in case of the filter matches)
  • disabled bool - Disable a rule (default is false)
  • stop bool - Finish request validation immediately and skip remaining rules (default is false)

JSON representation of a rule:

{
    "name": "example rule",
    "interval": 60,
    "limit": 10,
    "filters": ["GET:q", "Header:User-Agent=^curl"],
    "actions": [
        {"name": "log",
         "params": {"destination": "stderr"}},
        {"name": "block",
         "params": {"message": "Not allowed"}}
     ]
}

Explanation: Allow only 10 requests a minute where q represented as GET parameter and the user agent header starts with curl. Request is logged to STDERR and blocked with a custom error message if limit is exceeded. See more examples here.

actions

Rule's actions are sequentially activated if a request exceeds rule's limit

Note: Only the rule's first action will be executed that serves custom response

Currently implemented actions

log

Log the request

block

Serve HTTP 429 response instead of passing the request to the application

shell

Execute a shell command. cmd (string) and args (list of selectors) are required params (Example: {"name": "shell", "params": {"cmd": "echo %v is the IP", "args": ["IP"]}})

filters

If all the selectors found, it increments a counter. Rule blocks the request if counter reaches limit

aggregations

Counts the values returned by selectors. Rule blocks the request if any value's number reaches limit

subrules

Each rule can contain any number of subrules. Activates on parent rule's filter match.

Selectors

Request's different parts can be extracted using selector expressions.

Selectors are strings that can match any attribute of a HTTP request with the following syntax:

[!]RequestAttribute[:SubAttribute][=Expression]
  • ! can negate the selector
  • RequestAttribute (required) selects specific part of a request - possible values:
    • Single value
      • IP
      • Host
      • Path
      • Method
    • Multiple values
      • GET
      • POST
      • Param - it is an alias for both GET and POST
      • Cookie
      • Header
  • SubAttribute if RequestAttribute is not a single value, this can specify the inner attribute
  • Expression possible value:
    • a regular expression to filter the selected attribute values.
    • nslookup(Hostname) to filter the selected attribute values with the IP addresses of Hostname. Filtron resolves Hostname to its IP addresses when the rule is loaded (IPv4 and IPv6).

Examples

IP returns the client's IP address

GET:x returns the x GET parameter if exists

!Header:Accept-Language returns true if there is no Accept-Language HTTP header

Path=^/(x|y)$ matches if the path is /x or /y

IP=nslookup(example.com) matches if the client's IP address is one of the IP addresses of example.com.

API

Filtron can be configured through its REST API which listens on 127.0.0.1:4005 by default.

API endpoints

/rules

Loaded rules in JSON format

/rules/reload

Reload the rule file specified at startup

WebUI

UI built on the API

webui

Bugs

Bugs or suggestions? Visit the issue tracker.

More Repositories

1

wuzz

Interactive cli tool for HTTP inspection
Go
10,551
star
2

drawille

Pixel graphics in terminal with unicode braille characters
Python
3,116
star
3

exrex

Irregular methods on regular expressions
Python
891
star
4

cssplot

Pure CSS charts
CSS
782
star
5

morty

Privacy aware web content sanitizer proxy as a service
Go
485
star
6

ListOfGithubLists

List of github lists
Python
370
star
7

memspector

Inspect memory usage of python functions
Python
181
star
8

coa

Local CI tool
Go
78
star
9

ali

Smart shell alias replacement
Shell
65
star
10

lua-drawille

Pixel graphics in terminal using unicode braille characters
Lua
60
star
11

chiefr

Distributed project development inspired by the Linux kernel
Go
45
star
12

whol

(W|H)all of lame - unencrypted password gathering under open wifi networks
Python
32
star
13

omnom

A webpage bookmarking and snapshotting service
Go
27
star
14

privacyscore

Website privacy checker
Go
27
star
15

warning.js

Tiny JavaScript library which promotes JavaScript-free browsing and warns users with JavaScript enabled browsers.
JavaScript
26
star
16

autodep

Install python dependencies automatically at runtime
Python
13
star
17

feedme

Lightweight, single-user feed reader
Common Lisp
13
star
18

potion

Potion (aka f33dme-ng/f33dback) is a flask+sqlalchemy based feed/item reader.
Python
12
star
19

seccure

github repo for "SECCURE Elliptic Curve Crypto Utility for Reliable Encryption"
C
12
star
20

crapture

A hackish automated window recorder
Python
11
star
21

dotfiles

My configuration files
Vim Script
9
star
22

brutescan

Very fast and noisy TCP port scanner
Go
9
star
23

soundcloud-search

soundcloud search script
Python
8
star
24

exter

Web based plugin platform which allows addons to alter websites behavior/style/functionality
JavaScript
7
star
25

vutr

Lightweight CVE tracker
Python
7
star
26

ep_vote_similarities

Extracting European Parliament vote similarities
Python
6
star
27

peylogger

A tiny linux X11 keylogger implemented in python
Python
6
star
28

dttlz

a collection of easy to use in-memory data manipulation methods
Python
6
star
29

solary

Turn based game for bots
Go
6
star
30

ds

Simple data selector
Python
5
star
31

rscan

simple http scanner
Python
5
star
32

pyswarm

a python swarm implementation
Python
5
star
33

searx_external_plugin_example

Sample external plugin for searx
Python
5
star
34

pyepicbattle

epic battle simulator in python
Python
4
star
35

ghai

GitHub Activity Interface
Python
4
star
36

deaddrop

a web based deaddrop application
Python
4
star
37

ipty

Pseudo terminal extension
Python
4
star
38

awesome-statusbar

displays some info in awesome wm's statusbar
Python
4
star
39

semnet

javascript implementation of a basic semantic network
JavaScript
4
star
40

gmailToLED

Gmail to LED - display new email alert in keyboard leds [under linux].
Python
3
star
41

kopo

Python
3
star
42

searx-landing-page

Landing page for the searx project
HTML
3
star
43

yappb

yet another personal python blog engine written in django
3
star
44

multisched

multisched is a lightweight threaded scheduler for python functions
Python
2
star
45

asciimoo.github.io

HTML
2
star
46

blog

devblog
Makefile
2
star
47

fluxus-vj-scripts

Collection of simple fluxus visualizations
Scheme
1
star
48

jul14h

basic IRC bot written in julia language (http://julialang.org)
Julia
1
star
49

ladybug.py

Handle CSV files using table models and queries.
Python
1
star
50

superbeef

Python HTTP proxy to debug/rewrite/resend HTTP traffic
Python
1
star