| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Network.HTTP.Client.Restricted
Description
Restricted ManagerSettings for https://haskell-lang.org/library/http-client
-
- Copyright 2018 Joey Hess id@joeyh.name
-
- Portions from http-client-tls Copyright (c) 2013 Michael Snoyman
-
- License: MIT
Synopsis
- data Restriction
- checkAddressRestriction :: Restriction -> AddrInfo -> Maybe ConnectionRestricted
- addressRestriction :: (AddrInfo -> Maybe ConnectionRestricted) -> Restriction
- mkRestrictedManagerSettings :: Restriction -> Maybe ConnectionContext -> Maybe TLSSettings -> IO (ManagerSettings, Maybe ProxyRestricted)
- data ConnectionRestricted = ConnectionRestricted String
- connectionRestricted :: (IPAddrString -> String) -> AddrInfo -> ConnectionRestricted
- data ProxyRestricted = ProxyRestricted
- type IPAddrString = String
Documentation
data Restriction #
Configuration of which HTTP connections to allow and which to restrict.
Instances
| Monoid Restriction # | mempty does not restrict HTTP connections in any way |
Defined in Network.HTTP.Client.Restricted Methods mempty :: Restriction # mappend :: Restriction -> Restriction -> Restriction # mconcat :: [Restriction] -> Restriction # | |
| Semigroup Restriction # | |
Defined in Network.HTTP.Client.Restricted Methods (<>) :: Restriction -> Restriction -> Restriction # sconcat :: NonEmpty Restriction -> Restriction # stimes :: Integral b => b -> Restriction -> Restriction # | |
addressRestriction :: (AddrInfo -> Maybe ConnectionRestricted) -> Restriction #
Decide if a HTTP connection is allowed based on the IP address of the server.
After the restriction is checked, the same IP address is used to connect to the server. This avoids DNS rebinding attacks being used to bypass the restriction.
myRestriction :: Restriction
myRestriction = addressRestriction $ \addr ->
if isPrivateAddress addr
then Just $ connectionRestricted
("blocked connection to private IP address " ++)
else NothingmkRestrictedManagerSettings :: Restriction -> Maybe ConnectionContext -> Maybe TLSSettings -> IO (ManagerSettings, Maybe ProxyRestricted) #
Makes a TLS-capable ManagerSettings with a Restriction applied to it.
The Restriction will be checked each time a Request is made, and for each redirect followed.
Aside from checking the Restriction, it should behave the same as
mkManagerSettingsContext
from http-client-tls.
main = do manager <- newManager . fst =<< mkRestrictedManagerSettings myRestriction Nothing Nothing request <- parseRequest "http://httpbin.org/get" response <- httpLbs request manager print $ responseBody response
The HTTP proxy is also checked against the Restriction, and will not be used if the Restriction does not allow it. Just ProxyRestricted is returned when the HTTP proxy has been restricted.
See mkManagerSettingsContext for why
it can be useful to provide a ConnectionContext.
Note that SOCKS is not supported.
data ConnectionRestricted #
Value indicating that a connection was restricted, and giving the reason why.
Constructors
| ConnectionRestricted String |
Instances
| Exception ConnectionRestricted # | |
Defined in Network.HTTP.Client.Restricted | |
| Show ConnectionRestricted # | |
Defined in Network.HTTP.Client.Restricted Methods showsPrec :: Int -> ConnectionRestricted -> ShowS # show :: ConnectionRestricted -> String # showList :: [ConnectionRestricted] -> ShowS # | |
connectionRestricted :: (IPAddrString -> String) -> AddrInfo -> ConnectionRestricted #
Constructs a ConnectionRestricted, passing the function a string containing the IP address of the HTTP server.
data ProxyRestricted #
Value indicating that the http proxy will not be used.
Constructors
| ProxyRestricted |
Instances
| Show ProxyRestricted # | |
Defined in Network.HTTP.Client.Restricted Methods showsPrec :: Int -> ProxyRestricted -> ShowS # show :: ProxyRestricted -> String # showList :: [ProxyRestricted] -> ShowS # | |
type IPAddrString = String #
A string containing an IP address, for display to a user.