Documentation
¶
Overview ¶
Package httpproxy provides HTTP handlers for routing HTTP traffic through a local web proxy.
Important Security Considerations ¶
This package is designed primarily for use with private, internal forward proxies typically integrated within an application. It is not suitable for public-facing proxies due to the following security concerns:
- Authentication: Public proxies must restrict access to only authorized users. This package does not provide built-in authentication mechanisms.
- Probing Resistance: A public proxy should ideally not reveal its identity as a proxy, even under targeted probing. Implementing authentication can aid in this.
- Protection of Local Resources: The dialer used by the proxy handlers should prevent connections to both localhost and the local network to avoid unintended access by clients.
- Resource Limits: Implement limits on resources (number of connections, time connected, memory used, etc.) per user. This helps prevent denial-of-service attacks.
If you intend to build a public-facing proxy, you will need to address these security issues using additional libraries or custom solutions.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewConnectHandler ¶
func NewConnectHandler(dialer transport.StreamDialer) http.Handler
NewConnectHandler creates a http.Handler that handles CONNECT requests and forwards the requests using the given transport.StreamDialer.
Clients can specify a Transport header with a value of a transport config as specified in the configurl package to specify the transport for a given request.
The resulting handler is currently vulnerable to probing attacks. It's ok as a localhost proxy but it may be vulnerable if used as a public proxy.
func NewForwardHandler ¶
func NewForwardHandler(dialer transport.StreamDialer) http.Handler
NewForwardHandler creates a http.Handler that handles absolute HTTP requests using the given http.Client.
func NewPathHandler ¶
func NewPathHandler(dialer transport.StreamDialer) http.Handler
NewPathHandler creates a http.Handler that resolves the URL path as an absolute URL using the given http.Client.
Types ¶
type ProxyHandler ¶
type ProxyHandler struct {
// Handler to fallback to if the request is not a proxy request (CONNECT method of absolute URL).
// If FallbackHandler is absent, ProxyHandler returns a 404.
FallbackHandler http.Handler
// contains filtered or unexported fields
}
func NewProxyHandler ¶
func NewProxyHandler(dialer transport.StreamDialer) *ProxyHandler
NewProxyHandler creates a http.Handler that works as a web proxy using the given dialer to deach the destination. You can use ProxyHandler.FallbackHandler to specify how to handle non-proxy requests.
func (*ProxyHandler) ServeHTTP ¶
func (h *ProxyHandler) ServeHTTP(proxyResp http.ResponseWriter, proxyReq *http.Request)
ServeHTTP implements http.Handler.ServeHTTP for CONNECT and absolute URL requests, using the internal transport.StreamDialer.
Source Files