http-client-restricted-0.1.0: restricting the servers that http-client will use
Safe HaskellSafe-Inferred
LanguageHaskell2010

Network.HTTP.Client.Restricted

Description

Restricted ManagerSettings for https://haskell-lang.org/library/http-client - - Copyright 2018 Joey Hess id@joeyh.name - - Portions from http-client-tls Copyright (c) 2013 Michael Snoyman - - License: MIT

Synopsis

Documentation

data Restriction #

Configuration of which HTTP connections to allow and which to restrict.

Instances

Instances details
Monoid Restriction #

mempty does not restrict HTTP connections in any way

Instance details

Defined in Network.HTTP.Client.Restricted

Methods

mempty :: Restriction #

mappend :: Restriction -> Restriction -> Restriction #

mconcat :: [Restriction] -> Restriction #

Semigroup Restriction # 
Instance details

Defined in Network.HTTP.Client.Restricted

Methods

(<>) :: Restriction -> Restriction -> Restriction #

sconcat :: NonEmpty Restriction -> Restriction #

stimes :: Integral b => b -> Restriction -> Restriction #

checkAddressRestriction :: Restriction -> AddrInfo -> Maybe ConnectionRestricted #

addressRestriction :: (AddrInfo -> Maybe ConnectionRestricted) -> Restriction #

Decide if a HTTP connection is allowed based on the IP address of the server.

After the restriction is checked, the same IP address is used to connect to the server. This avoids DNS rebinding attacks being used to bypass the restriction.

 myRestriction :: Restriction
 myRestriction = addressRestriction $ \addr ->
	if isPrivateAddress addr
		then Just $ connectionRestricted
			("blocked connection to private IP address " ++)
 		else Nothing

mkRestrictedManagerSettings :: Restriction -> Maybe ConnectionContext -> Maybe TLSSettings -> IO (ManagerSettings, Maybe ProxyRestricted) #

Makes a TLS-capable ManagerSettings with a Restriction applied to it.

The Restriction will be checked each time a Request is made, and for each redirect followed.

Aside from checking the Restriction, it should behave the same as mkManagerSettingsContext from http-client-tls.

 main = do
 	manager <- newManager . fst 
 		=<< mkRestrictedManagerSettings myRestriction Nothing Nothing
	request <- parseRequest "http://httpbin.org/get"
 	response <- httpLbs request manager
 	print $ responseBody response

The HTTP proxy is also checked against the Restriction, and will not be used if the Restriction does not allow it. Just ProxyRestricted is returned when the HTTP proxy has been restricted.

See mkManagerSettingsContext for why it can be useful to provide a ConnectionContext.

Note that SOCKS is not supported.

data ConnectionRestricted #

Value indicating that a connection was restricted, and giving the reason why.

Constructors

ConnectionRestricted String 

Instances

Instances details
Exception ConnectionRestricted # 
Instance details

Defined in Network.HTTP.Client.Restricted

Methods

toException :: ConnectionRestricted -> SomeException

fromException :: SomeException -> Maybe ConnectionRestricted

displayException :: ConnectionRestricted -> String

Show ConnectionRestricted # 
Instance details

Defined in Network.HTTP.Client.Restricted

Methods

showsPrec :: Int -> ConnectionRestricted -> ShowS #

show :: ConnectionRestricted -> String #

showList :: [ConnectionRestricted] -> ShowS #

connectionRestricted :: (IPAddrString -> String) -> AddrInfo -> ConnectionRestricted #

Constructs a ConnectionRestricted, passing the function a string containing the IP address of the HTTP server.

data ProxyRestricted #

Value indicating that the http proxy will not be used.

Constructors

ProxyRestricted 

Instances

Instances details
Show ProxyRestricted # 
Instance details

Defined in Network.HTTP.Client.Restricted

Methods

showsPrec :: Int -> ProxyRestricted -> ShowS #

show :: ProxyRestricted -> String #

showList :: [ProxyRestricted] -> ShowS #

type IPAddrString = String #

A string containing an IP address, for display to a user.