diff --git a/config.json b/config.json index efcd003..8fb1658 100644 --- a/config.json +++ b/config.json @@ -1,4 +1,5 @@ { "Addr": "127.0.0.1:5000", - "Fail2banSocket": "/var/run/fail2ban/fail2ban.sock" + "Fail2banSocket": "/var/run/fail2ban/fail2ban.sock", + "ControllerIp": "127.0.0.1" } diff --git a/fail2rest.go b/fail2rest.go index 50faee7..31cd6cb 100644 --- a/fail2rest.go +++ b/fail2rest.go @@ -8,15 +8,28 @@ import ( "github.com/gorilla/mux" "net/http" "os" + "strings" ) type Configuration struct { Addr string Fail2banSocket string + ControllerIp string } var fail2goConn *fail2go.Conn +func controllerIpFilterMiddleware(h http.Handler, allowedIpAddress string) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + requestSource := strings.Split(r.RemoteAddr, ":") + if requestSource[0] != allowedIpAddress { + http.Error(w, "Not authorized", http.StatusForbidden) + return + } + h.ServeHTTP(w, r) + }) +} + func main() { configPath := flag.String("config", "config.json", "path to config.json") flag.Parse() @@ -45,6 +58,6 @@ func main() { whoisHandler(res, req, fail2goConn) }).Methods("GET") - http.Handle("/", r) + http.Handle("/", controllerIpFilterMiddleware(r, configuration.ControllerIp)) fmt.Println(http.ListenAndServe(configuration.Addr, nil)) }