From f910338d81b1af47804fd0e2967a813438b87acc Mon Sep 17 00:00:00 2001 From: Alexander Hofbauer Date: Tue, 28 Jan 2025 09:40:37 +0100 Subject: [PATCH] Replace localhost with private IP ranges fetcher --- README.md | 22 +++++++++++----------- config_test.go | 2 +- docs/examples.md | 2 +- examples/block/Caddyfile | 2 +- examples/custom/Caddyfile | 2 +- examples/garbage/Caddyfile | 2 +- examples/ratelimit/Caddyfile | 2 +- ranges/README.md | 36 ++++++++++++++++++------------------ ranges/data/generated.go | 12 ++++++++---- ranges/fetchers/localhost.go | 18 ------------------ ranges/fetchers/private.go | 22 ++++++++++++++++++++++ ranges/main.go | 2 +- 12 files changed, 66 insertions(+), 58 deletions(-) delete mode 100644 ranges/fetchers/localhost.go create mode 100644 ranges/fetchers/private.go diff --git a/README.md b/README.md index 4e83c18..5f23f06 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ defender { - `garbage`: Returns garbage data to pollute AI training. - `custom`: Returns a custom message (requires `responder_args`). - `ratelimit`: Marks requests for rate limiting (requires [Caddy-Ratelimit](https://github.com/mholt/caddy-ratelimit) to be installed as well ). -- ``: A list of CIDR ranges or predefined range keys (e.g., `openai`, `localhost`) to match against the client's IP. +- ``: A list of CIDR ranges or predefined range keys (e.g., `openai`, `private`) to match against the client's IP. - ``: A custom message to return when using the `custom` responder. --- @@ -96,16 +96,16 @@ defender { The plugin includes predefined IP ranges for popular AI services. These ranges are embedded in the binary and can be used without additional configuration. -| Service | Key | IP Ranges | -|-----------------------|---------------------------------------------|----------------------------------------------------| -| AWS | aws | [aws.go](ranges/fetchers/aws/aws.go) | -| AWS Region | aws-us-east-1, aws-us-west-1, aws-eu-west-1 | [aws_region.go](ranges/fetchers/aws/aws_region.go) | -| DeepSeek | deepseek | [deepseek.go](ranges/fetchers/deepseek.go) | -| GitHub Copilot | githubcopilot | [github.go](ranges/fetchers/github.go) | -| Google Cloud Platform | gcloud | [gcloud.go](ranges/fetchers/gcloud.go) | -| Microsoft Azure | azurepubliccloud | [azure.go](ranges/fetchers/azure.go) | -| OpenAI | openai | [openai.go](ranges/fetchers/openai.go) | -| Localhost (testing) | localhost | [localhost.go](ranges/fetchers/localhost.go) | +| Service | Key | IP Ranges | +|----------------------------------------------------------------------|---------------------------------------------|----------------------------------------------------| +| AWS | aws | [aws.go](ranges/fetchers/aws/aws.go) | +| AWS Region | aws-us-east-1, aws-us-west-1, aws-eu-west-1 | [aws_region.go](ranges/fetchers/aws/aws_region.go) | +| DeepSeek | deepseek | [deepseek.go](ranges/fetchers/deepseek.go) | +| GitHub Copilot | githubcopilot | [github.go](ranges/fetchers/github.go) | +| Google Cloud Platform | gcloud | [gcloud.go](ranges/fetchers/gcloud.go) | +| Microsoft Azure | azurepubliccloud | [azure.go](ranges/fetchers/azure.go) | +| OpenAI | openai | [openai.go](ranges/fetchers/openai.go) | +| [Private](https://caddyserver.com/docs/caddyfile/matchers#remote-ip) | private | [private.go](ranges/fetchers/private.go) | More are welcome! for a precompiled list, see the [embedded results](ranges/data/generated.go) diff --git a/config_test.go b/config_test.go index a38e47d..3cca4ec 100644 --- a/config_test.go +++ b/config_test.go @@ -208,7 +208,7 @@ func TestDefenderValidation(t *testing.T) { { "handler": "defender", "ranges": [ - "localhost" + "private" ], "raw_responder": "pineapple" }, diff --git a/docs/examples.md b/docs/examples.md index 5827e6d..bd4e92c 100644 --- a/docs/examples.md +++ b/docs/examples.md @@ -82,7 +82,7 @@ Integrate with [caddy-ratelimit](https://github.com/mholt/caddy-ratelimit): :80 { defender ratelimit { - ranges localhost + ranges private } rate_limit { diff --git a/examples/block/Caddyfile b/examples/block/Caddyfile index cd52396..b963d8a 100644 --- a/examples/block/Caddyfile +++ b/examples/block/Caddyfile @@ -8,7 +8,7 @@ bind 127.0.0.1 ::1 defender block { - ranges localhost + ranges private } respond "This is what a human sees" } diff --git a/examples/custom/Caddyfile b/examples/custom/Caddyfile index 3db4bf0..7ad6220 100644 --- a/examples/custom/Caddyfile +++ b/examples/custom/Caddyfile @@ -8,7 +8,7 @@ bind 127.0.0.1 ::1 defender custom { - ranges localhost + ranges private message "You are not welcome here" } respond "This is what a human sees" diff --git a/examples/garbage/Caddyfile b/examples/garbage/Caddyfile index 912f98d..e695199 100644 --- a/examples/garbage/Caddyfile +++ b/examples/garbage/Caddyfile @@ -8,7 +8,7 @@ bind 127.0.0.1 ::1 defender garbage { - ranges localhost + ranges private } respond "This is what a human sees" } diff --git a/examples/ratelimit/Caddyfile b/examples/ratelimit/Caddyfile index 38f0796..0108850 100644 --- a/examples/ratelimit/Caddyfile +++ b/examples/ratelimit/Caddyfile @@ -4,7 +4,7 @@ :80 { defender ratelimit { - ranges localhost + ranges private } rate_limit { diff --git a/ranges/README.md b/ranges/README.md index ed4bbc3..cfaef81 100644 --- a/ranges/README.md +++ b/ranges/README.md @@ -17,14 +17,14 @@ The **Fetchers Module** is a Go package designed to fetch IP ranges for various ## Supported Fetchers -| Fetcher Name | Description | -|------------------------|---------------------------------------------------------------------| -| `AWSFetcher` | Fetches global IP ranges for AWS services. | -| `AWSRegionFetcher` | Fetches IP ranges for a specific AWS region (e.g., `us-east-1`). | -| `GCloudFetcher` | Fetches IP ranges for Google Cloud Platform (GCP) services. | -| `OpenAIFetcher` | Fetches IP ranges for OpenAI services (e.g., ChatGPT, GPTBot). | -| `GithubCopilotFetcher` | Fetches IP ranges for GitHub Copilot services. | -| `LocalhostFetcher` | Fetches IP ranges for localhost (used for development and testing). | +| Fetcher Name | Description | +|------------------------|------------------------------------------------------------------| +| `AWSFetcher` | Fetches global IP ranges for AWS services. | +| `AWSRegionFetcher` | Fetches IP ranges for a specific AWS region (e.g., `us-east-1`). | +| `GCloudFetcher` | Fetches IP ranges for Google Cloud Platform (GCP) services. | +| `OpenAIFetcher` | Fetches IP ranges for OpenAI services (e.g., ChatGPT, GPTBot). | +| `GithubCopilotFetcher` | Fetches IP ranges for GitHub Copilot services. | +| `PrivateFetcher` | Fetches IP ranges for private network ranges (used for testing). | --- @@ -63,16 +63,16 @@ func main() { The `IPRanges` map in the `data` package contains the following keys: -| Key | Description | -|-------------------|-----------------------------------------------------------------------------| -| `aws` | Global IP ranges for AWS services. | -| `aws-us-east-1` | IP ranges for the AWS `us-east-1` region. | -| `aws-us-west-1` | IP ranges for the AWS `us-west-1` region. | -| `aws-eu-west-1` | IP ranges for the AWS `eu-west-1` region. | -| `gcloud` | IP ranges for Google Cloud Platform (GCP) services. | -| `openai` | IP ranges for OpenAI services (e.g., ChatGPT, GPTBot). | -| `githubcopilot` | IP ranges for GitHub Copilot services. | -| `localhost` | IP ranges for localhost (used for development and testing). | +| Key | Description | +|-----------------|--------------------------------------------------------| +| `aws` | Global IP ranges for AWS services. | +| `aws-us-east-1` | IP ranges for the AWS `us-east-1` region. | +| `aws-us-west-1` | IP ranges for the AWS `us-west-1` region. | +| `aws-eu-west-1` | IP ranges for the AWS `eu-west-1` region. | +| `gcloud` | IP ranges for Google Cloud Platform (GCP) services. | +| `openai` | IP ranges for OpenAI services (e.g., ChatGPT, GPTBot). | +| `githubcopilot` | IP ranges for GitHub Copilot services. | +| `private` | IP ranges for private networks (used for testing). | ### Regenerating Pregenerated Results diff --git a/ranges/data/generated.go b/ranges/data/generated.go index c327457..731a7ee 100644 --- a/ranges/data/generated.go +++ b/ranges/data/generated.go @@ -15933,10 +15933,6 @@ var IPRanges = map[string][]string{ "138.91.182.224/32", "13.107.5.93/32", }, - "localhost": { - "127.0.0.0/8", - "::1/128", - }, "openai": { "20.42.10.176/28", "172.203.190.128/28", @@ -15972,4 +15968,12 @@ var IPRanges = map[string][]string{ "4.227.36.0/25", "172.182.201.192/28", }, + "private": { + "127.0.0.0/8", + "::1/128", + "10.0.0.0/8", + "172.16.0.0/12", + "192.168.0.0/16", + "fd00::/8", + }, } diff --git a/ranges/fetchers/localhost.go b/ranges/fetchers/localhost.go deleted file mode 100644 index 5e66cb6..0000000 --- a/ranges/fetchers/localhost.go +++ /dev/null @@ -1,18 +0,0 @@ -package fetchers - -// LocalhostFetcher implements the IPRangeFetcher interface for Localhost. -type LocalhostFetcher struct{} - -func (f LocalhostFetcher) Name() string { - return "Localhost" -} -func (f LocalhostFetcher) Description() string { - return "Hardcoded IP ranges for Localhost. Used in development." -} -func (f LocalhostFetcher) FetchIPRanges() ([]string, error) { - - return []string{ - "127.0.0.0/8", // IPv4 localhost range - "::1/128", // IPv6 localhost range - }, nil -} diff --git a/ranges/fetchers/private.go b/ranges/fetchers/private.go new file mode 100644 index 0000000..62124cc --- /dev/null +++ b/ranges/fetchers/private.go @@ -0,0 +1,22 @@ +package fetchers + +// PrivateFetcher implements the IPRangeFetcher interface for private network ranges. +type PrivateFetcher struct{} + +func (f PrivateFetcher) Name() string { + return "Private" +} +func (f PrivateFetcher) Description() string { + return "Hardcoded IP ranges for private network ranges. Used in testing." +} +func (f PrivateFetcher) FetchIPRanges() ([]string, error) { + + return []string{ + "127.0.0.0/8", + "::1/128", + "10.0.0.0/8", + "172.16.0.0/12", + "192.168.0.0/16", + "fd00::/8", + }, nil +} diff --git a/ranges/main.go b/ranges/main.go index c24bfd1..c024896 100644 --- a/ranges/main.go +++ b/ranges/main.go @@ -36,7 +36,7 @@ func main() { aws.AWSRegionFetcher{Region: "us-east-1"}, // us-east-1 region aws.AWSRegionFetcher{Region: "us-west-1"}, // us-west-1 region aws.AWSRegionFetcher{Region: "eu-west-1"}, // eu-west-1 region - fetchers.LocalhostFetcher{}, + fetchers.PrivateFetcher{}, } // Load the existing IP ranges from the data package