safedialer

package
v0.0.0-...-e14edc6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 5, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package safedialer provides HTTP transports that protect against SSRF attacks by filtering outbound connections to sensitive network addresses.

Two transports are provided:

  • Transport() — strict; blocks loopback, RFC-1918, link-local, CGNAT. Use for indexers, download clients, webhooks, and torrent file fetches where the target should be a public internet host.
  • LANTransport() — permissive; only blocks cloud-metadata link-local ranges. Use for importers that legitimately connect to an internal host (localhost or LAN) that the user controls.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DialContext

func DialContext(ctx context.Context, network, addr string) (net.Conn, error)

DialContext resolves the host in addr and rejects connections to private/internal network addresses. Use this for non-HTTP clients (e.g. SMTP) that need the same SSRF protection as Transport().

func LANTransport

func LANTransport() *http.Transport

LANTransport returns an *http.Transport suitable for connecting to user-configured internal services (e.g. a Sonarr instance on the LAN). It allows private/loopback addresses but still blocks cloud-metadata link-local ranges (169.254.0.0/16, fe80::/10, 100.64.0.0/10).

func Transport

func Transport() *http.Transport

Transport returns an *http.Transport that blocks requests to private/internal network addresses. Use this in place of http.DefaultTransport for all HTTP clients that connect to user-supplied URLs.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL