Documentation
¶
Overview ¶
Package safedialer provides HTTP transports that protect against SSRF attacks by filtering outbound connections to sensitive network addresses.
Two transports are provided:
- Transport() — strict; blocks loopback, RFC-1918, link-local, CGNAT. Use for indexers, download clients, webhooks, and torrent file fetches where the target should be a public internet host.
- LANTransport() — permissive; only blocks cloud-metadata link-local ranges. Use for importers that legitimately connect to an internal host (localhost or LAN) that the user controls.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DialContext ¶
DialContext resolves the host in addr and rejects connections to private/internal network addresses. Use this for non-HTTP clients (e.g. SMTP) that need the same SSRF protection as Transport().
func LANTransport ¶
LANTransport returns an *http.Transport suitable for connecting to user-configured internal services (e.g. a Sonarr instance on the LAN). It allows private/loopback addresses but still blocks cloud-metadata link-local ranges (169.254.0.0/16, fe80::/10, 100.64.0.0/10).
Types ¶
This section is empty.