Only Accept Http Connections from Localhost in Go

Only accept HTTP connections from Localhost in Go?

Converting VonC's comment into an answer.

You can bind the host by setting host:port in your http.Server.Addr or http.ListenAndServe.

They use net.Listen internally.

From net.Listen :

For TCP and UDP, the syntax of laddr is "host:port", like
"127.0.0.1:8080". If host is omitted, as in ":8080", Listen listens on
all available interfaces instead of just the interface with the given
host address.

golang http server http.ListenAndServe only works for localhost?

This is due to Linux listen rules.
There is a reject all rule on my rules.

# listen rules
sudo iptables -L INPUT --line-numbers
sudo iptables -D INPUT 8

Making a Simple FileServer with Go and Localhost Refused to Connect

your system cannot find the certificate file.:

this error means you need "rui.crt" file alongside with your main binary file.

if you do not have certificate see: How to create a self-signed certificate with openssl?

then copy "server.pem", "server.key" files to your binary(.exe) file directory

and run this sample code (for test):

package main

import (
    "fmt"
    "log"
    "net/http"
)

type server struct {
}

func (s server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    fmt.Fprint(w, "*Hello World\n*")
}

func main() {
    if err := http.ListenAndServeTLS(":443", "server.pem", "server.key", server{}); err != nil {
        log.Fatal(err)
    }
}

then open web page: https://127.0.0.1/
if firewall poped up say yes,

if you see There is a problem with this website’s security certificate. say continue (advance).

output:

*Hello World
*

Accepting get/post requests only from localhost

in the constructor you could use

if ($_SERVER['SERVER_ADDR'] != $_SERVER['REMOTE_ADDR']){
  $this->output->set_status_header(400, 'No Remote Access Allowed');
  exit; //just for good measure
}

However if this method isnt what you're looking for.. use .htaccess you can perform a quick google search to return a specific example for denying get/post to all and then allow for 127.0.0.1/localhost.

Web browsers assume that my HTTP server is prepared to accept many connections

Indeed modern browsers will try to use 6 connections, in some cases even 8. You have one of two options:

1. Just ACK but take your time replying
2. Use javascript to load your resources one-by-one

I am assuming here that you can't increase the concurrent capacity of the server (being a small device) or radically change the appearance of the page.

Option #2 removes most of the resources from the page and instead has JS programatically request every resource and add them to the page via the DOM. This might be a serious rework of the page.

I should also mention that you can inline images (the image bitmap is just a string in the page) so that you can prevent the (mostly) parallel fetching of images done by modern browsers.

---

Related Topics