Only accept HTTP connections from Localhost in Go?
Converting VonC
's comment into an answer.
You can bind the host by setting host:port
in your http.Server.Addr
or http.ListenAndServe
.
They use net.Listen
internally.
From net.Listen
:
For TCP and UDP, the syntax of laddr is "host:port", like
"127.0.0.1:8080". If host is omitted, as in ":8080", Listen listens on
all available interfaces instead of just the interface with the given
host address.
golang http server http.ListenAndServe only works for localhost?
This is due to Linux listen rules.
There is a reject all rule on my rules.
# listen rules
sudo iptables -L INPUT --line-numbers
sudo iptables -D INPUT 8
Making a Simple FileServer with Go and Localhost Refused to Connect
your system cannot find the certificate file.:
this error means you need "rui.crt" file alongside with your main binary file.
if you do not have certificate see: How to create a self-signed certificate with openssl?
then copy "server.pem", "server.key" files to your binary(.exe) file directory
and run this sample code (for test):
package main
import (
"fmt"
"log"
"net/http"
)
type server struct {
}
func (s server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, "*Hello World\n*")
}
func main() {
if err := http.ListenAndServeTLS(":443", "server.pem", "server.key", server{}); err != nil {
log.Fatal(err)
}
}
then open web page: https://127.0.0.1/
if firewall poped up say yes,
if you see There is a problem with this website’s security certificate.
say continue (advance).
output:
*Hello World
*
Accepting get/post requests only from localhost
in the constructor you could use
if ($_SERVER['SERVER_ADDR'] != $_SERVER['REMOTE_ADDR']){
$this->output->set_status_header(400, 'No Remote Access Allowed');
exit; //just for good measure
}
However if this method isnt what you're looking for.. use .htaccess
you can perform a quick google search to return a specific example for denying get/post to all and then allow for 127.0.0.1/localhost.
Web browsers assume that my HTTP server is prepared to accept many connections
Indeed modern browsers will try to use 6 connections, in some cases even 8. You have one of two options:
- Just ACK but take your time replying
- Use javascript to load your resources one-by-one
I am assuming here that you can't increase the concurrent capacity of the server (being a small device) or radically change the appearance of the page.
Option #2 removes most of the resources from the page and instead has JS programatically request every resource and add them to the page via the DOM. This might be a serious rework of the page.
I should also mention that you can inline images (the image bitmap is just a string in the page) so that you can prevent the (mostly) parallel fetching of images done by modern browsers.
Related Topics
Linux Service Can't Load Library Path in The /Etc/Ld.So.Conf.D
Under What Circumstances Does The Read() Syscall Return 0
How to Add Export Statement in a Bash_Profile File
How to Access Environment Variables Inside .Gdbinit and Inside Gdb Itself
How to Make Ssh Command Execution to Timeout
Using Su/Sudo When Accessing Remote Git Repositories Over Ssh
Intercepting File System System Calls
How to Find Files Except Given Name
Difference Between Arm-None-Eabi and Arm-Linux-Gnueabi
How to Use Systemd to Restart a Service When Down
Openssl/Rsa - Using a Public Key to Decrypt
On-The-Fly Output Redirection, Seeing The File Redirection Output While The Program Is Still Running
Check If All Lines from One File Are Present Somewhere in Another File
Can't Remove, Purge, Unistall Mongodb from Debian
What Is The Size of Coap Packet
How to Translate Kernel's Trap Divide Error Rsp:2B6D2Ea40450 to a Source Location