Do not use yet in production This module won't probably be heavily maintained. Fork at will or claim ownership ! Okay now you can keep reading :)
Kind of a firewall for http requests based on headers. It parses a set of rules for each HTTP header and apply the matching policy
NB: This module makes the assumption your request object looks like this
req = {
headers : {
'method' : 'PUT',
'url' : '/kung/foo/panda/',
'any-other-header' : 'of_any_value'
}
}If it does not, use the setAccessFieldFunction (look around the end of this readme to see an example)
Example 1: a rule could be represented as such
rule = {
policy : HTTPTables.policies.DROP,
conditions : {
'method' : ['POST', 'GET'],
'user-agent' : /Android/,
'url' : "/api/v2/users/1"
}
}In this case it will drop every POST or GET requests from android on /api/v2/users/1 url
var HTTPTables = require('httptables');
var httptables = HTTPTables({
defaultPolicy : HTTPTables.policies.DROP // Drop all not matching requests
})Example 2: In Express
var HTTPTables = require('httptables');
var httptables = HTTPTables({
defaultPolicy : HTTPTables.policies.DROP // Drop all not matching requests
})
// Override the way to access a header field for an express request object
httptables.setAccessFieldFunction = function (req, field) {
var _field = (field || "").toUpperCase();
if(field === 'URL') {
return req.url;
} else if(field === 'METHOD') {
return req.method;
} else {
return req.get(field);
}
}
//...
//...
//...
app.use(function (req, res, next) {
req.mySetOfRules = [
{
policy : HTTPTables.policies.ACCEPT,
conditions : {
'method' : ['POST', 'GET'],
'user-agent' : /Android/,
'url' : "/api/v2/users/1"
}
},
{
policy : HTTPTables.policies.ACCEPT,
conditions : {
'method' : ['POST', 'GET', 'PUT', 'DELETE'],
'url' : "/api/v2/organizations/1/billing"
}
}
];
next();
})
// Comming Soon, see commented code in source to implement yourself
// only if you want/need
app.use(httptables.toExpressMiddleware({rulesPropertyName : 'mySetOfRules'}))