Skip to content

iamsauravsharma/tower_allowed_hosts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.rustfmt.toml
.rustfmt.toml
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
Makefile.toml
Makefile.toml
 
 
README.MD
README.MD
 
 
cliff.toml
cliff.toml
 
 

Repository files navigation

TOWER ALLOWED HOSTS

Project status & info:

License Crates Version Docs
License: MIT Crate Docs

Tower service which limits request from only specified hosts.

Add as dependencies

In your Cargo.toml file, add tower_allowed_hosts as a dependency:

[dependencies]
tower_allowed_hosts = "0.12.0"

Usage

Basic

To restrict access to specific basic hosts, you can use the following code:

let tower_layer = tower_allowed_hosts::AllowedHostLayer::new("127.0.0.1");

Wildcard

If you need wildcard-based host matching, enable the wildcard feature in your Cargo.toml:

[dependencies]
tower_allowed_hosts = { version = "0.12.0", features = ["wildcard"] }

You can then restrict hosts using wildcards:

let tower_layer = tower_allowed_hosts::AllowedHostLayer::new(wildmatch::WildMatch::new("127.0.0.*"));

Regex

If you need regex-based host matching, enable the regex feature in your Cargo.toml:

[dependencies]
tower_allowed_hosts = { version = "0.12.0", features = ["regex"] }

You can then restrict hosts using regex patterns:

let tower_layer = tower_allowed_hosts::AllowedHostLayer::new(regex::Regex::new("^127.0.0.1$")?);

Forwarded header

If you wish to also handle Forwarded header than you can extend created AllowedHostLayer with with_forwarded_matcher

let layer = tower_allowed_hosts::AllowedHostLayer::new("example.com")
    .with_forwarded_matcher(("by", "example.org"));

Integrating with a Tower-Compatible Library

After creating the AllowedHostLayer, it can be integrated into any library that supports tower components. Here's an example of how to use this layer in an axum application. You will also need to handle errors properly using HandleErrorLayer:

use axum::{
    error_handling::HandleErrorLayer,
    http::StatusCode,
    Router
};
use tower::ServiceBuilder;
use tower_allowed_hosts::AllowedHostLayer;

fn router() -> Router {
    let handle_error_layer = HandleErrorLayer::new(handle_box_error);

    let allowed_hosts_layer = AllowedHostLayer::new(wildmatch::WildMatch::new("127.0.0.*"));

     let layer = ServiceBuilder::new()
        .layer(handle_error_layer)
        .layer(allowed_hosts_layer);

    Router::new().layer(layer)
}

async fn handle_box_error(err: tower::BoxError) -> (StatusCode, String) {
    if err.is::<tower_allowed_hosts::error::Error>() {
        return (StatusCode::BAD_REQUEST, err.to_string());
    }
    return (StatusCode::INTERNAL_SERVER_ERROR, "".to_string())
}

There is also extension added after successfully parsing allowed host and allowing host which can be access using tower_allowed_hosts::Host struct Extension

About

Tower service which limit host to only allowed domains

Topics

rust hacktoberfest tower allowedhosts

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 17

v0.12.0 Latest
Sep 6, 2025
+ 16 releases

Packages

No packages published

Languages