Name: iprepd
Owner: Mozilla Services
Description: Centralized IP reputation daemon
Created: 2018-05-21 15:09:07.0
Updated: 2018-05-23 21:19:30.0
Pushed: 2018-05-23 21:19:29.0
Size: 11006
Language: Go
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
iprepd is a centralized IP reputation daemon that can be used to store reputation information for IP addresses and retrieve reputation scores for addresses.
The daemon provides an HTTP API for requests, and uses a Redis server as the backend storage mechanism. Multiple instances of the daemon can be deployed using the same Redis backend.
Configuration is done through the configuration file, by default ./iprepd.yaml
. The location
can be overridden with the -c
flag.
See iprepd.yaml.sample for an example configuration.
ite_version_json.sh
er build -t iprepd:latest .
Docker images are also published.
er pull mozilla/iprepd:latest
er run -ti --rm -v `pwd`/iprepd.yaml:/app/iprepd.yaml mozilla/iprepd:latest
Request the reputation for an IP address. Responds with 200 and a JSON document describing the reputation if found. Responds with a 404 if the IP address is unknown to iprepd, or is in the exceptions list.
"ip": "10.0.0.1",
"reputation": 75,
"reviewed": false,
"lastupdated": "2018-04-23T18:25:43.511Z"
Deletes the reputation entry for the IP address.
Sets a reputation score for the IP address. A reputation JSON document must be provided with the
request body. The reputation
field must be provided in the document. The reviewed field
can be included and set to true to toggle the reviewed field for a given reputation entry.
Note that if the reputation decays back to 100, if the reviewed field is set on the entry it will toggle back to false.
"ip": "10.0.0.1",
"reputation": 75
Returns violations configured in iprepd in a JSON document.
{"name": "violation1", "penalty": 5, "decreaselimit": 50},
{"name": "violation2", "penalty": 25, "decreaselimit": 0},
Applies a violation penalty to an IP address.
If an unknown violation penalty is submitted, this endpoint will still return 200, but the error will be logged.
"ip": "10.0.0.1",
"violation": "violation1"
Applies a violation penalty to a multiple IP addresses.
If an unknown violation penalty is submitted, this endpoint will still return 200, but the error will be logged.
{"ip": "10.0.0.1", "violation": "violation1"},
{"ip": "10.0.0.2", "violation": "violation1"},
{"ip": "10.0.0.3", "violation": "violation2"}
Service heartbeat endpoint.
Service heartbeat endpoint.
Return version data.
The API design and overall concept for this project are based on work done in Tigerblood.