origin
Simple pattern-matching library to verify the Origin header of a request (by posterity)
remotehttp
Magic wrapper to deny HTTP-requests to to "local" resources. (by skx)
origin | remotehttp | |
---|---|---|
1 | 1 | |
6 | 8 | |
- | - | |
1.7 | 2.6 | |
about 1 year ago | over 3 years ago | |
Go | Go | |
Apache License 2.0 | GNU General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
origin
Posts with mentions or reviews of origin.
We have used some of these posts to build our list of alternatives
and similar projects.
remotehttp
Posts with mentions or reviews of remotehttp.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2020-12-26.
-
Cursed IP Address Representations
For golang I wrote this:
https://github.com/skx/remotehttp
I've found, and reported, a whole bunch of services which take user-supplied URLs and don't filter out access to localhost:8080/server-status, and similar local resources.
A common route to attacking these is to access the AWS metadata URL endpoint. Something at least the Google cloud prevents, by forcing the use of the `Metadata-Flavor: Google` header.
What are some alternatives?
When comparing origin and remotehttp you can also consider the following projects:
ladder - Selfhosted alternative to 12ft.io. and 1ft.io bypass paywalls with a proxy ladder and remove CORS headers from any URL
ip6snetc - IPv6 subnet calculator written in Lua
srp - Go implementation of the Secure Remote Password (SRP) protocol.