I have a simple HTTP Server standing up in Golang:
h := http.NewServeMux()
h.Handle("/somepath", MyHandler)
s := &http.Server{
Addr: "1234",
Handler: h,
}
s.ListenAndServe();
What is the best way to drop connections where the caller is not localhost? Currently I'm considering inspecting the underlying connection information and ensuring that the IP Address is 127.0.0.1
, but this wastes a whole lot of resources (and runs through a whole bunch of Go code) before ultimately dropping the connection. Ideally, I can instrument the Golang server to drop the initial TCP SYN packet based on IP Address, and not create a TCP connection at all (or reveal that this port is listening).
What's the cleanest path forward here?