Skip to content
This repository has been archived by the owner on Jan 5, 2023. It is now read-only.
/ smokescreen Public archive
forked from stripe/smokescreen

A simple HTTP proxy that fogs over naughty URLs

License

Notifications You must be signed in to change notification settings

lyft/smokescreen

 
 

Repository files navigation

Smokescreen Build Status

Smokescreen is a HTTP CONNECT proxy. It proxies most traffic from Stripe to the external world (e.g., webhooks).

Smokescreen restricts which URLs it connects to: it resolves each domain name that is requested and ensures that it is a publicly routable IP and not a Stripe-internal IP. This prevents a class of attacks where, for instance, our own webhooks infrastructure is used to scan Stripe's internal network.

Smokescreen also allows us to centralize egress from Stripe, allowing us to give financial partners stable egress IP addresses and abstracting away the details of which Stripe service is making the request.

Dependencies

Smokescreen uses govendor to manage dependencies. The repo contains documentation, but some useful commands are reproduced below:

  • Installing or updating govendor: go get -u github.com/kardianos/govendor (ensure $GOPATH/bin is in your $PATH)
  • Adding or updating a dependency: govendor fetch github.com/path/to/dep

WARNING: smokescreen is currently very sensitive to the specific version of goproxy. We've had problems in the past with keepalive connections under newer versions.

Contributors

  • Evan Broder
  • Andrew Dunham
  • Andreas Fuchs
  • Carl Jackson

About

A simple HTTP proxy that fogs over naughty URLs

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 100.0%