This package provides the necessary tools to allow for your server to handle chaff (fake) requests from clients. This technique can be used when you want to guard against the fact that clients are connecting to your server is meaningful.
The tracker automatically captures metadata like average request time and response size, with the aim of making a chaff request indistinguishable from a real request. This is useful in situations where someone (e.g. server operator, network peer) should not be able to glean information about the system from requests, their size, or their frequency.
Clients periodically send "chaff" requests. They denote the request is chaff via a header or similar identifier. If one of your goals is to obfuscate server logs, a dedicated URL is not recommended as this will be easily distinguisable in logs.
There are two components:
- a middleware function that implements tracking
- an
http.Handlerthat serves the chaff requests
-
Option 1 - use a single handler, detect chaff based on a request property like a header. This is most useful when you don't trust the server operator and can have the performance hit of the branching logic in a single handler:
mux := http.NewServeMux() mux.Handle("/", tracker.HandleTrack(chaff.HeaderDetector("X-Chaff"), myHandler))
In this example, requests to
/are served normally and the tracker generates heuristics automatically. When a request includes anX-Chaffheader, the handler sends a chaff response. -
Option 2 - create the tracker on specific routes and provide a dedicated chaff endpoint. This is useful when you trust the server operator, but not the network observer:
r := mux.NewRouter() tracker := chaff.New() defer tracker.Close() mux := http.NewServeMux() mux.Handle("/", tracker.Track()) mux.Handle("/chaff", tracker.HandleChaff())