# TCProxy

**TCProxy** is a lightweight TCP proxy designed to forward HTTPS and HTTP traffic while enforcing an IP-based whitelist. It inspects incoming connections, determines if they are HTTPS or HTTP, and forwards them accordingly to the appropriate backend server.

### Features:
- **SNI-based Routing**: Extracts the Server Name Indication (SNI) from HTTPS requests and forwards them to the correct backend.
- **IP Whitelisting**: Allows only approved IP addresses to connect, dynamically reloading the whitelist file on changes.
- **Seamless HTTP/HTTPS Handling**: Differentiates between HTTP and HTTPS connections and routes them accordingly.
- **Concurrency Support**: Uses goroutines and wait groups for efficient connection handling.
- **Customizable Binding**: Supports binding to a custom address and port via command-line flags.
- **Lightweight & Self-Contained**: Written in Go with no external dependencies apart from the standard library.

### Usage:
```
tcproxy -b <bind-address>
```
Or with default options:
```
tcproxy
```
### Command-line Options:
- `-b, --bind`: Set the address to bind (default: `localhost:8443`).
- `-v, --version`: Display the version.
- `-h, --help`: Show usage instructions.

### Example:
```sh
tcproxy -b "0.0.0.0:8443"
```
This starts TCProxy, listening on all interfaces at port 8443.

### Requirements:
- Go 1.16+
- A `whitelist.txt` file for IP-based filtering.

### Installation:
Build from source:
```sh
git clone https://git.behzadan.com/reza/tcproxy.git
cd tcproxy
make
```

### Acknowledgements

- [https://www.agwa.name/blog/post/writing_an_sni_proxy_in_go](https://www.agwa.name/blog/post/writing_an_sni_proxy_in_go)
- [https://www.agwa.name/blog/post/writing_an_sni_proxy_in_go/media/sniproxy.go](https://www.agwa.name/blog/post/writing_an_sni_proxy_in_go/media/sniproxy.go)