Apply an IP range blacklist to push and key revocation requests. (#8821)

Replaces the `federation_ip_range_blacklist` configuration setting with an `ip_range_blacklist` setting with wider scope. It now applies to: * Federation * Identity servers * Push notifications * Checking key validitity for third-party invite events The old `federation_ip_range_blacklist` setting is still honored if present, but with reduced scope (it only applies to federation and identity servers).
2025-08-11 22:00:03 -04:00 · 2020-12-02 11:09:24 -05:00 · 2020-12-02 11:09:24 -05:00 · 30fba62108
commit 30fba62108
parent c5b6abd53d
43 changed files with 175 additions and 114 deletions
--- a/tests/http/federation/test_matrix_federation_agent.py
+++ b/tests/http/federation/test_matrix_federation_agent.py
@ -17,6 +17,7 @@ import logging
 from mock import Mock

 import treq
+from netaddr import IPSet
 from service_identity import VerificationError
 from zope.interface import implementer

@ -103,6 +104,7 @@ class MatrixFederationAgentTests(unittest.TestCase):
            reactor=self.reactor,
            tls_client_options_factory=self.tls_factory,
            user_agent="test-agent",  # Note that this is unused since _well_known_resolver is provided.
+            ip_blacklist=IPSet(),
            _srv_resolver=self.mock_resolver,
            _well_known_resolver=self.well_known_resolver,
        )
@ -736,6 +738,7 @@ class MatrixFederationAgentTests(unittest.TestCase):
            reactor=self.reactor,
            tls_client_options_factory=tls_factory,
            user_agent=b"test-agent",  # This is unused since _well_known_resolver is passed below.
+            ip_blacklist=IPSet(),
            _srv_resolver=self.mock_resolver,
            _well_known_resolver=WellKnownResolver(
                self.reactor,