mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2025-05-03 16:04:50 -04:00
Use the federation blacklist for requests to untrusted Identity Servers (#6000)
Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses. Fixes #5935
This commit is contained in:
Andrew Morgan
Richard van der Hoff
parent
1ea3ed7620
commit
e08ea43463
5 changed files with 28 additions and 4 deletions
|
|
@ -545,6 +545,9 @@ class ServerConfig(Config):
|
|||
# blacklist IP address CIDR ranges. If this option is not specified, or
|
||||
# specified with an empty list, no ip range blacklist will be enforced.
|
||||
#
|
||||
# As of Synapse v1.4.0 this option also affects any outbound requests to identity
|
||||
# servers provided by user input.
|
||||
#
|
||||
# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
|
||||
# listed here, since they correspond to unroutable addresses.)
|
||||
#
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue