don't send requests to specified list of IP CIDRs
this can most definitely be improved but this is a decent attempt. the only annoying this is i couldn't just use a Vec<IPAddress> which would have significantly simplified all of this, but serde can't deserialise it on the config side i guess. i may find a better way to do this in the future, but this should cover most areas anyways. Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry
June
parent
71d247232d
commit
fa0c083555
8 changed files with 186 additions and 3 deletions
|
|
@ -77,7 +77,33 @@ max_request_size = 20_000_000 # in bytes
|
|||
# See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH before deciding to enable this.
|
||||
zstd_compression = false
|
||||
|
||||
|
||||
# Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you do not want conduwuit to send outbound requests to.
|
||||
# Defaults to RFC1918, unroutable, loopback, multicast, and testnet addresses for security.
|
||||
#
|
||||
# To disable, set this to be an empty vector (`[]`).
|
||||
#
|
||||
# Currently this does not account for proxies in use like Synapse does.
|
||||
ip_range_denylist = [
|
||||
"127.0.0.0/8",
|
||||
"10.0.0.0/8",
|
||||
"172.16.0.0/12",
|
||||
"192.168.0.0/16",
|
||||
"100.64.0.0/10",
|
||||
"192.0.0.0/24",
|
||||
"169.254.0.0/16",
|
||||
"192.88.99.0/24",
|
||||
"198.18.0.0/15",
|
||||
"192.0.2.0/24",
|
||||
"198.51.100.0/24",
|
||||
"203.0.113.0/24",
|
||||
"224.0.0.0/4",
|
||||
"::1/128",
|
||||
"fe80::/10",
|
||||
"fc00::/7",
|
||||
"2001:db8::/32",
|
||||
"ff00::/8",
|
||||
"fec0::/10",
|
||||
]
|
||||
|
||||
### Moderation / Privacy / Security
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue