This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
It should be possible to configure a list of IPs synapse will not make outbound connections to #3953
Description
We have url_preview_ip_range_blacklist, but no equivalent for federation requests. The attack surface is of course much smaller, but I still don't like the idea of my synapse going and hitting random HTTP servers within my firewall because someone pointed a DNS record at them. In particular, it's currently possible to make synapse send requests back to itself with a DNS record which resolves to 127.0.0.1