kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add docs for local requests whitelist

Browse source 
- Add documentation under security/webhooks since similar docs are
present there.
This commit is contained in:
Reuben Pereira 2019-08-08 16:54:52 +00:00 committed by Achilleas Pipinellis
parent 79bff3ee7a
commit 409126c891
4 changed files with 40 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
doc/raketasks/web_hooks.md
View file

@ -53,3 +53,8 @@ sudo gitlab-rake gitlab:web_hook:list NAMESPACE=acme
# source installations
bundle exec rake gitlab:web_hook:list NAMESPACE=acme RAILS_ENV=production
```
## Local requests in webhooks
[Requests to local network by webhooks](../security/webhooks.md) can be allowed
or blocked by an administrator.

BIN
doc/security/img/whitelist.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 10 KiB

30
doc/security/webhooks.md
View file

@ -45,6 +45,36 @@ NOTE: **Note:**
set up by administrators. However, you can turn this off by disabling the
**Allow requests to the local network from system hooks** option.
## Whitelist for local requests
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/44496) in GitLab 12.2
You can allow certain domains and IP addresses to be accessible to both *system hooks*
and *webhooks* even when local requests are not allowed by adding them to the
whitelist. Navigate to **Admin Area > Settings > Network** (`/admin/application_settings/network`)
and expand **Outbound requests**:
![Outbound local requests whitelist](img/whitelist.png)
The whilelist entries can be separated by semicolons, commas or whitespaces
(including newlines) and be in different formats like hostnames, IP addresses and/or
IP ranges. IPv6 is supported. Hostnames that contain unicode characters should
use IDNA encoding.
The whitelist can hold a maximum of 1000 entries. Each entry can be a maximum of
255 characters.
Example:
```text
example.com;gitlab.example.com
127.0.0.1,1:0:0:0:0:0:0:1
127.0.0.0/8 1:0:0:0:0:0:0:0/124
```
NOTE: **Note:**
Wildcards (`*.example.com`) and ports (`127.0.0.1:3000`) are not currently supported.
<!-- ## Troubleshooting
Include any troubleshooting steps that you can foresee. If you know beforehand what issues

5
doc/system_hooks/system_hooks.md
View file

@ -644,6 +644,11 @@ X-Gitlab-Event: System Hook
}
```
## Local requests in system hooks
[Requests to local network by system hooks](../security/webhooks.md) can be allowed
or blocked by an administrator.
<!-- ## Troubleshooting
Include any troubleshooting steps that you can foresee. If you know beforehand what issues