summary refs log tree commit diff
path: root/synapse/config
diff options
context:
space:
mode:
authorMatthew Hodgson <matthew@matrix.org>2016-05-01 12:44:24 +0100
committerMatthew Hodgson <matthew@matrix.org>2016-05-01 12:44:24 +0100
commit792def49288432852fef5059f13184af67843818 (patch)
treeee56557c6afd45e41e3eb8ab9770279e6a42aff1 /synapse/config
parentMerge pull request #758 from matrix-org/dbkr/fix_password_reset (diff)
downloadsynapse-792def49288432852fef5059f13184af67843818.tar.xz
add a url_preview_ip_range_whitelist config param so we can whitelist the matrix.org IP space
Diffstat (limited to 'synapse/config')
-rw-r--r--synapse/config/repository.py14
1 files changed, 14 insertions, 0 deletions
diff --git a/synapse/config/repository.py b/synapse/config/repository.py
index d61e525e62..44224424f6 100644
--- a/synapse/config/repository.py
+++ b/synapse/config/repository.py
@@ -100,6 +100,11 @@ class ContentRepositoryConfig(Config):
                     "to work"
                 )
 
+            if "url_preview_ip_range_whitelist" in config:
+                self.url_preview_ip_range_whitelist = IPSet(
+                    config["url_preview_ip_range_whitelist"]
+                )
+
             if "url_preview_url_blacklist" in config:
                 self.url_preview_url_blacklist = config["url_preview_url_blacklist"]
 
@@ -162,6 +167,15 @@ class ContentRepositoryConfig(Config):
         # - '10.0.0.0/8'
         # - '172.16.0.0/12'
         # - '192.168.0.0/16'
+        #
+        # List of IP address CIDR ranges that the URL preview spider is allowed
+        # to access even if they are specified in url_preview_ip_range_blacklist.
+        # This is useful for specifying exceptions to wide-ranging blacklisted
+        # target IP ranges - e.g. for enabling URL previews for a specific private
+        # website only visible in your network.
+        #
+        # url_preview_ip_range_whitelist:
+        # - '192.168.1.1'
 
         # Optional list of URL matches that the URL preview spider is
         # denied from accessing.  You should use url_preview_ip_range_blacklist