Apply an IP range blacklist to push and key revocation requests. (#8821)

Replaces the `federation_ip_range_blacklist` configuration setting with an `ip_range_blacklist` setting with wider scope. It now applies to: * Federation * Identity servers * Push notifications * Checking key validitity for third-party invite events The old `federation_ip_range_blacklist` setting is still honored if present, but with reduced scope (it only applies to federation and identity servers).
author: Patrick Cloke <clokep@users.noreply.github.com> 2020-12-02 11:09:24 -0500
committer: GitHub <noreply@github.com> 2020-12-02 11:09:24 -0500
commit: 30fba6210834a4ecd91badf0c8f3eb278b72e746 (patch)
tree: 3396057c52cf6372d4bec0d32fe08f767f6f5d31 /synapse/handlers
parent: Correctly handle unpersisted events when calculating auth chain difference. (... (diff)
download: synapse-30fba6210834a4ecd91badf0c8f3eb278b72e746.tar.xz
2 files changed, 4 insertions, 4 deletions
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index b9799090f7..df82e60b33 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -140,7 +140,7 @@ class FederationHandler(BaseHandler):
         self._message_handler = hs.get_message_handler()
         self._server_notices_mxid = hs.config.server_notices_mxid
         self.config = hs.config
-        self.http_client = hs.get_simple_http_client()
+        self.http_client = hs.get_proxied_blacklisted_http_client()
         self._instance_name = hs.get_instance_name()
         self._replication = hs.get_replication_data_handler()
 
diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py
index 9b3c6b4551..7301c24710 100644
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -46,13 +46,13 @@ class IdentityHandler(BaseHandler):
     def __init__(self, hs):
         super().__init__(hs)
 
+        # An HTTP client for contacting trusted URLs.
         self.http_client = SimpleHttpClient(hs)
-        # We create a blacklisting instance of SimpleHttpClient for contacting identity
-        # servers specified by clients
+        # An HTTP client for contacting identity servers specified by clients.
         self.blacklisting_http_client = SimpleHttpClient(
             hs, ip_blacklist=hs.config.federation_ip_range_blacklist
         )
-        self.federation_http_client = hs.get_http_client()
+        self.federation_http_client = hs.get_federation_http_client()
         self.hs = hs
 
     async def threepid_from_creds(
author	Patrick Cloke <clokep@users.noreply.github.com>	2020-12-02 11:09:24 -0500
committer	GitHub <noreply@github.com>	2020-12-02 11:09:24 -0500
commit	30fba6210834a4ecd91badf0c8f3eb278b72e746 (patch)
tree	3396057c52cf6372d4bec0d32fe08f767f6f5d31 /synapse/handlers
parent	Correctly handle unpersisted events when calculating auth chain difference. (... (diff)
download	synapse-30fba6210834a4ecd91badf0c8f3eb278b72e746.tar.xz