Default to blacklisting reserved IP ranges and add a whitelist. (#8870)

This defaults `ip_range_blacklist` to reserved IP ranges and also adds an `ip_range_whitelist` setting to override it.
author: Patrick Cloke <clokep@users.noreply.github.com> 2020-12-09 13:56:06 -0500
committer: GitHub <noreply@github.com> 2020-12-09 13:56:06 -0500
commit: 344ab0b53abc0291d79882f8bdc1a853f7495ed4 (patch)
tree: 9afde738b258c6f42e3e27458c63693546a3dd31 /synapse/server.py
parent: Skip the SAML tests if xmlsec1 isn't available. (#8905) (diff)
download: synapse-344ab0b53abc0291d79882f8bdc1a853f7495ed4.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/synapse/server.py b/synapse/server.py
index 9af759626e..043810ad31 100644
--- a/synapse/server.py
+++ b/synapse/server.py
@@ -370,10 +370,11 @@ class HomeServer(metaclass=abc.ABCMeta):
     def get_proxied_blacklisted_http_client(self) -> SimpleHttpClient:
         """
         An HTTP client that uses configured HTTP(S) proxies and blacklists IPs
-        based on the IP range blacklist.
+        based on the IP range blacklist/whitelist.
         """
         return SimpleHttpClient(
             self,
+            ip_whitelist=self.config.ip_range_whitelist,
             ip_blacklist=self.config.ip_range_blacklist,
             http_proxy=os.getenvb(b"http_proxy"),
             https_proxy=os.getenvb(b"HTTPS_PROXY"),
author	Patrick Cloke <clokep@users.noreply.github.com>	2020-12-09 13:56:06 -0500
committer	GitHub <noreply@github.com>	2020-12-09 13:56:06 -0500
commit	344ab0b53abc0291d79882f8bdc1a853f7495ed4 (patch)
tree	9afde738b258c6f42e3e27458c63693546a3dd31 /synapse/server.py
parent	Skip the SAML tests if xmlsec1 isn't available. (#8905) (diff)
download	synapse-344ab0b53abc0291d79882f8bdc1a853f7495ed4.tar.xz