mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-14 10:52:41 +01:00
948b0ceca4
Summary: Ref T13053. Postmark support recommends testing requests against a whitelist of known remote addresses to determine request authenticity. Today, the list can be found here: <https://postmarkapp.com/support/article/800-ips-for-firewalls> This is potentially less robust than, e.g., HMAC verification, since they may need to add new datacenters or support IPv6 or something. Users might also have weird network topologies where everything is proxied, and this makes testing/simulating more difficult. Allow users to configure the list so that they don't need to hack things apart if Postmark adds a new datacenter or remote addresses are unreliable for some other reason, but ship with safe defaults for today. Test Plan: Tried to make local requests, got kicked out. Added `0.0.0.0/0` to the list, stopped getting kicked out. I don't have a convenient way to route real Postmark traffic to my development laptop with an authentic remote address so I haven't verified that the published remote address is legitimate, but I'll vet that in production when I go through all the other mailers. Maniphest Tasks: T13053 Differential Revision: https://secure.phabricator.com/D19025 |
||
|---|---|---|
| .. | ||
| __tests__ | ||
| aphront | ||
| applications | ||
| docs | ||
| extensions | ||
| infrastructure | ||
| view | ||
| __phutil_library_init__.php | ||
| __phutil_library_map__.php | ||