diff options
author | rpereira2 <rpereira@gitlab.com> | 2019-08-06 17:27:54 +0530 |
---|---|---|
committer | rpereira2 <rpereira@gitlab.com> | 2019-08-06 17:32:07 +0530 |
commit | cc510403cea2d4fbe620b46ef52dedb51885a752 (patch) | |
tree | b89836a2dbf7c720af3f91fb3c54f26e7836f3e0 | |
parent | 65261bdd12ef69a6fea880e364cf6efdbd83e37d (diff) | |
download | gitlab-ce-44496-docs.tar.gz |
Make the description of formats more concise44496-docs
- Also use 'webhooks' instead of 'web hooks'.
-rw-r--r-- | doc/raketasks/web_hooks.md | 5 | ||||
-rw-r--r-- | doc/security/webhooks.md | 45 |
2 files changed, 17 insertions, 33 deletions
diff --git a/doc/raketasks/web_hooks.md b/doc/raketasks/web_hooks.md index c220cc34327..cc1166a04cc 100644 --- a/doc/raketasks/web_hooks.md +++ b/doc/raketasks/web_hooks.md @@ -53,7 +53,8 @@ sudo gitlab-rake gitlab:web_hook:list NAMESPACE=acme # source installations bundle exec rake gitlab:web_hook:list NAMESPACE=acme RAILS_ENV=production ``` -## Local requests in web hooks -[Requests to local network by web hooks](../security/webhooks.md) can be allowed +## Local requests in webhooks + +[Requests to local network by webhooks](../security/webhooks.md) can be allowed or blocked by an administrator. diff --git a/doc/security/webhooks.md b/doc/security/webhooks.md index 45b892b8e1f..e39bc9a9626 100644 --- a/doc/security/webhooks.md +++ b/doc/security/webhooks.md @@ -45,49 +45,32 @@ NOTE: **Note:** set up by administrators. However, you can turn this off by disabling the **Allow requests to the local network from system hooks** option. -## Whitelist for local requests **(CORE)** +## Whitelist for local requests > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/44496) in GitLab 12.2 You can allow certain domains and IP addresses to be accessible to both *system hooks* -and *web hooks* even when local requests are not allowed by adding them to the +and *webhooks* even when local requests are not allowed by adding them to the whitelist. Navigate to **Admin Area > Settings > Network** (`/admin/application_settings/network`) and expand **Outbound requests**: ![Outbound local requests whitelist](img/whitelist.png) -The whitelist entries can be separated by: +The whilelist entries can be separated by semicolons, commas or whitespaces +(including newlines) and be in different formats like hostnames, IP addresses and/or +IP ranges. IPv6 is supported. Hostnames that contain unicode characters should +use IDNA encoding. -- `;` +The whitelist can hold a maximum of 1000 entries. Each entry can be a maximum of +255 characters. - Ex: `example.com;127.0.0.1;192.168.1.1` +Example: -- `,` - - Ex: `example.com,127.0.0.1,192.168.1.1` - -- Whitespace (including newline). - - Ex: - - ```text - example.com 127.0.0.1 - 192.168.1.1 - ``` - -Whitelist entries can be in the following formats: - -- Hostnames. Hostnames that contain unicode characters should use IDNA encoding. - - Ex: `example.com gitlab.example.com localhost` - -- IP addresses. - - Ex: `127.0.0.1 192.168.1.1` - -- IP address ranges. - - Ex: `127.0.0.0/8` +```text +example.com;gitlab.example.com +127.0.0.1,1:0:0:0:0:0:0:1 +127.0.0.0/8 1:0:0:0:0:0:0:0/124 +``` NOTE: **Note:** Wildcards (`*.example.com`) and ports (`127.0.0.1:3000`) are not currently supported. |