diff options
author | Achilleas Pipinellis <axil@gitlab.com> | 2019-08-08 16:54:53 +0000 |
---|---|---|
committer | Achilleas Pipinellis <axil@gitlab.com> | 2019-08-08 16:54:53 +0000 |
commit | 0077e20b116c7c4bb860f9ab23d0cad5059fe876 (patch) | |
tree | a74caa0546666856c9940843ec25b7a4244bf35b | |
parent | 79bff3ee7a0d2d91faedeadb1965966f7551b62c (diff) | |
parent | 409126c891a40cb104e91d76e6ef99a327602bb4 (diff) | |
download | gitlab-ce-0077e20b116c7c4bb860f9ab23d0cad5059fe876.tar.gz |
Merge branch '44496-docs' into 'master'
Docs for local requests whitelist
See merge request gitlab-org/gitlab-ce!31520
-rw-r--r-- | doc/raketasks/web_hooks.md | 5 | ||||
-rw-r--r-- | doc/security/img/whitelist.png | bin | 0 -> 10650 bytes | |||
-rw-r--r-- | doc/security/webhooks.md | 30 | ||||
-rw-r--r-- | doc/system_hooks/system_hooks.md | 5 |
4 files changed, 40 insertions, 0 deletions
diff --git a/doc/raketasks/web_hooks.md b/doc/raketasks/web_hooks.md index a498e9793c1..cc1166a04cc 100644 --- a/doc/raketasks/web_hooks.md +++ b/doc/raketasks/web_hooks.md @@ -53,3 +53,8 @@ sudo gitlab-rake gitlab:web_hook:list NAMESPACE=acme # source installations bundle exec rake gitlab:web_hook:list NAMESPACE=acme RAILS_ENV=production ``` + +## Local requests in webhooks + +[Requests to local network by webhooks](../security/webhooks.md) can be allowed +or blocked by an administrator. diff --git a/doc/security/img/whitelist.png b/doc/security/img/whitelist.png Binary files differnew file mode 100644 index 00000000000..897000e804d --- /dev/null +++ b/doc/security/img/whitelist.png diff --git a/doc/security/webhooks.md b/doc/security/webhooks.md index 7ece9407ac0..e39bc9a9626 100644 --- a/doc/security/webhooks.md +++ b/doc/security/webhooks.md @@ -45,6 +45,36 @@ NOTE: **Note:** set up by administrators. However, you can turn this off by disabling the **Allow requests to the local network from system hooks** option. +## Whitelist for local requests + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/44496) in GitLab 12.2 + +You can allow certain domains and IP addresses to be accessible to both *system hooks* +and *webhooks* even when local requests are not allowed by adding them to the +whitelist. Navigate to **Admin Area > Settings > Network** (`/admin/application_settings/network`) +and expand **Outbound requests**: + +![Outbound local requests whitelist](img/whitelist.png) + +The whilelist entries can be separated by semicolons, commas or whitespaces +(including newlines) and be in different formats like hostnames, IP addresses and/or +IP ranges. IPv6 is supported. Hostnames that contain unicode characters should +use IDNA encoding. + +The whitelist can hold a maximum of 1000 entries. Each entry can be a maximum of +255 characters. + +Example: + +```text +example.com;gitlab.example.com +127.0.0.1,1:0:0:0:0:0:0:1 +127.0.0.0/8 1:0:0:0:0:0:0:0/124 +``` + +NOTE: **Note:** +Wildcards (`*.example.com`) and ports (`127.0.0.1:3000`) are not currently supported. + <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues diff --git a/doc/system_hooks/system_hooks.md b/doc/system_hooks/system_hooks.md index e8bd35fba5c..1e9eb15533a 100644 --- a/doc/system_hooks/system_hooks.md +++ b/doc/system_hooks/system_hooks.md @@ -644,6 +644,11 @@ X-Gitlab-Event: System Hook } ``` +## Local requests in system hooks + +[Requests to local network by system hooks](../security/webhooks.md) can be allowed +or blocked by an administrator. + <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues |