Paths

Table of Contentst

Differential D16986

Add IPv6 reserved addresses to the default outbound blacklist
ClosedPublic
Actions

Authored by epriestley on Dec 5 2016, 6:05 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Mar 29, 10:04 PM

	Unknown Object (File)
	Feb 22 2024, 7:40 PM

	Unknown Object (File)
	Feb 22 2024, 6:43 AM

	Unknown Object (File)
	Feb 22 2024, 6:43 AM

	Unknown Object (File)
	Feb 22 2024, 12:03 AM

	Unknown Object (File)
	Feb 14 2024, 12:11 PM

	Unknown Object (File)
	Feb 14 2024, 11:57 AM

	Unknown Object (File)
	Feb 7 2024, 9:28 PM

Subscribers

None

Details

Reviewers

Maniphest Tasks

T11939: IPv6 Support

Commits

rP5a060b34df81: Add IPv6 reserved addresses to the default outbound blacklist

Summary

Ref T11939. Depends on D16984. Now that CIDRLists can contain IPv6 addresses, blacklist all of the reserved IPv6 space.

This reserved blacklist is used to prevent users from accessing internal services via "Import Calendar" or "Add Macro".

They can't actually reach IPv6 addresses via these mechanisms yet because we need to do more work to support outbound IPv6 requests, but make sure reserved IPv6 space is blacklisted already when that support eventaully arrives.

Also, clean up some error messages (e.g., for trying to hit a bad URI in "Add Macro").

Test Plan

Loaded pages with default blacklist.
Tried to make requests into IPv6 space.
Currently, this is impossible because of parse_url() and gethostynamel() calls.

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 40866.Dec 5 2016, 6:05 PM

epriestley retitled this revision from to Add IPv6 reserved addresses to the default outbound blacklist.

epriestley updated this object.

epriestley edited the test plan for this revision. (Show Details)

epriestley added a reviewer: chad.

epriestley added a task: T11939: IPv6 Support.

epriestley added a parent revision: D16984: Support IPv6 in CIDR block lists.

chad accepted this revision.Dec 5 2016, 6:41 PM

chad edited edge metadata.

This revision is now accepted and ready to land.Dec 5 2016, 6:41 PM

Closed by commit rP5a060b34df81: Add IPv6 reserved addresses to the default outbound blacklist (authored by epriestley, committed by epriestley). · Explain WhyDec 5 2016, 7:20 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

config/

option/

PhabricatorSecurityConfigOptions.php

17 lines

infrastructure/

env/

PhabricatorEnv.php

14 lines

Diff 40871

src/applications/config/option/PhabricatorSecurityConfigOptions.php

Loading...

src/infrastructure/env/PhabricatorEnv.php

Loading...