add url spider configuration
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
a5c1015e0f
commit
f44b8a163c
@ -105,6 +105,32 @@ matrix_open_ports:
|
||||
-A INPUT -m state --state NEW -p tcp --dport {{ matrix_http_bind_port }} -j ACCEPT
|
||||
state: present
|
||||
|
||||
matrix_url_preview_enabled: False
|
||||
|
||||
# List of IP address CIDR ranges that the URL preview spider is denied
|
||||
# from accessing. You should specify any internal services in your
|
||||
# network that you do not want synapse to try to connect to, otherwise
|
||||
# anyone in any Matrix room could cause your synapse to issue arbitrary
|
||||
# GET requests to your internal services, causing serious security issues.
|
||||
# matrix_url_preview_blacklist: # defaults to not set
|
||||
# - '127.0.0.0/8'
|
||||
# - '10.0.0.0/8'
|
||||
# - '172.16.0.0/12'
|
||||
# - '192.168.0.0/16'
|
||||
# - '100.64.0.0/10'
|
||||
# - '169.254.0.0/16'
|
||||
# - '::1/128'
|
||||
# - 'fe80::/64'
|
||||
# - 'fc00::/7'
|
||||
|
||||
# Optional list of URL matches that the URL preview spider is
|
||||
# denied from accessing.
|
||||
# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
|
||||
# matrix_url_preview_url_blacklist:
|
||||
# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
|
||||
# - netloc: '^([A-f0-9:]+:+)+[A-f0-9]+$'
|
||||
matrix_url_preview_max_spider_size: 10M
|
||||
|
||||
matrix_tls_enabled: False
|
||||
matrix_tls_dhparam_path: "{{ matrix_base_dir }}/tls/dhparam.pem"
|
||||
matrix_tls_dhparam_size: 2048
|
||||
|
||||
@ -319,27 +319,13 @@ thumbnail_sizes:
|
||||
# Is the preview URL API enabled? If enabled, you *must* specify
|
||||
# an explicit url_preview_ip_range_blacklist of IPs that the spider is
|
||||
# denied from accessing.
|
||||
url_preview_enabled: False
|
||||
url_preview_enabled: {% 'True' if matrix_url_preview_enabled else 'False' %}
|
||||
|
||||
{% if matrix_url_preview_ip_blacklist is defined %}
|
||||
url_preview_ip_range_blacklist:
|
||||
{{ matrix_url_preview_ip_blacklist | to_nice_yaml }}
|
||||
{% endif %}
|
||||
|
||||
# List of IP address CIDR ranges that the URL preview spider is denied
|
||||
# from accessing. There are no defaults: you must explicitly
|
||||
# specify a list for URL previewing to work. You should specify any
|
||||
# internal services in your network that you do not want synapse to try
|
||||
# to connect to, otherwise anyone in any Matrix room could cause your
|
||||
# synapse to issue arbitrary GET requests to your internal services,
|
||||
# causing serious security issues.
|
||||
#
|
||||
# url_preview_ip_range_blacklist:
|
||||
# - '127.0.0.0/8'
|
||||
# - '10.0.0.0/8'
|
||||
# - '172.16.0.0/12'
|
||||
# - '192.168.0.0/16'
|
||||
# - '100.64.0.0/10'
|
||||
# - '169.254.0.0/16'
|
||||
# - '::1/128'
|
||||
# - 'fe80::/64'
|
||||
# - 'fc00::/7'
|
||||
#
|
||||
# List of IP address CIDR ranges that the URL preview spider is allowed
|
||||
# to access even if they are specified in url_preview_ip_range_blacklist.
|
||||
# This is useful for specifying exceptions to wide-ranging blacklisted
|
||||
@ -349,44 +335,13 @@ url_preview_enabled: False
|
||||
# url_preview_ip_range_whitelist:
|
||||
# - '192.168.1.1'
|
||||
|
||||
# Optional list of URL matches that the URL preview spider is
|
||||
# denied from accessing. You should use url_preview_ip_range_blacklist
|
||||
# in preference to this, otherwise someone could define a public DNS
|
||||
# entry that points to a private IP address and circumvent the blacklist.
|
||||
# This is more useful if you know there is an entire shape of URL that
|
||||
# you know that will never want synapse to try to spider.
|
||||
#
|
||||
# Each list entry is a dictionary of url component attributes as returned
|
||||
# by urlparse.urlsplit as applied to the absolute form of the URL. See
|
||||
# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
|
||||
# The values of the dictionary are treated as an filename match pattern
|
||||
# applied to that component of URLs, unless they start with a ^ in which
|
||||
# case they are treated as a regular expression match. If all the
|
||||
# specified component matches for a given list item succeed, the URL is
|
||||
# blacklisted.
|
||||
#
|
||||
# url_preview_url_blacklist:
|
||||
# # blacklist any URL with a username in its URI
|
||||
# - username: '*'
|
||||
#
|
||||
# # blacklist all *.google.com URLs
|
||||
# - netloc: 'google.com'
|
||||
# - netloc: '*.google.com'
|
||||
#
|
||||
# # blacklist all plain HTTP URLs
|
||||
# - scheme: 'http'
|
||||
#
|
||||
# # blacklist http(s)://www.acme.com/foo
|
||||
# - netloc: 'www.acme.com'
|
||||
# path: '/foo'
|
||||
#
|
||||
# # blacklist any URL with a literal IPv4 address
|
||||
# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
|
||||
{% if matrix_url_preview_url_blacklist is defined %}
|
||||
url_preview_url_blacklist:
|
||||
{{ matrix_url_preview_url_blacklist | to_nice_yaml }}
|
||||
{% endif %}
|
||||
|
||||
# The largest allowed URL preview spidering size in bytes
|
||||
max_spider_size: "10M"
|
||||
|
||||
|
||||
max_spider_size: "{{ matrix_url_preview_max_spider_size }}"
|
||||
|
||||
|
||||
## Captcha ##
|
||||
|
||||
Loading…
Reference in New Issue
Block a user