ref: sound SENTRY_DISALLOWED_IPS on the configuration file #3981
Conversation
To not mislead people and to prevent time spent scrolling on GitHub issues just to fix why requests to private IP addresses are not working.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #3981 +/- ##
===========================================
+ Coverage 88.83% 99.49% +10.65%
===========================================
Files 3 3
Lines 197 197
===========================================
+ Hits 175 196 +21
+ Misses 22 1 -21 ☔ View full report in Codecov by Sentry. |
| # accidentally leaking sensitive information to third parties. | ||
| # By default, Sentry will not allow requests to private IP addresses. | ||
| # You can override this by configuring the allowed IP addresses here. | ||
| SENTRY_DISALLOWED_IPS: tuple[str, ...] = ( |
There was a problem hiding this comment.
Is this list maintained on sentry repository and once you remove an IP from here you can send a request to that removed IP?
SENTRY_DISALLOWED_IPS is a little misleading name IMHO.
There was a problem hiding this comment.
Is this list maintained on sentry repository and once you remove an IP from here you can send a request to that removed IP?
Yes.
SENTRY_DISALLOWED_IPSis a little misleading name IMHO.
cc @oioki
There was a problem hiding this comment.
Maybe it's better for self-hosted to maintain a SENTRY_OUTGOING_ALLOWED_IPS list and remove the items from getsentry/sentry list?
Not that IANA is going to change this list :) It has better readability for users to maintain allowed IPs.
There was a problem hiding this comment.
Just realized, I don't think it's possible since it's a tuple and we're gonna have a lot of utils function to figure out which IP address belongs to which IP subnet...
2 participants
To not mislead people and to prevent time spent scrolling on GitHub issues just to fix why requests to private IP addresses are not working.
One example: #3957