成功最有效的方法就是向有经验的人学习!

gitlab使用webhook向jenkins发送请求,报错 Requests to the local network are not allowed

以下是官方给出解释:

链接:https://docs.gitlab.com/ee/security/webhooks.html

If you have non-GitLab web services running on your GitLab server or within its local network, these may be vulnerable to exploitation via Webhooks.
With Webhooks, you and your project maintainers and owners can set up URLs to be triggered when specific things happen to projects. Normally, these requests are sent to external web services specifically set up for this purpose, that process the request and its attached data in some appropriate way.
Things get hairy, however, when a Webhook is set up with a URL that doesn’t point to an external, but to an internal service, that may do something completely unintended when the webhook is triggered and the POST request is sent.
Because Webhook requests are made by the GitLab server itself, these have complete access to everything running on the server (http://localhost:123) or within the server’s local network (http://192.168.1.12:345), even if these services are otherwise protected and inaccessible from the outside world.
If a web service does not require authentication, Webhooks can be used to trigger destructive commands by getting the GitLab server to make POST requests to endpoints like “http://localhost:123/some-resource/delete”.
To prevent this type of exploitation from happening, starting with GitLab 10.6, all Webhook requests to the current GitLab instance server address and/or in a private network will be forbidden by default. That means that all requests made to 127.0.0.1, ::1 and 0.0.0.0, as well as IPv4 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 and IPv6 site-local (ffc0::/10) addresses won’t be allowed.
This behavior can be overridden by enabling the option “Allow requests to the local network from hooks and services” in the “Outbound requests” section inside the Admin area under Settings (/admin/application_settings):

大致意思 gitlab 10.6 版本以后为了安全,不允许向本地网络发送webhook请求,如果想向本地网络发送webhook请求,则需要使用管理员帐号登录,默认管理员帐号是root,密码就是你gitlab搭建好之后第一次输入的密码,登录之后,进入Admin area,在Admin area中,在settings标签下面点击network,找到OutBound Request,勾选上Allow requests to the local network from hooks and services,保存更改即可解决问题,如下图所示

 

赞(0) 打赏
未经允许不得转载:陈桂林博客 » gitlab使用webhook向jenkins发送请求,报错 Requests to the local network are not allowed

大佬们的评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

全新“一站式”建站,高质量、高售后的一条龙服务

橙子建站.极速智能建站8折购买虚拟主机

觉得文章有用就打赏一下文章作者

非常感谢你的打赏,我们将继续给力更多优质内容,让我们一起创建更加美好的网络世界!

支付宝扫一扫打赏

微信扫一扫打赏