2023-05-27 22:25:52 +05:30
- deny_all_requests = @application_setting.deny_all_requests_except_allowed
2022-06-21 17:19:12 +05:30
= gitlab_ui_form_for @application_setting, url: network_admin_application_settings_path(anchor: 'js-outbound-settings'), html: { class: 'fieldset-form' } do |f|
2022-10-11 01:57:18 +05:30
= form_errors(@application_setting)
2018-05-09 12:01:36 +05:30
%fieldset
.form-group
2023-05-27 22:25:52 +05:30
= f.gitlab_ui_checkbox_component :deny_all_requests_except_allowed,
s_('OutboundRequests|Block all requests, except for IP addresses, IP ranges, and domain names defined in the allowlist'),
checkbox_options: { class: 'js-deny-all-requests' }
= render Pajamas::AlertComponent.new(variant: :warning,
dismissible: false,
alert_options: { class: "gl-mb-3 js-deny-all-requests-warning #{'gl-display-none' unless deny_all_requests}" }) do |c|
2023-07-09 08:55:56 +05:30
- c.with_body do
2023-05-27 22:25:52 +05:30
= s_('OutboundRequests|Webhooks and integrations might not work properly.')
2022-06-21 17:19:12 +05:30
= f.gitlab_ui_checkbox_component :allow_local_requests_from_web_hooks_and_services,
2023-05-27 22:25:52 +05:30
s_('OutboundRequests|Allow requests to the local network from webhooks and integrations'),
checkbox_options: { disabled: deny_all_requests, class: 'js-allow-local-requests', data: { qa_selector: 'allow_requests_from_services_checkbox' } }
2022-06-21 17:19:12 +05:30
= f.gitlab_ui_checkbox_component :allow_local_requests_from_system_hooks,
2023-05-27 22:25:52 +05:30
s_('OutboundRequests|Allow requests to the local network from system hooks'),
checkbox_options: { disabled: deny_all_requests, class: 'js-allow-local-requests' }
2019-10-12 21:52:04 +05:30
.form-group
2021-01-29 00:20:46 +05:30
= f.label :outbound_local_requests_allowlist_raw, class: 'label-bold' do
2023-05-27 22:25:52 +05:30
= s_('OutboundRequests|Local IP addresses and domain names that hooks and integrations can access')
2022-03-02 08:16:31 +05:30
= f.text_area :outbound_local_requests_allowlist_raw, placeholder: "example.com, 192.168.1.1, xn--itlab-j1a.com", class: 'form-control gl-form-input', rows: 8
2019-10-12 21:52:04 +05:30
%span.form-text.text-muted
2023-05-27 22:25:52 +05:30
= s_('OutboundRequests|Requests can be made to these IP addresses and domains even when local requests are not allowed. IP ranges such as %{code_start}1:0:0:0:0:0:0:0/124%{code_end} and %{code_start}127.0.0.0/28%{code_end} are supported. Domain wildcards are not supported. To separate entries, use commas, semicolons, or newlines. The allowlist can have a maximum of 1000 entries. Domains must be IDNA-encoded.').html_safe % { code_start: '<code>'.html_safe, code_end: '</code>'.html_safe }
= link_to _('Learn more.'), help_page_path('security/webhooks.md', anchor: 'allow-outbound-requests-to-certain-ip-addresses-and-domains'), target: '_blank', rel: 'noopener noreferrer'
2018-05-09 12:01:36 +05:30
2019-06-05 12:25:43 +05:30
.form-group
2022-06-21 17:19:12 +05:30
= f.gitlab_ui_checkbox_component :dns_rebinding_protection_enabled,
2023-05-27 22:25:52 +05:30
s_('OutboundRequests|Enforce DNS-rebinding attack protection'),
help_text: s_('OutboundRequests|Resolve IP addresses for outbound requests to prevent DNS-rebinding attacks.')
2019-06-05 12:25:43 +05:30
2022-11-25 23:54:43 +05:30
= f.submit _('Save changes'), pajamas_button: true, data: { qa_selector: 'save_changes_button' }
