This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
URL preview IP blacklist doesn't work on IPv6 and isn't bulletproof #4242
Description
We need to have another look at this, especially after #4215 , which changes where the IP blacklist check is done, and is potentially vulnerable to an attack where a super low TTL or no DNS caching can have the check pass on a non whitelisted IP and then the request be made to a refetched DNS query which has a blacklisted IP.