This commit is contained in:
reivilibre 2024-06-28 13:41:30 +00:00
parent db636aadcf
commit 6961772ccb
4 changed files with 26 additions and 20 deletions

View file

@ -5456,9 +5456,10 @@ to download/operate on media.</p>
<p>This will not prevent the listed domains from accessing media themselves. <p>This will not prevent the listed domains from accessing media themselves.
It simply prevents users on this server from downloading media originating It simply prevents users on this server from downloading media originating
from the listed servers.</p> from the listed servers.</p>
<p>This will have no effect on media originating from the local server. <p>This will have no effect on media originating from the local server. This only
This only affects media downloaded from other Matrix servers, to affects media downloaded from other Matrix servers, to control URL previews see
block domains from URL previews see <a href="usage/configuration/config_documentation.html#url_preview_url_blacklist"><code>url_preview_url_blacklist</code></a>.</p> <a href="usage/configuration/config_documentation.html#url_preview_ip_range_blacklist"><code>url_preview_ip_range_blacklist</code></a> or
<a href="usage/configuration/config_documentation.html#url_preview_url_blacklist"><code>url_preview_url_blacklist</code></a>.</p>
<p>Defaults to an empty list (nothing blocked).</p> <p>Defaults to an empty list (nothing blocked).</p>
<p>Example configuration:</p> <p>Example configuration:</p>
<pre><code class="language-yaml">prevent_media_downloads_from: <pre><code class="language-yaml">prevent_media_downloads_from:
@ -5584,12 +5585,14 @@ website only visible in your network. Defaults to none.</p>
</code></pre> </code></pre>
<hr /> <hr />
<h3 id="url_preview_url_blacklist"><a class="header" href="#url_preview_url_blacklist"><code>url_preview_url_blacklist</code></a></h3> <h3 id="url_preview_url_blacklist"><a class="header" href="#url_preview_url_blacklist"><code>url_preview_url_blacklist</code></a></h3>
<p>Optional list of URL matches that the URL preview spider is <p>Optional list of URL matches that the URL preview spider is denied from
denied from accessing. You should use <code>url_preview_ip_range_blacklist</code> accessing. This is a usability feature, not a security one. You should use
in preference to this, otherwise someone could define a public DNS <code>url_preview_ip_range_blacklist</code> in preference to this, otherwise someone could
entry that points to a private IP address and circumvent the blacklist. define a public DNS entry that points to a private IP address and circumvent
This is more useful if you know there is an entire shape of URL that the blacklist. Applications that perform redirects or serve different content
you know that will never want synapse to try to spider.</p> when detecting that Synapse is accessing them can also bypass the blacklist.
This is more useful if you know there is an entire shape of URL that you know
that you do not want Synapse to preview.</p>
<p>Each list entry is a dictionary of url component attributes as returned <p>Each list entry is a dictionary of url component attributes as returned
by urlparse.urlsplit as applied to the absolute form of the URL. See by urlparse.urlsplit as applied to the absolute form of the URL. See
<a href="https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit">here</a> for more <a href="https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit">here</a> for more

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View file

@ -1844,9 +1844,10 @@ to download/operate on media.</p>
<p>This will not prevent the listed domains from accessing media themselves. <p>This will not prevent the listed domains from accessing media themselves.
It simply prevents users on this server from downloading media originating It simply prevents users on this server from downloading media originating
from the listed servers.</p> from the listed servers.</p>
<p>This will have no effect on media originating from the local server. <p>This will have no effect on media originating from the local server. This only
This only affects media downloaded from other Matrix servers, to affects media downloaded from other Matrix servers, to control URL previews see
block domains from URL previews see <a href="#url_preview_url_blacklist"><code>url_preview_url_blacklist</code></a>.</p> <a href="#url_preview_ip_range_blacklist"><code>url_preview_ip_range_blacklist</code></a> or
<a href="#url_preview_url_blacklist"><code>url_preview_url_blacklist</code></a>.</p>
<p>Defaults to an empty list (nothing blocked).</p> <p>Defaults to an empty list (nothing blocked).</p>
<p>Example configuration:</p> <p>Example configuration:</p>
<pre><code class="language-yaml">prevent_media_downloads_from: <pre><code class="language-yaml">prevent_media_downloads_from:
@ -1972,12 +1973,14 @@ website only visible in your network. Defaults to none.</p>
</code></pre> </code></pre>
<hr /> <hr />
<h3 id="url_preview_url_blacklist"><a class="header" href="#url_preview_url_blacklist"><code>url_preview_url_blacklist</code></a></h3> <h3 id="url_preview_url_blacklist"><a class="header" href="#url_preview_url_blacklist"><code>url_preview_url_blacklist</code></a></h3>
<p>Optional list of URL matches that the URL preview spider is <p>Optional list of URL matches that the URL preview spider is denied from
denied from accessing. You should use <code>url_preview_ip_range_blacklist</code> accessing. This is a usability feature, not a security one. You should use
in preference to this, otherwise someone could define a public DNS <code>url_preview_ip_range_blacklist</code> in preference to this, otherwise someone could
entry that points to a private IP address and circumvent the blacklist. define a public DNS entry that points to a private IP address and circumvent
This is more useful if you know there is an entire shape of URL that the blacklist. Applications that perform redirects or serve different content
you know that will never want synapse to try to spider.</p> when detecting that Synapse is accessing them can also bypass the blacklist.
This is more useful if you know there is an entire shape of URL that you know
that you do not want Synapse to preview.</p>
<p>Each list entry is a dictionary of url component attributes as returned <p>Each list entry is a dictionary of url component attributes as returned
by urlparse.urlsplit as applied to the absolute form of the URL. See by urlparse.urlsplit as applied to the absolute form of the URL. See
<a href="https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit">here</a> for more <a href="https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit">here</a> for more