nishantmonu51 opened a new pull request #10535: URL: https://github.com/apache/druid/pull/10535
### Description Right now there is no support to restrict druid HTTP based ingestion to deny ingestion from any given hosts. Cloud providers have metadata service that can be accessible via HTTP endpoints which can leak sensitive information about the instance on which druid is running. * https://docs.microsoft.com/en-us/azure/virtual-machines/linux/instance-metadata-service * https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html this PR adds a new config `druid.ingestion.http.blackListDomains` which allows restricting specific IP/domains from being accessed through HTTP based ingestion. This PR has: - [*] been self-reviewed. - [*] added documentation for new or modified features or behaviors. - [*] added unit tests or modified existing tests to cover new code paths, ensuring the threshold for [code coverage](https://github.com/apache/druid/blob/master/dev/code-review/code-coverage.md) is met. <hr> ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
