Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://noagendasocial.com/users/eriner/statuses/110895389301513255">Matt Hamilton [Maryland] (eriner@noagendasocial.com)'s status on Wednesday, 16-Aug-2023 04:56:15 JST</a><a href="https://noagendasocial.com/@eriner" title="eriner@noagendasocial.com"><img src="https://gnusocial.jp/avatar/2324-48-20230922010214.webp" width="48" height="48" alt="Matt Hamilton [Maryland]" style="position: absolute; left: 0; top: 0;">Matt Hamilton [Maryland]</a><div><a href="https://gleasonator.com/objects/b63a202e-38fe-4039-9c96-a8407d5dc7ae" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/147450" title="niggy@poa.st">:niggy:</a></li></ul></div></section><article><p><a href="https://gleasonator.com/users/alex">@alex</a> <a href="https://poa.st/users/niggy">@niggy</a> check if you can GET aws+gcp metadata api by IP, check if you can do the same with A/AAA records and CNAMEs (using records from a domain you control). Same for 127.0.0.1 using whatever port the software’s server listens on, but you may just have to accept the risk for that one because idk how you fix that without resolving and testing every FQDN resolution result anyway.</p><p>My suggestion is to use content-type whitelist strategy I mentioned.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1951630#notice-3831342">In conversation</a><time datetime="2023-08-16T04:56:15+09:00" title="Wednesday, 16-Aug-2023 04:56:15 JST">Wednesday, 16-Aug-2023 04:56:15 JST</time> <span>from <span><a href="https://noagendasocial.com/@eriner/110895389301513255" rel="external" title="Sent from noagendasocial.com via ActivityPub">noagendasocial.com</a></span></span><a href="https://noagendasocial.com/@eriner/110895389301513255">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1082043">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Matt Hamilton [Maryland] (eriner@noagendasocial.com)'s status on Wednesday, 16-Aug-2023 04:56:15 JSTMatt Hamilton [Maryland]
in reply to
- Alex Gleason
- :niggy:
@alex @niggy check if you can GET aws+gcp metadata api by IP, check if you can do the same with A/AAA records and CNAMEs (using records from a domain you control). Same for 127.0.0.1 using whatever port the software’s server listens on, but you may just have to accept the risk for that one because idk how you fix that without resolving and testing every FQDN resolution result anyway.
My suggestion is to use content-type whitelist strategy I mentioned.
In conversationWednesday, 16-Aug-2023 04:56:15 JST from noagendasocial.compermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice