Add the ability to restrict form access to trusted IP
C
Convincing Lobster
Add is ability to restrict or log IP in a form so it can be used as a variable to authenticate that the form request originated from a trusted location.
Log In
W
Whispering Rook
Merged in a post:
Meraki crate
L
Lemon Macaw
to block IPs (and websites) on all firewalls across all companies and locations
W
Whispering Rook
Merged in a post:
Allow additional headers on integrations
I
Inherent Orca
Configuring integrations should allow for custom headers that'll let us pass in API Bypass headers or Cloudflare authentication tokens so we don't have to whitelist by IP and make sure only our configured integration can connect Cloudflare and other WAFs
W
Whispering Rook
Merged in a post:
Webhook Security - Restrict IP
C
Cinnabar Peacock
Add the ability to limit webhook access by IP address.
G
Gunmetal Duck
Hi! These can be done now!
The
X-Forwarded-For
header in CTX.headers
in the workflow will contain the IP address of the requestor. You can compare that against a list of "permitted" IP addresses that you maintain.You can also require a Secret Key in your webhook configuration. It will require the select key to be sent as a header named
x-rewst-secret
N
Nautical blue Pelican
Gunmetal Duck X-forwarded-for can be spoofed....
G
Gray Tyrannosaurus
Or some kind of signature verification. IP is useful but sometimes we are running them from an azure function that can have a dynamic IP. the more options we have for security the better.