Open peterrowland opened 3 years ago
As it stands, there is nothing that prevents SORN DASH from reaching out to any app on the internet, and CF supports ASGs, which are not exposed tenants. No cloud.gov app can control that. Capability does not exist. No one can control their firewall rules.
cloud.gov has introduced restricted space types, can be moved to closed space types with outbound proxy with allow list of domain names. Question is whether ruby app respects proxy rules, if not would require some custom code