Closed jaredlockhart closed 8 years ago
File an additional bugzilla ticket to update the security group policy for all deployments of this service to restrict outbound network connections to these two ports.
This has been implemented at the AWS infrastructure level: https://bugzilla.mozilla.org/show_bug.cgi?id=1303642#c2
We should specifically validate that we are not attempting to establish connections to remote parties on ports other than 80 or 443. We could do this at the infrastructure level, but we should also make sure to make it clear in the code so that it's obvious that is the behaviour to anyone inspecting the services code.