search

thinkst / opencanary

Modular and decentralised honeypot
http://opencanary.org
BSD 3-Clause "New" or "Revised" License
2.21k stars 353 forks source link

Opencanary source IP from webhook #336

Closed jayjb closed 5 months ago

jayjb commented 6 months ago

Discussed in https://github.com/thinkst/opencanary/discussions/315

Originally posted by **chrisreeves-** October 7, 2023 Hey! I'm trying to lock down the source IP on a firewall to only allow certain IP's from the Opencanary webhook notifier. Is it just `52.18.63.80` from AWS or are there others/a range? TIA
jayjb commented 6 months ago

For completeness, comment from 

I use webhooks to report from OC. They come from the host itself but I avoid firewall rules, I actually have my OCs and my Splunk also in a Tailnet using Tailscale.

If you're running your OC instance in AWS on that IP, you would be whitelisting TCP/port for that IP to your logging solution.

comment in discussion

jayjb commented 6 months ago

Hi @chrisreeves- Sorry for the delay. I missed issues with the discussions section.

The webhook should come directly from the host that is running Opencanary. So you would need to add a firewall rule to allow HTTP connections from that host.

github-actions[bot] commented 5 months ago

This issue is stale because it has been open for 14 days with no activity.