From 62db603fa0cae4813e119291b606bff290461b2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Edstr=C3=B6m?=
 <108799+Legogris@users.noreply.github.com>
Date: Wed, 20 Oct 2021 17:43:49 +0000
Subject: [PATCH] Consider IP whitelist for identity server resolution (#11120)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Robert Edström <github@legogris.se>
---
 changelog.d/11120.bugfix     | 1 +
 synapse/handlers/identity.py | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/11120.bugfix

diff --git a/changelog.d/11120.bugfix b/changelog.d/11120.bugfix
new file mode 100644
index 0000000000..6b39e3e89d
--- /dev/null
+++ b/changelog.d/11120.bugfix
@@ -0,0 +1 @@
+Identity server connection is no longer ignoring `ip_range_whitelist`.
diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py
index 9c319b5383..7ef8698a5e 100644
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -54,7 +54,9 @@ class IdentityHandler:
         self.http_client = SimpleHttpClient(hs)
         # An HTTP client for contacting identity servers specified by clients.
         self.blacklisting_http_client = SimpleHttpClient(
-            hs, ip_blacklist=hs.config.server.federation_ip_range_blacklist
+            hs,
+            ip_blacklist=hs.config.server.federation_ip_range_blacklist,
+            ip_whitelist=hs.config.server.federation_ip_range_whitelist,
         )
         self.federation_http_client = hs.get_federation_http_client()
         self.hs = hs
-- 
GitLab