connect-githubhook icon indicating copy to clipboard operation
connect-githubhook copied to clipboard
verified publisher icon nlf

Check the IP address of the webhook's origin

Open chilts opened this issue 12 years ago • 0 comments

Hi Nathan,

Would you be interested in a pull request in which the middleware checks the IP address of the originating server? I think it could be good to make sure that the webhook is valid and not generated from somewhere else. The question is whether this can be used maliciously (if not checked) though I do think it could be used in a DDoS attack if you perform tasks when a new webhook is received.

I'm happy to do this for you but just wanted to check first if it's something you might want. I could always make it configurable with an option when creating the middleware to maintain backwards compatibility. :)

From the https://github.com/user/project/settings/hooks page:

2013-05-19-212829_455x111_scrot

Cheers, Andy

chilts avatar May 19 '13 09:05 chilts