Skip to content

Add frontend for block all requests in admin/network settings

Justin Ho Tuan Duong requested to merge 377371-add-optional-default-block-all-rule-to-outbound-filtering-frontend into master

What does this MR do and why?

Add checkbox and warning alert to block all requests in admin/network settings.

This feature is behind the feature flag deny_all_requests. There are pending backend changes in !110599 (merged) that are WIP (and maybe more MRs) before we roll out this feature.

Screenshots or screen recordings

Description Before After (without feature flag) After (with feature flag)
Outbound requests - Allow selected Outbound_requests_before__allow_selected_ Outbound_requests_without_ff__allow_selected_ Outbound_requests_with_ff__allow_selected_
Outbound requests - Block selected (if available) Outbound_requests_before__nothing_selected_ Outbound_requests_without_ff__nothing_selected_ Outbound_requests_with_ff__block_selected_

How to set up and validate locally

  1. Go to Admin > Settings > Network and expand the Outbound requests section. For example, http://127.0.0.1:3000/admin/application_settings/network#js-outbound-settings.
  2. Enable the feature flag deny_all_requests in a rails console.
  3. Apply the below diff to preview the changes.
diff --git a/app/views/admin/application_settings/_outbound.html.haml b/app/views/admin/application_settings/_outbound.html.haml
index ec2f064d085b..aa2dab1f2c00 100644
--- a/app/views/admin/application_settings/_outbound.html.haml
+++ b/app/views/admin/application_settings/_outbound.html.haml
@@ -1,4 +1,4 @@
-- deny_all_requests = Feature.enabled?(:deny_all_requests) ? @application_setting.deny_all_requests : false
+- deny_all_requests = Feature.enabled?(:deny_all_requests) ? @application_setting.dns_rebinding_protection_enabled : false
 
 = gitlab_ui_form_for @application_setting, url: network_admin_application_settings_path(anchor: 'js-outbound-settings'), html: { class: 'fieldset-form' } do |f|
   = form_errors(@application_setting)
@@ -6,7 +6,7 @@
   %fieldset
     .form-group
       - if Feature.enabled?(:deny_all_requests)
-        = f.gitlab_ui_checkbox_component :deny_all_requests,
+        = f.gitlab_ui_checkbox_component :dns_rebinding_protection_enabled,
             s_('OutboundRequests|Block all requests, except for IP addresses, IP ranges, and domain names defined in the allowlist'),
             checkbox_options: { class: 'js-deny-all-requests' }
         = render Pajamas::AlertComponent.new(variant: :warning,

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #377371 (closed)

Edited by Justin Ho Tuan Duong

Merge request reports