From version 1.17, Humio includes an IP-based access control list (ACL) for outgoing connections made by actions. This is to protect from Humio being used to proxy requests into the same internal network as Humio and actions being used to e.g. sending requests to Zookeeper. By default, this denies connecting to any reserved IP as defined by RFC 5735 and RFC 5156. This includes the standard ranges for internal networks, meaning that, by default, Humio will not be able to send messages from actions to other services on the same internal network.
The syntax of the ACL list is a sequence, seperated by newlines or
deny actions along with a CIDR block or
all. An IP address is allowed/denied by finding the first match and applying the corresponding action.
all matches any IP-address (IPv4 or IPv6). If there is no match in the ACL list specified in the configuration parameter
IP_FILTER_ACTIONS, the default ACL list will be applied. If that has no match either, the connection is allowed.
The default ACL list is as follows:
# From https://tools.ietf.org/html/rfc5735 deny 0.0.0.0/8 deny 10.0.0.0/8 deny 127.0.0.0/8 deny 169.254.0.0/16 deny 172.16.0.0/12 deny 192.0.0.0/24 deny 192.0.2.0/24 deny 188.8.131.52/24 deny 192.168.0.0/16 deny 198.18.0.0/15 deny 198.51.100.0/24 deny 203.0.113.0/24 deny 184.108.40.206/4 deny 240.0.0.0/4 deny 255.255.255.255/32 # From https://tools.ietf.org/html/rfc5156 deny ::/128 deny ::1/128 deny fe80::/10 deny fc00::/7 deny ff00::/8
For example, to get the old behavior of allowing all IP addresses in actions:
To only allow
192.168.0.16, but still keeping other internal addresses blocked:
To only allow
192.168.0.16 and block all other addresses:
IP_FILTER_ACTIONS=allow 192.168.0.16; deny all