Facebook Messenger Webhook源IP白名单 [英] Facebook Messenger webhook source IP whitelist

问题描述

我正在Facebook Messenger上创建聊天机器人.我已经配置了一个可以正常工作的webhook. 有没有办法将源IP列表添加到防火墙上的白名单?我的安全团队对打开整个Internet的网络挂钩感到不舒服.

I am creating a chatbot on Facebook Messenger. I have configured a webhook which is working fine. Is there a way to get the list of source IPs to whitelist on my firewall? My security team is not comfortable in opening the webhook to the entire internet.

我们确实打算使用X-Hub HMAC验证，但是将源IP限制为有限数量的IP或IP范围或域将使安全人员远离我.

We do plan to use the X-Hub HMAC validation, however restricting the source IP to a a finite number of IP or IP ranges or Domain would keep the security guys off me.

推荐答案

Facebook通过可以这样查询的终结点发布其IP地址列表:

Facebook publish their list of IP addresses via an endpoint that can be queried like this:

whois -h whois.radb.net -- '-i origin AS32934' | grep ^route  

但是请注意，它们的IP地址经常更改，因此您需要将API与防火墙集成.

Note however that their IP addresses change frequently, so you'll need to integrate the API with your firewall.

有关更多信息，请访问Facebook网站: https://developers.facebook. com/docs/graph-api/webhooks#access

More info is available on Facebook's site: https://developers.facebook.com/docs/graph-api/webhooks#access

这篇关于Facebook Messenger Webhook源IP白名单的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！