# The URL Whitelist

There are certain components in leona which will perform outgoing HTTP requests. Among those, are event notifications and HTTP-based data adapters.

Allowing leona to interact with resources using arbitrary URLs may pose a security risk. HTTP requests are executed from leona servers and might therefore be able to reach more sensitive systems than an external user would have access to, including AWS EC2 metadata, which can contain keys and other secrets, Elasticsearch, and others.

<figure><img src="/files/9PVLtmcqxr0AoRrqlmd7" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ciusji.gitbook.io/leona/security/the-url-whitelist.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.