The URL Whitelist

There are certain components in leona which will perform outgoing HTTP requests. Among those, are event notifications and HTTP-based data adapters.

Allowing leona to interact with resources using arbitrary URLs may pose a security risk. HTTP requests are executed from leona servers and might therefore be able to reach more sensitive systems than an external user would have access to, including AWS EC2 metadata, which can contain keys and other secrets, Elasticsearch, and others.