From c2ba9e642a5d4b393474e9d399c3f8cf5597e534 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Edstr=C3=B6m?= <github@legogris.se>
Date: Tue, 19 Oct 2021 21:38:06 +0900
Subject: [PATCH] Consider IP whitelist for identity server resolution
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Robert Edström <github@legogris.se>
---
 changelog.d/11120.bugfix     | 1 +
 synapse/handlers/identity.py | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/11120.bugfix

diff --git a/changelog.d/11120.bugfix b/changelog.d/11120.bugfix
new file mode 100644
index 000000000000..6b39e3e89da2
--- /dev/null
+++ b/changelog.d/11120.bugfix
@@ -0,0 +1 @@
+Identity server connection is no longer ignoring `ip_range_whitelist`.
diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py
index 9c319b538323..7ef8698a5ea9 100644
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -54,7 +54,9 @@ def __init__(self, hs: "HomeServer"):
         self.http_client = SimpleHttpClient(hs)
         # An HTTP client for contacting identity servers specified by clients.
         self.blacklisting_http_client = SimpleHttpClient(
-            hs, ip_blacklist=hs.config.server.federation_ip_range_blacklist
+            hs,
+            ip_blacklist=hs.config.server.federation_ip_range_blacklist,
+            ip_whitelist=hs.config.server.federation_ip_range_whitelist,
         )
         self.federation_http_client = hs.get_federation_http_client()
         self.hs = hs