问题
I am creating a chatbot on Facebook Messenger. I have configured a webhook which is working fine. Is there a way to get the list of source IPs to whitelist on my firewall? My security team is not comfortable in opening the webhook to the entire internet.
We do plan to use the X-Hub HMAC validation, however restricting the source IP to a a finite number of IP or IP ranges or Domain would keep the security guys off me.
回答1:
Facebook publish their list of IP addresses via an endpoint that can be queried like this:
whois -h whois.radb.net -- '-i origin AS32934' | grep ^route
Note however that their IP addresses change frequently, so you'll need to integrate the API with your firewall.
More info is available on Facebook's site: https://developers.facebook.com/docs/graph-api/webhooks#access
来源:https://stackoverflow.com/questions/40736642/facebook-messenger-webhook-source-ip-whitelist