Document Network Security Access Control (host validation and remote reference resolution)#11613
Document Network Security Access Control (host validation and remote reference resolution)#11613IsuruGunarathne wants to merge 3 commits into
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
📝 WalkthroughSummary
WalkthroughAdds a new “Network Security Access Control” administration page. The documentation covers platform and tenant configurations, precedence, hostname matching, DNS resolution, private-network blocking, empty host lists, configuration examples, and enforcement for remote OpenAPI and WSDL references. It also documents WSDL 2.0 and redirect limitations. The page is linked from the administration overview and MkDocs Governance navigation. Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Purpose
Adds documentation for the Network Security Access Control feature (outbound host validation) in WSO2 API Manager, which lets administrators control the external hosts the product is permitted to connect to during API creation, validation, and import flows.
New page:
en/docs/administer/network-security-access-control.md.What it covers
deployment.toml) and tenant-level (tenant-conf.json) configuration, and the precedence between them.allow/denymodes and empty host lists.$refURLs (OAS 2.0, 3.0, and 3.1).allow-modewww.w3.orgrequirement for WSDL 2.0, and the redirect limitation.Related PR / credit
The host-validation baseline (overview, configuration, host matching, and example scenarios) was authored by @JanithaSampathBandara and originally proposed in #11476. That commit is included here under his authorship, and this PR extends it with the remote
$refand WSDL reference-resolution sections.#11476 currently has merge conflicts. This PR consolidates that work together with the additional sections, so #11476 can be closed in favor of it.
Files
en/docs/administer/network-security-access-control.md(new page)en/docs/administer/admin-overview.md(navigation entry)en/mkdocs.yml(navigation entry)