From 385a9382fa0c656bbb2e6100e755128c9a0189b6 Mon Sep 17 00:00:00 2001
From: Apple <apple@MacBook-Pro.local>
Date: Wed, 26 Nov 2025 12:00:06 -0800
Subject: [PATCH] fix: Add URL preview blacklist and fix metrics config

---
 infra/matrix/synapse/homeserver.yaml | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/infra/matrix/synapse/homeserver.yaml b/infra/matrix/synapse/homeserver.yaml
index 86131cd0..ecd2db37 100644
--- a/infra/matrix/synapse/homeserver.yaml
+++ b/infra/matrix/synapse/homeserver.yaml
@@ -41,6 +41,23 @@ enable_registration_without_verification: false
 media_store_path: /data/media_store
 max_upload_size: 50M
 url_preview_enabled: true
+url_preview_ip_range_blacklist:
+  - '127.0.0.0/8'
+  - '10.0.0.0/8'
+  - '172.16.0.0/12'
+  - '192.168.0.0/16'
+  - '100.64.0.0/10'
+  - '192.0.0.0/24'
+  - '169.254.0.0/16'
+  - '198.51.100.0/24'
+  - '203.0.113.0/24'
+  - '224.0.0.0/4'
+  - '::1/128'
+  - 'fe80::/10'
+  - 'fc00::/7'
+  - '2001:db8::/32'
+  - 'ff00::/8'
+  - 'fec0::/10'
 
 # Signing keys
 signing_key_path: /data/signing.key
@@ -68,7 +85,6 @@ trusted_key_servers:
 
 # Metrics (optional, for monitoring)
 enable_metrics: true
-metrics_port: 9000
 
 # TURN server (for voice/video calls)
 turn_uris: