[GH-ISSUE #481] Regex Blacklist Icon Cache Improvement #298

Closed
opened 2026-03-03 01:27:45 +03:00 by kerem · 6 comments
Owner

Originally created by @jonathanmmm on GitHub (May 15, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/481

Hi,

I would suggest to improve the default icon blacklist regex (if there is a default).

Version 1:
Disable icons for all private IP addresses (either IPv4 and maybe IPv6?!) not just 192.168.1.x also 192.168.x.x, 10.x.x.x and 172.x.x.x (or what the third was for Ipv4) also 127.x.x.x

Version 2:
Try to fetch the icon as the server directly from the IPs, problem: the server maybe in a different Environment than the local IPs or if the client asks for them he would potentially ask private IP addresses for Icons in all networks he is connected to.

Originally created by @jonathanmmm on GitHub (May 15, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/481 Hi, I would suggest to improve the default icon blacklist regex (if there is a default). Version 1: Disable icons for all private IP addresses (either IPv4 and maybe IPv6?!) not just 192.168.1.x also 192.168.x.x, 10.x.x.x and 172.x.x.x (or what the third was for Ipv4) also 127.x.x.x Version 2: Try to fetch the icon as the server directly from the IPs, problem: the server maybe in a different Environment than the local IPs or if the client asks for them he would potentially ask private IP addresses for Icons in all networks he is connected to.
kerem closed this issue 2026-03-03 01:27:45 +03:00
Author
Owner

@dani-garcia commented on GitHub (May 16, 2019):

At the moment the blacklist is disabled by default, and I'm not sure providing a default is necessarily a good idea, we should probably have a Wiki entry with some examples and explanations though.

In any case, if someone is paranoid enough that revealing the pressence of a server in the internal network is a real issue, I would recommend them to isolate or firewall the bitwarden_rs server in the first place.

<!-- gh-comment-id:493084080 --> @dani-garcia commented on GitHub (May 16, 2019): At the moment the blacklist is disabled by default, and I'm not sure providing a default is necessarily a good idea, we should probably have a Wiki entry with some examples and explanations though. In any case, if someone is paranoid enough that revealing the pressence of a server in the internal network is a real issue, I would recommend them to isolate or firewall the bitwarden_rs server in the first place.
Author
Owner

@jonathanmmm commented on GitHub (May 25, 2019):

@dani-garcia

Ok, I understanf
Would it be possible if the Ip address is private to use the Ip plus port so that the icons get cached by the server. E.g. a router has also a smybol or any other webservice.

Because right know they don't have one, e.g. my router because you can't reach this services from outside you can't fetch the icons as the "bitwarden.com icon server" and reply it back to the bitwarden_rs icon cache.

Or is it possible to custom the icons without switching the TTL of? Because not internal icons should still be updated.

<!-- gh-comment-id:495868012 --> @jonathanmmm commented on GitHub (May 25, 2019): @dani-garcia Ok, I understanf Would it be possible if the Ip address is private to use the Ip plus port so that the icons get cached by the server. E.g. a router has also a smybol or any other webservice. Because right know they don't have one, e.g. my router because you can't reach this services from outside you can't fetch the icons as the "bitwarden.com icon server" and reply it back to the bitwarden_rs icon cache. Or is it possible to custom the icons without switching the TTL of? Because not internal icons should still be updated.
Author
Owner

@jonathanmmm commented on GitHub (Jun 19, 2019):

@dani-garcia

Hi Dani-Garcia

I found out that I get icons from my router or my wd cloud storage.
Does the server gets these icons directly from within the network?
Because the bitwarden.com icon server can't know which icon is needed by http://192.168.2.4 for example.

I have seen in another issue that bitwarden_rs is trying to directly connect to the server and not through the bitwarden.com server? Is the address smth like http://192.168.2.4/icon.png or which path has an icon to be to be shown in bitwarden (or is it per href in html?)

<!-- gh-comment-id:503548296 --> @jonathanmmm commented on GitHub (Jun 19, 2019): @dani-garcia Hi Dani-Garcia I found out that I get icons from my router or my wd cloud storage. Does the server gets these icons directly from within the network? Because the bitwarden.com icon server can't know which icon is needed by http://192.168.2.4 for example. I have seen in another issue that bitwarden_rs is trying to directly connect to the server and not through the bitwarden.com server? Is the address smth like http://192.168.2.4/icon.png or which path has an icon to be to be shown in bitwarden (or is it per href in html?)
Author
Owner

@mprasil commented on GitHub (Jun 19, 2019):

@jonathanmmm currently the icons are fetched directly from the server. (client sends request to server to get the icon, server will fetch it and cache it server-side) It will try to parse html to gather some possible sources of icons and then goes with the most optimal size. So yeah, if you host your server locally (or if it has route to your network) it should be able to load the favicon.

<!-- gh-comment-id:503553377 --> @mprasil commented on GitHub (Jun 19, 2019): @jonathanmmm currently the icons are fetched directly from the server. (client sends request to server to get the icon, server will fetch it and cache it server-side) It will try to parse html to gather some possible sources of icons and then goes with the most optimal size. So yeah, if you host your server locally (or if it has route to your network) it should be able to load the favicon.
Author
Owner

@BlackDex commented on GitHub (Jul 31, 2019):

@jonathanmmm regarding the ip+port part. That doesn't seem to be possible as far as i know. Since only the host is given without any path or port. Not even if it is https or http.

<!-- gh-comment-id:516926156 --> @BlackDex commented on GitHub (Jul 31, 2019): @jonathanmmm regarding the ip+port part. That doesn't seem to be possible as far as i know. Since only the host is given without any path or port. Not even if it is https or http.
Author
Owner

@mprasil commented on GitHub (Nov 11, 2019):

I believe this was implemented and by default bitwarden_rs does not fetch icons from IPs in the private IP range.

<!-- gh-comment-id:552403724 --> @mprasil commented on GitHub (Nov 11, 2019): I believe this was implemented and by default `bitwarden_rs` does not fetch icons from IPs in the private IP range.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#298
No description provided.