仅允许 PHP 应用程序访问 slack
Allow PHP application access only for slack
我已经实现了 slack -Jenkins 集成;
使用托管在服务器中的 PHP 应用程序触发 Jenkins 使用参数构建作业。
用于调用 PHP 应用程序的斜杠命令;
PHP 应用程序将通过 REQUEST 方法获取输入,然后调用 Jenkins 作业。
如果有人知道文件名(www.myserver.com/filename.php)并破解了运行时间参数(paramters),那么他们就可以做部署。通过在 URL.
中调用它
Slack 没有静态 IP。所以IP限制是不可能的。
试过:
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule ^/check.php$ - [NC,R=404,L]
在 .htaccess 中。
但是测试用例失败了。
简单地说,只需要允许 PHP 应用程序来自 slack
您需要处理每个松弛请求附带的 verification token。
Verification tokens
Slash commands, Events API deliveries, and interactive messages all have one thing in common:
Slack dispatches a request that lands on your server. You need a way to identify that it really came from Slack. So every Slack app has a verification token that acts as a shared secret between your app and Slack. This verification token has nothing to do with any other kind of token on Slack. It's never needed for any API operations your app sends to Slack. It's only use case is to securely identify traffic coming from Slack.
Don't confuse verification tokens with an OAuth token, user token (xoxp), bot user token (xoxb), gossip girl token (xoxo), or workspace token (xoxa). The only relation is that token word "token."
我已经实现了 slack -Jenkins 集成;
使用托管在服务器中的 PHP 应用程序触发 Jenkins 使用参数构建作业。
用于调用 PHP 应用程序的斜杠命令;
PHP 应用程序将通过 REQUEST 方法获取输入,然后调用 Jenkins 作业。
如果有人知道文件名(www.myserver.com/filename.php)并破解了运行时间参数(paramters),那么他们就可以做部署。通过在 URL.
中调用它Slack 没有静态 IP。所以IP限制是不可能的。
试过:
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule ^/check.php$ - [NC,R=404,L]
在 .htaccess 中。
但是测试用例失败了。
简单地说,只需要允许 PHP 应用程序来自 slack
您需要处理每个松弛请求附带的 verification token。
Verification tokens
Slash commands, Events API deliveries, and interactive messages all have one thing in common:
Slack dispatches a request that lands on your server. You need a way to identify that it really came from Slack. So every Slack app has a verification token that acts as a shared secret between your app and Slack. This verification token has nothing to do with any other kind of token on Slack. It's never needed for any API operations your app sends to Slack. It's only use case is to securely identify traffic coming from Slack.
Don't confuse verification tokens with an OAuth token, user token (xoxp), bot user token (xoxb), gossip girl token (xoxo), or workspace token (xoxa). The only relation is that token word "token."