Configs Alertmanager webhooks urls can be abused

[friedrich-at-adobe]

Alertmanager config defines webhooks urls
https://prometheus.io/docs/alerting/configuration/

Those urls are free form so a tenant could use cortex as an attack vector to any url endpoint reachable by alertmanager (local or in the Internet)

First idea: introduce allowlists for urls

[pracucci]

Ideas:

• Introduce a allowlist and blocklist (on hostnames and/or CIDRs)
• Resolve hostnames and block private IPs (eg. to avoid hitting internal network services)
• Run webhooks through a proxy which runs on isolated network (the alertmanager http_config already allows to configure a proxy)