feat: frontend middleware to block matching urls#3963
Merged
joe-elliott merged 7 commits intografana:mainfrom Aug 16, 2024
Merged
feat: frontend middleware to block matching urls#3963joe-elliott merged 7 commits intografana:mainfrom
joe-elliott merged 7 commits intografana:mainfrom
Conversation
javiermolinar
requested review from
annanay25,
electron0zero,
ie-pham,
joe-elliott,
knylander-grafana,
mapno,
mdisibio,
stoewer,
yvrhdn and
zalegrala
as code owners
joe-elliott
reviewed
Aug 14, 2024
3 tasks
joe-elliott
reviewed
Aug 14, 2024
joe-elliott
reviewed
Aug 16, 2024
| func (c urlDenylistWare) validateRequest(url string) error { | ||
| for _, v := range c.denyList { | ||
| if v.MatchString(url) { | ||
| return fmt.Errorf("Invalid request %s, URL is blacklisted", url) |
Collaborator
There was a problem hiding this comment.
This will likely show up in Grafana, let's try:
"Invalid request %s. This query has been identified as one that destabilizes our system. Contact your system administrator for more information"
joe-elliott
approved these changes
Aug 16, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does:
It provides a mechanism to refuse requests based on a regex blacklist. A new middleware was created and executed the first in the query pipeline. Any request that matches will return a 400 status code response.
Due to the way we build the pipeline I decided to make the new middleware as an AsyncMiddleware, that way it can be executed first in the chain. We should explore the possibility of having just one type of middleware so that they can run in any order regardless of their work.
Which issue(s) this PR fixes:
Fixes #3769
Checklist
CHANGELOG.mdupdated - the order of entries should be[CHANGE],[FEATURE],[ENHANCEMENT],[BUGFIX]