Allow rules to "block" requests from further processing #197
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Failed to generate code suggestions for PR |
|
/windsurf-review |
There was a problem hiding this comment.
Other comments: 0 Blocking, 0 Optional, 0 Nit, 1 FYI
- FYI: pkg/agent/http_server.go (201-201) FYI: The HTTP status code for ResourceExhausted has been changed from 404 (Not Found) to 503 (Service Unavailable), which is more semantically correct for resource exhaustion scenarios.
Comment on lines
+215
to
+217
| // Verify status code is 200 - OK (for non-status errors) | ||
| if res.StatusCode != http.StatusOK { | ||
| t.Errorf("expected status code %d, got %d", http.StatusOK, res.StatusCode) |
There was a problem hiding this comment.
In TestCatchAllNonStatusError, returning HTTP 200 OK for a non-status error seems problematic. This suggests to clients that the request succeeded when in fact there was an error. Consider whether non-status errors should return an appropriate error code (like 500 Internal Server Error) instead.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some requests are just not interesting but come in large amounts. Many bruteforce attacks are like this. They can be managed with the ratelimiting but when the last for a long time there will still be a significant amount of requests that makes it to the database and they just consume space.
By selecting the "block" checkbox in the rule you will now cause the backend to drop any further processing of a request when it matches that rule.