Comments (4)
@tpcgold This seems to be a configuration problem within your cloud provider resources. If connecting to GitHub, you might need to configure it with https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.
from argo-cd.
Nope it's not a Github isse.
As the issue describes it's a OWASP compatibility of the ArgoCD frontend -> ArgoCD backend calls.
For now i had to do an exeption in the Firewall checks
(if my office ip + argo cookie is present i do ignore some OWASP rules mentioned above)
from argo-cd.
@tpcgold In your issue description, you mention the following:
Requests from the UI should successfully pass the Firewall without the need to puncture security by loosening a widely used standard policy (OWASP)
Can you find which data/value is invalid in the calls made from the ArgoCD frontend to the ArgoCD backend? The rules as explain in https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules?tabs=owasp32 do not provide much details and I assume your WAF might have more logs on which data is causing the error.
from argo-cd.
You can find all rules in the coreset of OWASP
e.g. some like 931130 are regex based
931130
I don't have the logs ready as the Log Analytics workspace is already deleted.
But the issue was the amount of matches in a short period which shoot the anomaly score above 5
https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
and hence trigger the firewall to block the "connect" requests on the "connect repo" page
from argo-cd.
Related Issues (20)
- ApplicationSet suddenly deletes applications HOT 4
- argocd app create --dest-name command is not idempotent HOT 4
- allowed concurrent proccessing for plugins
- After upgrade to 2.11.3 couldn't find cmp-server plugin HOT 3
- Support git webhook on Applicationsets for gitea/forgejo HOT 2
- Javascript bug in readthedocs? HOT 1
- A git repository configuration error occurred HOT 1
- LoadBalancer not presenting on EKS HOT 1
- Application Sets using project parameter from cluster secret HOT 1
- applicationset controller crashes when rollingSync steps missing HOT 2
- Add hash validation support for the clusterResourceWhitelist HOT 2
- ApplicationController sync operations should respect HTTP transport settings HOT 2
- Add `author`/`creator` as a template key for Gitlab Pull Request Generator HOT 2
- error checking a pod log HOT 2
- ApplicationSet controller fail with v1alpha1.AppProject: appprojects.argoproj.io is forbidden error HOT 5
- Argo CD Application specification missing Kustomize options
- The timeout of git fetch in repo server correlates with unbounded growth of ephemeral storage use, up to tens of Gi HOT 3
- UI: Excessive Scrolling Required with Large Groups of Pods HOT 1
- Repo Proxy is used for all repos HOT 1
- Possible race condition with Kustomize, cron jobs and config maps HOT 31
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from argo-cd.