Specifying --blocked-nets="" does not clear the IP denylist for multihttp checks
#735
Assignees
Labels
bug
Something isn't working
Comments
nadiamoe
changed the title
--blocked-nets="" does not unblock all nets for multihttp checks--blocked-nets="" does not clear the IP denylist for multihttp checks
|
Adding "component: agent" for now. That's not exactly true. |
|
Related forum post: https://community.grafana.com/t/private-probe-and-checks-to-rfc1918/129343 I will tentatively schedule this for Cycle 25 (Nov-Dec 2024), for review during planning |
|
Related to #901 |
|
Proposal: simply remove the hardcoded value in the script. The default value for the flag should be enough. |
|
Confusing that we state "IP networks to block in CIDR notation, disabled if empty" while empty is actually 10.0.0.0/8 by default. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The value of
--blocked-nets, which defaults to10.0.0.0/8, eventually makes it verbatim (after validation) to the--blacklist-ipk6 flag:synthetic-monitoring-agent/internal/k6runner/k6runner.go
Line 455 in e6f4762
However, specifying an empty value will not clear the in-script default value we set for multihttp checks:
synthetic-monitoring-agent/internal/prober/multihttp/script.tmpl
Line 43 in e6f4762
Fixing this proper will require refactoring the script generation code so it can get not only check settings, but also settings local to the probe. This work was started in #732, but still requires more effort.
Workaround
A workaround for this issue is to specify a non-empty, no-op CIDR that would filter no (real) addresses, e.g.
--blocked-nets=0.0.0.0/32. This will override the default value for all checks, including multihttp.The text was updated successfully, but these errors were encountered: