[daily-firewall-report] Daily Firewall Report - 2026-04-03

[github-actions[bot]]

Executive Summary

This daily firewall report covers all agentic workflow runs on 2026-04-03 with the Squid proxy firewall enabled. The firewall processed 1,329 total network requests across 54 runs (out of 72 firewall-enabled runs), with a 2.1% block rate (28 blocked requests). Most blocked traffic came from smoke/test workflows probing external AI services (chatgpt.com) and two legitimate dependency workflows that need allowlist updates (proxy.golang.org for Dependabot, nodejs.org for Glossary Maintainer).

The firewall ran on awf v0.25.13 with a 7-rule policy (4 deny rules + 2 allow rules + 1 default deny) across all workflows using allowed_domains: [defaults].

---

Key Metrics

Metric	Value
🔥 Workflow Runs Analyzed	72 firewall-enabled
📊 Runs with Log Data	54
📡 Total Network Requests	1,329
✅ Allowed Requests	1,301 (97.9%)
🚫 Blocked Requests	28 (2.1%)
🌐 Unique Blocked Domains	9
⚠️ Runs with Blocked Traffic	15

---

📈 Firewall Activity Trends

Request Patterns

Firewall activity peaked between 04:45–05:30 UTC (smoke test suite) and 09:00–10:30 UTC (daily scheduled workflows). The blocking spike in the early morning correlates with the smoke test batch that runs Codex engine validation. All blocked requests were hard denials (403) with no retries recorded, indicating agents properly handled network failures.

Top Blocked Domains

chatgpt.com accounts for the majority of blocked traffic (10/28 = 36%), all originating from smoke test workflows validating firewall behavior. The Go ecosystem (proxy.golang.org, pkg.go.dev) is the second-largest block category at 6 hits, all from Dependabot — a legitimate gap in the allowlist.

---

Top Blocked Domains

Domain	Blocked Count	Category	Workflows Affected
chatgpt.com	10	🤖 AI/OpenAI	Smoke Codex, Smoke Agent (×5), Changeset Generator, AI Moderator
proxy.golang.org	5	🔵 Go Ecosystem	Dependabot Dependency Checker
github.com	4	⚫ GitHub	Changeset Generator, Smoke Call Workflow, AI Moderator
api.github.com	4	⚫ GitHub	Changeset Generator, Smoke Call Workflow, AI Moderator
pkg.go.dev	1	🔵 Go Ecosystem	Dependabot Dependency Checker
storage.googleapis.com	1	🟠 Google Cloud	GPL Dependency Cleaner
nodejs.org	1	🟢 Node.js	Glossary Maintainer
invalid.example.invalid	1	🧪 Test Domain	jsweep - JavaScript Unbloater
example.com	1	🧪 Test Domain	The Great Escapi

---

Policy Rule Attribution

Policy Configuration

All analyzed runs used an identical 7-rule policy (awf v0.25.13):
📋 Policy: 7 rules, SSL Bump disabled, DLP disabled

Policy Rule Hit Table

Rule	Action	Description	Est. Hits
deny-unsafe-ports	🔴 deny	Deny non-standard ports	—
deny-connect-unsafe-ports	🔴 deny	Deny CONNECT to non-standard ports	—
deny-raw-ipv4	🔴 deny	Block raw IPv4 address access	—
deny-raw-ipv6	🔴 deny	Block raw IPv6 address access	—
allow-both-plain	🟢 allow	Allow listed domains (HTTP + HTTPS)	~1,301
allow-both-regex	🟢 allow	Allow regex-matched domains	~0
deny-default	🔴 deny	Default deny all other traffic	28

Denied Requests Attribution

All 28 blocked requests matched the deny-default rule (no explicit deny rule targeted them — they simply weren't in the allowlist).

Domain	Deny Rule	Occurrences	Root Cause
chatgpt.com	deny-default	10	Not in allowlist; smoke tests probing escape
proxy.golang.org	deny-default	5	Go modules proxy not in default allowlist
github.com	deny-default	4	Bare hostname; policy allows .github.com but not root
api.github.com	deny-default	4	Not in restricted workflow allowlist
pkg.go.dev	deny-default	1	Go pkg docs not in allowlist
storage.googleapis.com	deny-default	1	Google Cloud Storage not in allowlist
nodejs.org	deny-default	1	Node.js site not in allowlist
invalid.example.invalid	deny-default	1	Synthetic test domain (expected)
example.com	deny-default	1	Test domain (expected escape probe)

Rule Effectiveness Summary

• deny-default is doing all the blocking work (28/28 = 100%), suggesting the explicit deny rules (unsafe ports, raw IPs) aren't being triggered by normal workflows — which is expected and healthy
• allow-both-regex had 0 hits — the single regex rule for *.jsr.io isn't being used; it could be removed if unused
• github.com (bare hostname) being blocked vs .github.com (subdomain wildcard) being allowed is an edge case: the default policy matches *.github.com but not github.com itself; workflows using the bare hostname are hitting this gap

---

View Detailed Request Patterns by Workflow

Changeset Generator (2 runs: 23934285733, 23934614472)

Each run blocked 3 requests. This workflow uses a specialized allowlist (bun.sh, CDN, npm) that does not include github.com or api.github.com.

Domain	Blocked	Allowed	Block Rate
github.com	1	0	100%
chatgpt.com	1	0	100%
api.github.com	1	0	100%
api.openai.com	0	12	0%

Cause: The Changeset Generator's custom allowlist covers CDN/package managers but excludes raw GitHub API access. The chatgpt.com probe is a smoke-test artifact.

---

Smoke Agent Variants (5 runs)

Runs: 23934694441, 23934694455, 23934694462, 23934694474, 23934694481

Each Smoke Agent run blocked exactly 1 request: chatgpt.com. These appear to be deliberate escape probes validating the firewall is working.

Domain	Blocked	Allowed
chatgpt.com	1	0
api.openai.com	12–14	✅

---

Dependabot Dependency Checker (run 23941823622)

6 blocked requests — highest among non-smoke workflows.

Domain	Blocked	Category
proxy.golang.org	5	Go module proxy
pkg.go.dev	1	Go documentation

Cause: The Dependabot workflow tries to resolve Go dependencies but proxy.golang.org and pkg.go.dev are not in the default allowlist. This likely causes silent failures in Go dependency resolution.

---

AI Moderator (run 23938244785)

3 blocked requests — same pattern as Changeset Generator (restricted allowlist).

Domain	Blocked
github.com	1
chatgpt.com	1
api.github.com	1

---

Glossary Maintainer (run 23942998940)

1 blocked request: nodejs.org. The workflow may have been trying to fetch the latest Node.js release metadata.

---

GPL Dependency Cleaner (run 23934389762)

1 blocked request: storage.googleapis.com. Google Cloud Storage is used as a distribution endpoint for some tools/packages.

---

jsweep & The Great Escapi

Both appear to be security-aware workflows that include deliberate escape probes:

• jsweep (23934946001): invalid.example.invalid — synthetic domain test
• The Great Escapi (23936362774): example.com — reserved test domain

These blocks are expected and correct firewall behavior confirming containment is working.

View Complete Blocked Domains List

All unique blocked domains (alphabetical), 2026-04-03:

Domain	Total Blocks	Workflows
api.github.com	4	Changeset Generator (×2), Smoke Call Workflow, AI Moderator
chatgpt.com	10	Smoke Codex, Smoke Agent ×5, Changeset Generator ×2, AI Moderator
example.com	1	The Great Escapi
github.com	4	Changeset Generator (×2), Smoke Call Workflow, AI Moderator
invalid.example.invalid	1	jsweep - JavaScript Unbloater
nodejs.org	1	Glossary Maintainer
pkg.go.dev	1	Dependabot Dependency Checker
proxy.golang.org	5	Dependabot Dependency Checker
storage.googleapis.com	1	GPL Dependency Cleaner

---

Security Recommendations

🔧 Fix: Add Go Ecosystem to Dependabot Allowlist

Priority: High — proxy.golang.org (5 blocks) and pkg.go.dev (1 block) are causing silent failures in Go dependency resolution. Add to the Dependabot workflow's network allowlist:

network:
  allowed:
    - defaults
    - proxy.golang.org
    - sum.golang.org
    - pkg.go.dev

🔧 Fix: Add nodejs.org for Glossary Maintainer

Priority: Medium — The Glossary Maintainer was blocked from nodejs.org (1 block). If the workflow needs Node.js release metadata, add it to the allowlist or use an alternative source.

🔧 Fix: storage.googleapis.com for GPL Dependency Cleaner

Priority: Medium — The GPL Dependency Cleaner was blocked from storage.googleapis.com (1 block). If this is needed for downloading tools, add it to the workflow's allowlist.

🔍 Investigate: github.com vs .github.com policy gap

Priority: Medium — 4 blocks on bare github.com + 4 on api.github.com in workflows that should have GitHub access. The default policy uses .github.com (subdomain wildcard) but the Changeset Generator and AI Moderator use a restricted custom allowlist. Verify these workflows don't need direct github.com access, or add explicit entries.

✅ Expected: Smoke Test Probes

The chatgpt.com, invalid.example.invalid, and example.com blocks are deliberate firewall escape probes from smoke/security test workflows. These are working as intended — the firewall is correctly containing access.

🗑️ Cleanup: Unused Regex Rule

The allow-both-regex rule (currently only *.jsr.io) had 0 hits today. If jsr.io is not actively used, consider removing this rule to simplify the policy.

---

References:

• §23941823622 — Dependabot (most blocked: proxy.golang.org ×5)
• §23934285733 — Changeset Generator (github.com + chatgpt.com blocked)
• §23942998940 — Glossary Maintainer (nodejs.org blocked)

AI generated by Daily Firewall Logs Collector and Reporter · history

• expires on Apr 6, 2026, 12:00 PM UTC

[pelikhan]

/plan in a single issue

[github-actions[bot]]

🚀 Plan Command has started processing this discussion comment

[github-actions[bot]]

This discussion has been marked as outdated by Daily Firewall Logs Collector and Reporter.

A newer discussion is available at Discussion #24474.