I was running some vulnerability testings on service mesh and I got 2 things connected with istio that I can’t find how to solve: the first one was I was advised to change the response headers to not show server: envoy-proxy, the second one is that I need to whitelist specific domains in with allowOrigin (currently I have a wildcard and if I send a request from some hacking domain for example it will pass. I have tried to whitelist specific domain like http:// or https://somedomain.com or without port, but it didn’t block anything. Currently I am on 1.2.2, but tested on 1.4 as well. I saw there is a github issue about it, but did anyone manage to get around it somehow on that verison?
Related topics
Topic | Replies | Views | Activity | |
---|---|---|---|---|
IP Whitelisting with AuthorizationPolicy in EKS | 6 | 3292 | December 29, 2021 | |
Can't hit anything external in 1.1.1
|
1 | 1224 | March 30, 2019 | |
Overridding VS rules | 2 | 549 | January 23, 2020 | |
Istio (Envoy-proxy sidecar) is blocking http traffic on port 8088 | 20 | 10371 | June 4, 2020 | |
Envoy filter not allowing headers in Istio? | 1 | 1264 | August 2, 2019 |