I was running some vulnerability testings on service mesh and I got 2 things connected with istio that I can’t find how to solve: the first one was I was advised to change the response headers to not show server: envoy-proxy, the second one is that I need to whitelist specific domains in with allowOrigin (currently I have a wildcard and if I send a request from some hacking domain for example it will pass. I have tried to whitelist specific domain like http:// or https://somedomain.com or without port, but it didn’t block anything. Currently I am on 1.2.2, but tested on 1.4 as well. I saw there is a github issue about it, but did anyone manage to get around it somehow on that verison?
Related Topics
Topic | Replies | Views | Activity | |
---|---|---|---|---|
IP Whitelisting with AuthorizationPolicy in EKS | 6 | 2872 | December 29, 2021 | |
Overridding VS rules | 2 | 467 | January 23, 2020 | |
Istio (Envoy-proxy sidecar) is blocking http traffic on port 8088 | 20 | 9494 | June 4, 2020 | |
Envoy filter not allowing headers in Istio? | 1 | 1191 | August 2, 2019 | |
Blocking of ports in mesh (pre-1.1.3) | 4 | 2898 | May 16, 2019 |