From c1e9d7214cf29ec1af694198a518d8bed35a7134 Mon Sep 17 00:00:00 2001 From: max-ostapenko <1611259+max-ostapenko@users.noreply.github.com> Date: Sat, 27 Jun 2026 21:51:03 +0000 Subject: [PATCH] fix: secure /health endpoint against unauthorized access Restricts the `/health` endpoint to only allow local loopback IPs or the Google Cloud health check agent (`GoogleHC`), preventing external probing or automated scanning. --- infra/dataform-service/src/index.js | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/infra/dataform-service/src/index.js b/infra/dataform-service/src/index.js index cc262781..ab0a2095 100644 --- a/infra/dataform-service/src/index.js +++ b/infra/dataform-service/src/index.js @@ -225,6 +225,22 @@ async function mainHandler (req, res) { if (path === '/health') { // Health check endpoint + const allowedIps = ['127.0.0.1', '::ffff:127.0.0.1', '::1'] + const clientIp = req.ip || req.socket?.remoteAddress + const userAgent = req.headers['user-agent'] || '' + + // Allow local IPs or Google's health check agent + const isLocal = allowedIps.includes(clientIp) + const isGoogleHC = userAgent.includes('GoogleHC') + + if (!isLocal && !isGoogleHC) { + res.status(403).json({ + error: 'Forbidden', + message: 'Access to health check endpoint is restricted' + }) + return + } + res.status(200).json({ status: 'healthy', timestamp: new Date().toISOString()