Daily Firewall Report - 2026-03-26

[github-actions[bot]]

🔥 Daily Firewall Activity Report for March 26, 2026

This report covers all agentic workflow runs with the network firewall enabled over the past 7 days. Today's analysis detected 170 blocked requests across 4 affected workflows — with one workflow (Changeset Generator) responsible for 87.6% of all blocked traffic, largely due to legitimate GitHub domains being denied. All blocked traffic originated from the Codex engine.

Key Metrics

Metric	Value
🔍 Workflow runs analyzed	38
📊 Total network requests	1,299
✅ Allowed requests	1,129 (86.9%)
🚫 Blocked requests	170 (13.1%)
🌐 Unique blocked domains	5
🗓️ Date range	2026-03-26

---

Top Blocked Domains

Rank	Domain	Block Count	Workflows	Category
1	raw.githubusercontent.com:443	115	Changeset Generator	GitHub CDN ⚠️
2	ab.chatgpt.com:443	31	AI Moderator, Smoke Codex, Changeset Generator	OpenAI Telemetry
3	github.com:443	22	Changeset Generator	GitHub Apex ⚠️
4	codeload.github.com:443	1	Changeset Generator	GitHub Downloads ⚠️
5	release-assets.githubusercontent.com:443	1	CI Cleaner	GitHub Releases

⚠️ = Legitimate GitHub service being blocked — likely a configuration gap

---

📈 Firewall Activity Trends

Request Patterns by Workflow

The chart reveals that most workflows operate cleanly with zero blocked requests. The Changeset Generator stands out significantly — it generated 149 of 170 total blocked requests (87.6%), indicating a specific allowlist misconfiguration. All blocked traffic is concentrated in Codex-engine workflows.

Top Blocked Domains

raw.githubusercontent.com dominates with 115 blocks — a GitHub-owned CDN that should be permitted. The ab.chatgpt.com domain is an OpenAI telemetry endpoint consistently called by Codex-engine workflows; blocking it is appropriate and expected security behavior.

---

Policy Rule Attribution

📋 Policy: 7 rules, SSL Bump disabled, DLP disabled

Rule ID	Action	Description
deny-unsafe-ports	🔴 deny	Deny non-standard ports (allow only 80, 443)
deny-connect-unsafe-ports	🔴 deny	Deny CONNECT to unsafe ports
deny-raw-ipv4	🔴 deny	Deny raw IPv4 addresses
deny-raw-ipv6	🔴 deny	Deny raw IPv6 addresses
allow-both-plain	🟢 allow	Allowlist: .anthropic.com, .github.com, .githubusercontent.com (regex), .pypi.org, .registry.npmjs.org, etc.
allow-both-regex	🟢 allow	Regex: ^[a-zA-Z0-9.-]*\.githubusercontent\.com$
deny-default	🔴 deny	Default deny — all unmatched traffic

Root cause analysis for GitHub domain blocks:

The allow-both-plain rule includes .github.com (with leading dot). In Squid's dstdomain ACL, a leading dot matches subdomains only — it does not match the apex domain github.com itself. This means:

• raw.githubusercontent.com → should match the regex rule but may be failing due to port suffix (raw.githubusercontent.com:443) being included in ACL matching
• github.com → does not match .github.com (apex domain exclusion)
• codeload.github.com → should match .github.com but apparently does not in this context

---

View Detailed Request Patterns by Workflow

Changeset Generator (1 run — 23581097995)

Engine: Codex | Total: 64 allowed, 149 blocked (70% block rate)

Domain	Blocked	Allowed	Block Rate	Category
raw.githubusercontent.com:443	115	0	100%	GitHub CDN
github.com:443	22	0	100%	GitHub Apex
ab.chatgpt.com:443	11	0	100%	OpenAI Telemetry
codeload.github.com:443	1	0	100%	GitHub Downloads

This workflow is trying to fetch content from raw.githubusercontent.com (likely reading raw files) and github.com directly. With 149 blocks out of 213 total attempted connections, the workflow may be degraded — it should be completing with partial data or retrying.

AI Moderator (5 runs — Codex engine)

Total across 5 runs: 58 allowed, 15 blocked

Domain	Blocked per run	Category
ab.chatgpt.com:443	3 (consistent across all 5 runs)	OpenAI Telemetry

The consistent pattern of exactly 3 blocks per run on ab.chatgpt.com suggests this is a fixed initialization/telemetry call pattern from the Codex engine at startup. This is expected and benign blocking.

Smoke Codex (1 run — 23581098000)

Engine: Codex | Total: 23 allowed, 5 blocked

Domain	Blocked	Category
ab.chatgpt.com:443	5	OpenAI Telemetry

Similar pattern to AI Moderator — Codex engine telemetry calls being correctly blocked.

CI Cleaner (1 run — 23580490576)

Engine: Copilot | Total: 99 allowed, 1 blocked

Domain	Blocked	Category
release-assets.githubusercontent.com:443	1	GitHub Releases

Single block on a GitHub release assets domain. May be a one-time request for a release artifact that isn't in the default allowlist.

View Complete Blocked Domains List

Domain	Total Blocks	Workflows	Category	Should Allow?
raw.githubusercontent.com:443	115	Changeset Generator	GitHub CDN	✅ Yes
ab.chatgpt.com:443	31	AI Moderator, Smoke Codex, Changeset Generator	OpenAI Telemetry	❌ No
github.com:443	22	Changeset Generator	GitHub Apex	✅ Yes
codeload.github.com:443	1	Changeset Generator	GitHub Downloads	✅ Yes
release-assets.githubusercontent.com:443	1	CI Cleaner	GitHub Releases	✅ Yes

---

Security Recommendations

🚨 High Priority

1. Fix Changeset Generator allowlist — The workflow is blocking legitimate GitHub domains. Add explicit entries to the workflow's network.allowed configuration:

   network:
     allowed:
       - "github.com"                      # apex domain (Squid doesn't match via .github.com)
       - "raw.githubusercontent.com"        # raw file CDN
       - "codeload.github.com"             # code downloads
       - "release-assets.githubusercontent.com"  # release artifacts

   With 149 blocks per run, this workflow is operating in a significantly degraded state.

2. Investigate raw.githubusercontent.com regex match failure — The policy includes a regex rule ^[a-zA-Z0-9.-]*\.githubusercontent\.com$ intended to match all *.githubusercontent.com domains. If this regex is failing for HTTPS CONNECT requests, it may be because Squid is matching raw.githubusercontent.com:443 (with port) against the pattern. Verify Squid regex ACL behavior for CONNECT tunnels.

ℹ️ Informational

3. ab.chatgpt.com blocking is correct — The OpenAI Codex engine attempts to call this telemetry endpoint on initialization. This is correctly blocked by the default firewall policy. No action needed — this is a desirable security outcome.

4. Add github.com apex to default allowlist — The default allow-both-plain rule includes .github.com but Squid's dstdomain ACL with a leading dot only matches subdomains, not the apex. Consider adding github.com (no leading dot) to the default allowlist to cover direct connections to github.com.

5. All blocked traffic is Codex-engine — 100% of blocked requests came from workflows using the codex engine, with one exception (1 request from CI Cleaner using copilot). This may indicate that Codex-based workflows have different network access patterns or use more raw GitHub API endpoints than Claude/Copilot-based workflows.

---

References:

• §23581097995 — Changeset Generator (most blocked traffic)
• §23581098000 — Smoke Codex
• §23591762220 — AI Moderator (latest run)

AI generated by Daily Firewall Logs Collector and Reporter · history

• expires on Mar 29, 2026, 12:02 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily Firewall Logs Collector and Reporter.

A newer discussion is available at Discussion #23226.