Daily Firewall Report - 2026-03-29

[github-actions[bot]]

This report covers firewall activity across all agentic workflows in github/gh-aw that use the network firewall feature. Today's analysis covers 51 workflow runs from the past 7 days (all from 2026-03-29), with historical trend data extending back to 2026-03-05.

The firewall performed well overall with a 1.3% block rate. The 16 blocked requests came from 5 workflows and 6 unique domains. Most blocks were expected behavior — Changeset Generator lacked GitHub API permissions, Smoke Codex attempted to reach ChatGPT (not in its allowlist), and jsweep hit a deliberate test domain. One potential misconfiguration was found in CI Cleaner (blocked release-assets.githubusercontent.com).

📊 Key Metrics

Metric	Value
🔥 Workflows Analyzed	44 unique (51 total runs)
📡 Total Network Requests	1,206
✅ Allowed Requests	1,190 (98.7%)
🚫 Blocked Requests	16 (1.3%)
🌐 Unique Blocked Domains	6
📅 Date Range	2026-03-29 (7-day scope)

🚫 Top Blocked Domains

#	Domain	Blocks	Block Rate	Workflows	Category
1	invalid.example.invalid	6	100%	jsweep - JavaScript Unbloater	🧪 Test/Invalid
2	chatgpt.com	4	100%	Changeset Generator, Smoke Codex	🤖 AI Service
3	github.com	2	~40%	Changeset Generator	🐙 GitHub
4	api.github.com	2	~40%	Changeset Generator	🐙 GitHub
5	storage.googleapis.com	1	~4%	GPL Dependency Cleaner (gpclean)	☁️ Google Cloud
6	release-assets.githubusercontent.com	1	~1%	CI Cleaner	🐙 GitHub Assets

📈 Firewall Activity Trends

Request Patterns

Firewall activity peaked significantly on 2026-03-12 (1,523 total requests, 245 blocked — 16.1% block rate), which was the highest block rate in the historical record. After a quiet period (2026-03-13 to 2026-03-18), activity resumed on 2026-03-19/20 with modest block counts. Today's run (2026-03-29) shows 1,206 requests with a healthy 1.3% block rate, suggesting improved network permission configuration compared to the March 12 spike.

Top Blocked Domains

invalid.example.invalid and chatgpt.com are the most frequently blocked domains. The invalid.example.invalid domain is a test domain used by jsweep - JavaScript Unbloater to verify firewall behavior, so its blocks are expected. The chatgpt.com blocks reflect AI service domains not included in workflow allowlists — this may indicate workflows attempting to use external AI APIs without proper permission configuration.

🔒 Policy Rule Attribution

📋 Policy Configuration: 7 rules, SSL Bump disabled, DLP disabled

All analyzed runs share the same core policy structure:

Rule ID	Action	Description
deny-unsafe-ports	🔴 deny	Deny requests to non-standard ports (only 80, 443 allowed)
deny-connect-unsafe-ports	🔴 deny	Deny HTTPS CONNECT to non-standard ports
deny-raw-ipv4	🔴 deny	Deny requests to raw IPv4 addresses (anti-bypass)
deny-raw-ipv6	🔴 deny	Deny requests to raw IPv6 addresses (anti-bypass)
allow-both-plain	🟢 allow	Allow HTTP/HTTPS to explicitly listed domains
allow-both-regex	🟢 allow	Allow HTTP/HTTPS to regex-pattern-matched domains
deny-default	🔴 deny	Default deny — blocks all unmatched traffic

Denied Requests with Rule Attribution (Today):

Domain	Deny Rule	Occurrences	Workflow
invalid.example.invalid	deny-default	6	jsweep - JavaScript Unbloater
chatgpt.com	deny-default	4	Changeset Generator, Smoke Codex
github.com	deny-default	2	Changeset Generator
api.github.com	deny-default	2	Changeset Generator
storage.googleapis.com	deny-default	1	GPL Dependency Cleaner (gpclean)
release-assets.githubusercontent.com	deny-default	1	CI Cleaner

All denials were handled by the deny-default rule, indicating none of the blocked domains matched any explicit deny rule — they simply were not in the allowlist. No unsafe port or raw IP violations were detected today.

View Detailed Request Patterns by Workflow

Workflow: jsweep - JavaScript Unbloater (1 run)

Domain	Blocked	Allowed	Block Rate	Category
invalid.example.invalid	6	0	100%	🧪 Test/Invalid

• Total requests: 61 | Allowed: 55 | Blocked: 6
• Run: §23699095781
• Note: This workflow deliberately tests the firewall with an invalid domain. Blocks are expected.

Workflow: Changeset Generator (2 runs)

Domain	Blocked	Allowed	Block Rate	Category
github.com	2	—	100%	🐙 GitHub
api.github.com	2	—	100%	🐙 GitHub
chatgpt.com	2	—	100%	🤖 AI Service

• Total requests: 30 | Allowed: 24 | Blocked: 6 (20% block rate)
• Runs: §23699095759, §23699095763
• Note: github.com and api.github.com being blocked suggests this workflow uses the GitHub MCP server but may have insufficient network permissions for direct GitHub API access. chatgpt.com block is expected.

Workflow: Smoke Codex (2 runs)

Domain	Blocked	Allowed	Block Rate	Category
chatgpt.com	2	—	100%	🤖 AI Service

• Total requests: 36 | Allowed: 34 | Blocked: 2 (5.6% block rate)
• Note: chatgpt.com is not in the Codex engine allowlist. Expected behavior.

Workflow: GPL Dependency Cleaner (gpclean) (1 run)

Domain	Blocked	Allowed	Block Rate	Category
storage.googleapis.com	1	22	~4%	☁️ Google Cloud

• Total requests: 23 | Allowed: 22 | Blocked: 1
• Note: One storage.googleapis.com request was blocked. This may be a transient request to a GCS bucket that's not in the allowlist.

Workflow: CI Cleaner (1 run)

Domain	Blocked	Allowed	Block Rate	Category
release-assets.githubusercontent.com	1	—	~1%	🐙 GitHub Assets

• Total requests: 106 | Allowed: 105 | Blocked: 1
• Note: release-assets.githubusercontent.com is a GitHub asset CDN domain. This may need to be added to the workflow's allowlist if it's required for downloading release assets.

View Complete Blocked Domains List

Alphabetically sorted list of all unique blocked domains detected in the past 7 days:

Domain	Total Blocks	Workflows
api.github.com	2	Changeset Generator
chatgpt.com	4	Changeset Generator, Smoke Codex
github.com	2	Changeset Generator
invalid.example.invalid	6	jsweep - JavaScript Unbloater
release-assets.githubusercontent.com	1	CI Cleaner
storage.googleapis.com	1	GPL Dependency Cleaner (gpclean)

💡 Security Recommendations

1. ✅ No immediate security concerns — All blocked domains appear to be either test artifacts, expected external service blocks, or configuration gaps, not malicious activity.

2. 🔧 Changeset Generator — Missing GitHub API permissions: github.com and api.github.com are being blocked. If this workflow needs direct GitHub API access (outside of MCP), add these to the network.allowed list. If using GitHub MCP, verify that the MCP server is properly handling these requests without needing direct network access.

3. 🔧 CI Cleaner — Consider adding release-assets.githubusercontent.com: This GitHub asset CDN domain was blocked once. If the workflow downloads release artifacts, it should be added to the network.allowed list:

   network:
     allowed:
       - release-assets.githubusercontent.com

4. 🔧 GPL Dependency Cleaner — Evaluate storage.googleapis.com need: If this workflow downloads packages from Google Cloud Storage, consider adding storage.googleapis.com to the allowlist. Otherwise, investigate the source of the request.

5. 📊 Historical anomaly on 2026-03-12: The 245 blocked requests (16.1% block rate) on March 12 was a significant spike worth investigating. Review the workflow runs from that day to understand whether it was a misconfiguration, a deliberate test, or an unexpected behavior pattern.

6. ✅ deny-default rule is working correctly — All blocked traffic is being caught by the default-deny rule, confirming the allowlist-based approach is functioning as intended. No bypass attempts detected.

7. 🧪 invalid.example.invalid is a test domain — The jsweep workflow's use of this domain confirms the firewall is correctly blocking non-allowlisted domains. No action needed.

---

References:

• §23699095770 — Agent Container Smoke Test
• §23699095759 — Changeset Generator (blocked github.com, api.github.com, chatgpt.com)
• §23708221886 — This workflow run (Daily Firewall Logs Collector)

AI generated by Daily Firewall Logs Collector and Reporter · history

• expires on Apr 1, 2026, 11:52 AM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily Firewall Logs Collector and Reporter.

A newer discussion is available at Discussion #23541.