New specific Error code for port not allowed #2888
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A failure of the port validation against the allowed range results in a ROUTER_ERR_GENERIC failure cause. It would be very useful to have a separate error code for this, as it indicates a misconfiguration, or an attempt to reach ports out of policy, possibly signaling malicious intent.
Log entry:
Mar 10 17:47:45 ip-10-19-232-153 ziti-controller[264984]: {"_channels":["selectPath"],"apiSessionId":"cm81ryt2wosivgoqkt9nb5b9m","attemptNumber":1,"circuitId":"BwPDd2inOV","error":"error creating route for [s/BwPDd2inOV] on [r/XXB0Jd8KwN] (error creating route for [c/BwPDd2inOV]: port 7070 is not in allowed port ranges)","file":"github.com/openziti/ziti/controller/network/network.go:597","func":"github.com/openziti/ziti/controller/network.(*Network).CreateCircuit","level":"warning","msg":"route attempt for circuit failed","serviceId":"vngGz6W0LDMh6BFYTUGO7","serviceName":"service-name","sessionId":"cm81s3pwqospjgoqklwj2dqmb","time":"2025-03-10T17:47:45.346Z"}The text was updated successfully, but these errors were encountered: