[ws-proxy] Distinguish between WS_NOTFOUND and WS_ID_INVALID #10393
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
[ws-proxy] Distinguish between WS_NOTFOUND and WS_ID_INVALID
We have too many metrics report with
WS_NOTFOUND
but, thisWS_NOTFOUND
is not reallyworkspace not found
, This also includes some attempts at external brute force hacking attacks, This PR tries to distinguish between brute force attempts and realworkspace not found
errors, at this point we are only looking at the workspaceID formatRelated Issue(s)
Fixes #
How to test
./dev/preview/portforward-monitoring-satellite.sh -c harvester
and open prometheusssh root@test.ssh.ws.pd-ssh-invalid-wsid.preview.gitpod-dev.com
it will increase WS_ID_INVALID errorssh gitpodio-templategolang-uiuho6zqyss@test.ssh.ws.pd-ssh-invalid-wsid.preview.gitpod-dev.com
it will increase WS_NOTFOUND errorprometheus query
Release Notes
Documentation