Which should whitelist requests, however it only whitelists some requests, such as requests from a normal browser, however requests from an http client (such as axios or go http client) is blocked as baloo detects a headless browser:
"Blocked by BalooProxy.
Your browser Headless Browser is not allowed."
BalooProxy should allow all requests whether it is from a Headless Browser or not as it is explicitly defined in the firewall rule to whitelist requests
I tried refining the firewall rule by adding whitelist to unknown browsers and the ip address i sent the requests from
{
"expression": "(ip.src eq \"IPADDRESS\" or ip.engine eq \"\" and http.path contains \"/api\")",
"action": "0"
}
Yet still no luck, this makes it difficult for Balooproxy to protect dynamic sites that have APIs.
For example, I made a firewall rule that whitelists requests that contain "/api" in the request path.
{ "expression": "(http.path contains \"/api\")", "action": "0" },
Which should whitelist requests, however it only whitelists some requests, such as requests from a normal browser, however requests from an http client (such as axios or go http client) is blocked as baloo detects a headless browser:
"Blocked by BalooProxy. Your browser Headless Browser is not allowed."
BalooProxy should allow all requests whether it is from a Headless Browser or not as it is explicitly defined in the firewall rule to whitelist requests
I tried refining the firewall rule by adding whitelist to unknown browsers and the ip address i sent the requests from
{ "expression": "(ip.src eq \"IPADDRESS\" or ip.engine eq \"\" and http.path contains \"/api\")", "action": "0" }
Yet still no luck, this makes it difficult for Balooproxy to protect dynamic sites that have APIs.