error[E004]: HTTP status client error (403 Forbidden) for url

[omgaz]

Description

Receiving a 403 error when trying to introspect a schema on a live running server. Server is behind a firewall, but machine where commands are run have access.

Steps to reproduce

Run rover graph introspect https://api.example.com/graphql --log debug where whatever https://api.example.com is, is behind a firewall.

Expected result

Introspection should complete as expected.

Alternatively steps to work around this issue or why it fails should be provided:

• are there a range of IP addresses that could be placed in an allow-list
• explanation for why it may fail if the machine is inside the whitelist, are there external api calls that are made from outside the trusted network?

Actual result

Introspection fails with error: error[E004]: HTTP status client error (403 Forbidden) for url

Environment

Rover Info:
Version: 0.4.1
Install Location: /Users/omgaz/git/ahm/api/node_modules/binary-install/bin/rover
OS: Mac OS 12.1.0 [64-bit]
Shell: /bin/zsh

[omgaz]

I think I found the issue, and a possible fix.

Issue: rover does not set a user agent in the header. This is an issue when using an AWS powered WAF with default rulesets applied (AWS#AWSManagedRulesCommonRuleSet#NoUserAgent_HEADER).

To replicate:

Put an apollo server behind an AWS WAF using the AWSManagedRulesCommonRuleSet. Try to introspect the server and you'll get a 403. (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-baseline.html)

rover graph introspect https://api.example.com/graphql

To fix:

rover graph introspect https://api.example.com/graphql --header "user-agent: ${rover --version}"

Suggestion: Rover should have a user agent set by default.

[EverlastingBugstopper]

This was fixed by #1075