Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow adding a custom suffix to the default user agent #1509

Open
nadiamoe opened this issue Nov 4, 2024 · 0 comments
Open

Allow adding a custom suffix to the default user agent #1509

nadiamoe opened this issue Nov 4, 2024 · 0 comments
Labels
feature A new feature

Comments

@nadiamoe
Copy link
Member

nadiamoe commented Nov 4, 2024

Feature Description

Follow-up to #1497

There are a number of products that are now using xk6-browser under the hood, most prominently Grafana Cloud k6 (GCk6) and Synthetic Monitoring (SM). In particular, SM allows users to create a k6 script, potentially using xk6-browser, and schedule that check to be executed with certain periodicity (e.g. 5 minutes) ad infinitum.

During our time running SaaS synthetic monitoring, we very often (sometimes monthly) encounter situations where we get, either directly or in the worst case through one of our providers, abuse notices as someone notices our recurrent traffic but does not remember setting up our service, or is not aware of someone else setting it up. These situations are tricky for both parts:

  • The site administrator spends time and resources investigating where this traffic comes from, and potentially filing abuse requests to the provider sending it
  • We get requests to figure out which of our many tenants are hitting a particular website, which is quite time consuming to figure out. For k6 in particular, it might as well be impossible, as it is very hard to programatically list know which IP addresses a particular script will target

Sometimes, these requests arrive in form of abuse reports from our providers, such as Linode, Digitalocean, or AWS. These requests often have a very short timeframe, such as 24h, in which we have to locate the offending script, disable it, and report to our provider that the situation is resolved, or we face our accounts getting blocked and/or our infrastructure shut down.

For these reasons, I believe it would be highly beneficial is we could, without user intervention, make clear than a request is coming from our service, and potentially add some bits to help tracing that request down. I think the User-Agent header is an ideal place for that, as the user agent is a standard place to describe the application performing a request. User agents are widely used by robots and applications that function on behalf of a user to identify themselves. The industry has adapted to that, meaning that humans inspecting traffic are used to check the user agent in particular for this kind of information. Widely used servers, proxies and gateways provide means to log this information, with nginx doing so by default.

Suggested Solution (optional)

SM would like for xk6-browser to expose a way in which an arbitrary string can be appended to the default user agent. As an example, such mechanism could be an environment variable like K6_BROWSER_USER_AGENT_SUFFIX. If set, xk6-browser would append it to the default user agent, and send it.

For example if K6_BROWSER_USER_AGENT_SUFFIX is unset, the user agent could default to:

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

If K6_BROWSER_USER_AGENT_SUFFIX=GrafanaSyntheticMonitoring", the user agent could become:

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 GrafanaSyntheticMonitoring

With some development on the SM side, we could programatically set K6_BROWSER_USER_AGENT_SUFFIX to include specific bits for each check, so we have something like:

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 GrafanaSyntheticMonitoring (smdev.grafana.net, CheckID 5678)

I think this would greatly help both users and service providers to identify these requests as coming from Grafana, providing a path for users to know if they set them up, and for us to disable them if they don't recognize them.

Already existing or connected issues / PRs (optional)

#1497
grafana/crocochrome#43

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature A new feature
Projects
None yet
Development

No branches or pull requests

1 participant