Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Broken links in the tos.md page (static site) #8166

Open
bobbywells52 opened this issue Oct 1, 2024 · 5 comments
Open

Broken links in the tos.md page (static site) #8166

bobbywells52 opened this issue Oct 1, 2024 · 5 comments
Assignees
@DanielSass
Labels
Bug Needs refinement

Comments

@bobbywells52
Copy link
Collaborator

Description

There are two broken links on the static site that have been identified by our link checker here.

Expected behavior

The two links in question are currently returning 403s, when we expect 200s.
@mpbrown
Copy link
Collaborator

mpbrown commented Oct 3, 2024

Linking broken link report here

@DanielSass
Copy link
Collaborator

The links both seem to work in a browser, I'm curious why we're getting permissions issues
https://www.hhs.gov/foia/privacy/index.html
https://www.hhs.gov/vulnerability-disclosure-policy/index.html

@bobbywells52
Copy link
Collaborator Author

Update the links are working in my browser as well but still failing in the link checker here.

@emyl3 emyl3 mentioned this issue Oct 7, 2024
Merged
@DanielSass DanielSass self-assigned this Oct 15, 2024
@DanielSass
Copy link
Collaborator

In addition to direct browsing to the links, I'm able to click the links on the static site itself. It appears to just be an issue from the github actions.

@DanielSass
Copy link
Collaborator

DanielSass commented Oct 17, 2024
edited
Loading

Followed up with Rin on this:

Both of these sites go to HHS, not CDC. The DNS entry for this points to an ec2 instance floating around somewhere in AWS, with a default Apache page. I have heard of instances where GitHub Actions runners are blocked, since they can be used to launch attacks. I want to say we have run into something like this previously with SimpleReport's WAF.
Ultimately, everything is configured correctly on our end. This would be outside the CDC's hands. The only two workarounds that I can think of are:

  1. Use a self-hosted runner for this. CDC provides a few in their CDCEnt organization, but they haven't made them accessible in CDCGov. Unfortunately, unless we want to pay a few hundred per month in hosting costs, this will be a no-go for us.
  2. Use a lycheeignore file, or pass in domains to ignore using the --exclude switch from within the action's args: input. We can exclude the problematic HHS domains here, but we will have no way to know if they end up broken. Ultimately, though, that's beyond our control.
  3. Bonus option: expect a 403 code. Concern with this approach is if the code we're getting is at the gateway level vs the page level. Link could go back and everything would still be green.

@emyl3 emyl3 mentioned this issue Oct 21, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DanielSass DanielSass

Labels
Bug Needs refinement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DanielSass @mpbrown @bobbywells52