Skip to content

TLD wildcard patterns in network policy accepted but silently rejected by proxy #787

Description

@mjamiv

Summary

Network policy entries using TLD wildcards (e.g., *.com, *.org) are accepted by openshell policy set without error, but the proxy silently rejects matching CONNECT requests — 0 bytes returned, connection closed. No denial logged anywhere.

Subdomain wildcards (*.wikipedia.org) and explicit domains (example.com) work correctly.

Environment

  • OpenShell v0.0.25
  • Ubuntu 22.04 x64
  • Sandbox running OpenClaw with HTTP CONNECT proxy at 10.200.0.1:3128

Reproduction

  1. Create a policy with a TLD wildcard entry:
network_policies:
  web_general:
    name: web-general
    endpoints:
      - { host: "*.com", port: 443, enforcement: audit }
    binaries:
      - { path: /usr/bin/node }
      - { path: /usr/bin/curl }
  1. Apply: openshell policy set <sandbox> --policy policy.yaml → succeeds, new version submitted.

  2. From inside sandbox:

# TLD wildcard — silently fails
HTTPS_PROXY=http://10.200.0.1:3128 curl -s -o /dev/null -w '%{http_code}' https://example.com
# Returns 000, exit code 56 (receive error, 0 bytes from proxy)

# Explicit domain — works
# (after adding explicit example.com to policy)
HTTPS_PROXY=http://10.200.0.1:3128 curl -s -o /dev/null -w '%{http_code}' https://example.com
# Returns 200
  1. Node.js fetch() via EnvHttpProxyAgent shows the same behavior:
SocketError: UND_ERR_SOCKET
  remoteAddress: 10.200.0.1, remotePort: 3128
  bytesWritten: 207, bytesRead: 0

Expected Behavior

Either:

  • TLD wildcards should match (e.g., *.com matches example.com, en.wikipedia.org)
  • OR openshell policy set should reject TLD wildcards with a validation error

The current behavior (accepted but silently non-functional) is the worst case for debugging — no error at submission time, no denial log at request time.

Workaround

Use subdomain wildcards (*.wikipedia.org) or explicit domains. For general web access (e.g., web_fetch tool), route through a server-side API like Firecrawl so only api.firecrawl.dev needs to be in the policy.

Notes

The OpenClaw-init deployment guide documents this as "TLD wildcards cause OPA errors," but on v0.0.25 there are no OPA errors — just silent rejection. The behavior may have changed between versions.

Related: #704 (log proxy denials at warn level) — if denials were logged, this would have been immediately obvious.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions