← All incidents

Internal health endpoints returning 403

Resolved

Our bot-protection middleware was blocking curl-based health probes (which omit a User-Agent). No user-facing impact; monitoring only. Middleware patched to exempt /health and /internal/*.

Started: 14 Apr 2026, 18:10 UTC
Resolved: 14 Apr 2026, 20:30 UTC
Severity: minor

Affected products

Timeline

Identified
14 Apr 2026, 18:45 UTC
Traced 403s to BotBlocker middleware. Drafting an exemption for /health and /internal/* routes across all 16 services.
Resolved
14 Apr 2026, 20:30 UTC
Exemption deployed to every NestJS service. All probes green.