Configuring Debezium heartbeat query for Postgres source with CDC

Summary

When configuring the debezium heartbeat query for a Postgres source using CDC, queries that update or insert values to the table immediately fail with a 403 error. It seems like there may be an issue with SQL injection detection, even though queries that do not alter rows are accepted. The table has correct permissions set up, but the query is being flagged for potential SQL injection.

Question

has anyone tried to configure the debezium heartbeat query for a Postgres source using CDC? when we’ve tried using any query that updates or inserts values to the table seems to immediately fail with a 403 error. This seems like it’s trying to block sql injection, but on a field that requires sql (we can put in something that doesn’t update or alter rows like update x and it’s accepted). We have the table set up with correct permissions, the only explanation i have is that the query is being flagged for sql injection

This topic has been created from a Slack thread to give it more visibility.
It will be on Read-Only mode here. Click here if you want to access the original thread.

Join the conversation on Slack

403 is an HTTP response code so that must not be coming from the database server

yup, that’s why i think it’s something in the webapp or server trying to block sql injection before sending anything to the db

I agree with that. Are you running Airbyte onprem? Kubernetes or something else?

airbyte oss on kubernetes in the AWS cloud

Are you using AWS WAF or similar in front of your Kubernetes cluster?

strange, same query for us immediately gets a 403 error:

will check with our infra team

The 403 is probably coming from your WAF

got it, super helpful, thanks!

The AWS WAF returns an HTTP 403 for SQL injection blocks by default

So those requests are never making it into your k8s cluster and therefore never into the airbyte service

really appreciate the help!