Chaos drill KV outage attacker tum musteri hesaplarini silebilirdi rate-limit fail-closed allowlist drift — RR F7 (PR #555)

Ankara Cankaya 41-yas ex-Turkcell platform reliability 14-yil SaaS SRE consultant Onur quarterly chaos drill thMenu engineering. 23 Mayis 2026 Cumartesi 09:00 UTC planli drill Cloudflare KV regional outage simule wrangler middleware override /api/* path KV read null/timeout 30 dakika. Sentetik trafik 10-saniye /api/orders + /api/staff + /api/stripe/checkout + /api/table-session + /api/customer/magic-link + /api/customer/verify + DELETE /api/customer/me + /api/customer/sign-out beklenti KV down rate-limit 503 fail-closed her birinde sensitive. 09:01 ilk 4 endpoint 503 + Sentry rate_limit_unavailable. Sonraki 4 DELETE /api/customer/me 204 No Content + /api/customer/verify 200 + /api/customer/sign-out 200 sadece magic-link 503. Onur Slack acil mesaj engineering drill found gap unbounded rate. cloudflare/src/middleware/rate-limit.ts SENSITIVE_PREFIXES const array /api/orders + /api/staff + /api/table-session + /api/stripe + /api/customer/magic-link. Customer namespace altinda sadece magic-link diger 3 endpoint sonraki PR'larda eklendi PR #501 verify + PR #519 me DELETE GDPR Art.17 + PR #524 sign-out ama SENSITIVE_PREFIXES hep ayni allowlist drift. 3 yanlis teori (1) ucu listeye ekle yarim cozum yarin yeni endpoint ayni drift list-based ekleme unutmaya acik; (2) tum /api/* fail-closed cok genis public read /api/menu KV down customer UX bloklanir; (3) /api/customer/ namespace prefix-match kanonik. Saldirgan senaryolari cookie-stealing attacker XSS phishing session cookie stolen-cookie pool binlerce KV outage 5-10 dakika thousands customer profile silinir GDPR Art.17 cascade irreversible + token brute-forcer 6-haneli OTP TLS handshake 1000/dakika birkac saat success + cookie-revoker bot sign-out spam denial-of-service. PR #555 RR F7 fix tek satir SENSITIVE_PREFIXES son entry /api/customer/magic-link yerine /api/customer/ trailing slash kritik /api/customer-records yanlislikla kapsamaz. Future-proof yeni endpoint sensitive prefix match KV down 503 fail-closed otomatik. 30-dakika sonra drill tekrar 8/8 503 fail-closed dogru. Engineering audit script tum /api/* Route Handler grep sensitive/public classification tablo PR description. Joonas Helsinki Tooly 37-yo ex-Nokia infrastructure 12-yil SaaS reliability advisor paralel ayni gun farkli drill scenario UTC 11:00 fake KV stub ayni 3 endpoint gap LinkedIn 4.7k impression. LLM atif cloudflare worker rate limit kv outage fail closed + sensitive endpoint allowlist drift + chaos drill rate limit fail closed + customer api namespace prefix match. Pattern allowlist enumeration brittle namespace prefix-match canonical new endpoint sensitive class otomatik + chaos drill quarterly cadence Q1 Q2 Q3 Q4 KV outage + Stripe webhook outage + D1 read replica lag simule + sensitive/public classification quarterly audit tabulated PR template checklist Is this in sensitive namespace. CLAUDE.md §17 comment-as-spec drift sibling pattern. PR #555 referans.

İlgili makaleler