pgadminamazon-waf

pgAdmin4 and AWS ALB + WAF: AttributeError: 'NoneType' object has no attribute '_query'


Context: pgadmin4 (any recent version) is deployed as a pod in AWS EKS and accessed via public ALB + WAF with public HTTPS certs. BD: AWS RDS in the same VPC. Pgadmin mostly works fine, but some queries give the next error:

Traceback (most recent call last):
  File "/venv/lib/python3.11/site-packages/flask/app.py", line 1484, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.11/site-packages/flask/app.py", line 1469, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.11/site-packages/flask_login/utils.py", line 290, in decorated_view
    return current_app.ensure_sync(func)(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/pgadmin4/pgadmin/tools/sqleditor/__init__.py", line 979, in poll
    conn._Connection__async_cursor._query)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute '_query'

The most interesting part: all queries work good if I open pgadmin not via ALB but via port forwarding from the pod or k8s service directly (without ALB).


Solution

  • AWS WAF (assigned on my ALB) blocked some queries because of AWS#AWSManagedRulesSQLiRuleSet#SQLi_BODY rule in AWS-AWSManagedRulesSQLiRuleSet. I realised it when I saw "forbidden" errors in browser developer console.