Salesforce, Python, SQL, & other ways to put your data where you need it

Need event music? 🎸

Live and recorded jazz, pop, and meditative music for your virtual conference / Zoom wedding / yoga class / private party with quality sound and a smooth technical experience

Validate networking lines of sight

08 Jan 2026 🔖 architecture devops integration security
💬 EN

Table of Contents

So, you think set up your firewall correctly? Want to double-check? Below I wrote 2 little PowerShell/Pester scripts to help validate actual lines of sight, once you know what you intended to implement.

For example, if you think you’ve locked down a privately networked GitHub Actions CI/CD pipeline runner to only have access to GitHub.com and NpmJS.com, you might want to run these snippets from within a GitHub Action CI/CD pipeline’s YAML file, validating that it can reach NPM but can’t reach NuGet.org.

Validate a URL is actually reachable

This one makes sure you actually can, networking-wise, reach https://secured-server.example.com/something_or_other (replace it with your own expected-allowed URL, of course).

  • Note: The code below presumes it’s supposed to return a 200 status code once you make it past network filtering. If that’s not how your URL behaves, you might need to edit the code to better match your reality.
Describe "Expected-allowed server works" {
    BeforeAll {
        $expected_yes_http_response = $null
        $expected_yes_http_request_splat = @{
            'Method' = 'GET'
            'Uri'    = 'https://secured-server.example.com/something_or_other' # The expected-ALLOWED (reachable) URL
        }
        $expected_yes_http_response = Invoke-WebRequest @expected_yes_http_request_splat | 
        Select-Object -Property @('StatusCode')
    }
    # Validate
    It "should return a status code of 200" {
        $expected_yes_http_response.StatusCode | Should -Be 200
    }
}

Validate a URL is actually blocked

This one makes sure you are blocked, networking-wise, from trying to reach http://10.255.255.1/test (replace it with your own expected-allowed URL, of course).

Describe "Expected-denied server fails" {
    BeforeAll {
        # Make a request against expected DENIED
        $expected_no_socket_exception_message = $null
        $expected_no_http_request_splat = @{
            'Method' = 'GET'
            'Uri'    = 'http://10.255.255.1/test' # The expected-DENIED (blocked) URL
        }
        try {
            Invoke-WebRequest @expected_no_http_request_splat
        }
        catch [System.Net.Sockets.SocketException] {
            $expected_no_socket_exception_message = $_.ErrorDetails.Message
        }
    }
    # Validate
    It "should timeout because no line of sight" {
        $expected_no_socket_exception_message | Should -Not -BeNullOrEmpty
    }
}
--- ---