search

PascalMinder / geoblock

Traefik middleware plugin - Deny requests based on country of origin
98 stars 10 forks source link

does not block #37

Closed ScreNN closed 1 year ago

ScreNN commented 1 year ago

The plugin began to skip many of the USA and beyond. Is there something wrong with the base?

notblock

PascalMinder commented 1 year ago

I can’t help you without any further information.

ScreNN commented 1 year ago

These seem to be smart bots that don't even get caught by fail2ban. But CrowdSec seems to catch them. I checked your GeoBlock, it works, but it lets these guys through. They go to 404 instead of 403 for some reason. What information can I give you?

Here's the GeoBlock settings

  # Traefik GeoBlock Plugin
    geoblock:
      plugin:
        geoblock:
          allowLocalRequests: true
          logLocalRequests: false
          logAllowedRequests: false
          logApiRequests: true
          api: "https://get.geojs.io/v1/ip/country/{ip}"
          apiTimeoutMs: 750
          cacheSize: 150
          forceMonthlyUpdate: true
          allowUnknownCountries: false
          unknownCountryApiResponse: "nil"
          countries:
            - RU
ScreNN commented 1 year ago

These are some kind of scanners. But shouldn't GeoBlock block them? scan

2scan

3scan

PascalMinder commented 1 year ago

Are those HTTP/s requests or tcp/udp requests?

ScreNN commented 1 year ago

Traefik shows that these are HTTP/2.0 (GET, POST) requests. I have UDP closed. I only have port 443 of HTTPS open.

ScreNN commented 1 year ago

I think I figured out why these guys aren't banning the plugin. They don't pass the country in headers

According to CrowdSec database, these are HTTP scanners, TCP scanners, Brut-Force, UDP scanners etc.

image

image

image

ScreNN commented 1 year ago

I think I figured it out. I should have written a fake router in traefik proxy

http:
  routers:
    catchall:
      entryPoints:
        - "https"
      # catchall rule
      rule: "PathPrefix(`/`)"
      service: unavailable
      # lowest possible priority
      # evaluated when no other router is matched
      priority: 1

  services:
    # Service that will always answer a 503 Service Unavailable response
    unavailable:
      loadBalancer:
        servers: {}
PascalMinder commented 1 year ago

Geoblock does not use the http country header. Did you have multiple routers configured?

ScreNN commented 1 year ago

Geoblock does not use the http country header. Did you have multiple routers configured?

I have different routers, I have several services open outside.

After adding a fake router, the geoblock catches the guys well, with no skips

PascalMinder commented 1 year ago

Sounds good, so I'm closing the issue.