search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
9.17k stars 472 forks source link

[APPSEC] Allow MTLS auth #3172

Open tiberiuv opened 3 months ago

tiberiuv commented 3 months ago

What would you like to be added?

Bouncers using only MTLS authentication should be allowed to send requests to appsec components

Currently a 401 is returned if a valid/registered apikey is not provided through a X-Crowdsec-Appsec-Api-Key header

Why is this needed?

Since all the other components allow authentication through MTLS so should the APPSEC one This will further simplify and secure deployments using MTLS

github-actions[bot] commented 3 months ago

@tiberiuv: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
github-actions[bot] commented 3 months ago

@tiberiuv: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
tiberiuv commented 3 months ago

/kind enhancement

LaurenceJJones commented 3 months ago

With the current code base this can be quite difficult to implement, we will keep this in mind as we knew this would be a requirement once we update the helm chart to allow something similar.

Edit: so I will be placing a milestone of 1.7 to allow us time to think about how we want to implement it

tiberiuv commented 3 months ago

Ok, thanks for looking into it !