search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
8.93k stars 464 forks source link

[bouncer/appsec] Nginx bouncer version goes ☁️ #3291

Open LaurenceJJones opened 4 hours ago

LaurenceJJones commented 4 hours ago

When using the appsec component, you cannot keep track of the bouncer version because the head request overrides the useragent in database

cscli bouncers list
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 Name                        IP Address     Valid  Last API pull         Type                       Version                                                                  Auth Type
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 FirewallBouncer-1650280536  127.0.0.1      ✔     2024-10-21T18:50:01Z  crowdsec-firewall-bouncer  v0.0.31-debian-pragmatic-amd64-4b99c161b2c1837d76c5fa89e1df83803dfbcc87  api-key
 crowdsec2-fw                <redacted_wan_ip>  ✔     2024-10-21T18:49:55Z  crowdsec-firewall-bouncer  v0.0.31-rpm-pragmatic-amd64-4b99c161b2c1837d76c5fa89e1df83803dfbcc87     api-key
 nginx-1667135523            127.0.0.1      ✔     2024-10-21T18:49:05Z  Go-http-client             1.1                                                                      api-key
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

When the RC actually reaches out for lapi decisions

cscli bouncers list
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 Name                        IP Address     Valid  Last API pull         Type                       Version                                                                  Auth Type
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 FirewallBouncer-1650280536  127.0.0.1      ✔     2024-10-21T18:56:51Z  crowdsec-firewall-bouncer  v0.0.31-debian-pragmatic-amd64-4b99c161b2c1837d76c5fa89e1df83803dfbcc87  api-key
 crowdsec2-fw                <redacted_wan_ip>  ✔     2024-10-21T18:56:45Z  crowdsec-firewall-bouncer  v0.0.31-rpm-pragmatic-amd64-4b99c161b2c1837d76c5fa89e1df83803dfbcc87     api-key
 nginx-1667135523            127.0.0.1      ✔     2024-10-21T18:55:45Z  crowdsec-nginx-bouncer     v1.0.8                                                                   api-key
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
github-actions[bot] commented 4 hours ago

@LaurenceJJones: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
github-actions[bot] commented 4 hours ago

@LaurenceJJones: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
LaurenceJJones commented 4 hours ago

Linked to #3287 as most likely the write to the database as the useragent is causing the appsec head request to be delayed