search

crowdsecurity / cs-cloudflare-worker-bouncer

A CrowdSec Bouncer that syncs the decisions made by CrowdSec with CloudFlare's firewall using cloudflare workers. Manages multi user, multi account, multi zone setup. Supports IP, Country and AS scoped decisions.
https://doc.crowdsec.net/docs/next/bouncers/cloudflare-workers
MIT License
3 stars 6 forks source link

Bouncer gets LAPI delete decisions but doesn't actually delete them from Cloudflare #34

Closed Staene closed 4 months ago

Staene commented 6 months ago

I've been running the bouncer for about a week and every ban is successfully initiated but only about 1/3 of them are actually deleted once the ban expires.

My log is filled with "Received x deleted decisions" but most are not followed up with "Deleted x decisions" account=xx

When I restart the bouncer, all the expired bans are deleted.

Any ideas? Screenshot of log below... there are no errors.

screenshot

Staene commented 5 months ago

I put the log into debug mode and here's an entire refresh session. It seems to know about the ban lift... but just doesn't do it.

time="19-05-2024 07:33:08" level=debug msg="No keys to write" account=xxx
time="19-05-2024 07:33:08" level=debug msg="No keys to delete" account=xxx
time="19-05-2024 07:33:08" level=info msg="Received 1 deleted decisions"
time="19-05-2024 07:33:08" level=debug msg="Response: HTTP/1.1 200 OK\r\nContent-Length: 228\r\nContent-Type: application/json; charset=utf-8\r\nDate: Sun, 19 May 2024 12:33:08 GMT\r\n\r\n{\"deleted\":[{\"duration\":\"-7.349550195s\",\"id\":4160935,\"origin\":\"crowdsec\",\"scenario\":\"crowdsecurity/http-bad-user-agent\",\"scope\":\"Ip\",\"type\":\"ban\",\"uuid\":\"058333bf-3040-4ab8-a06b-e0685f5efec1\",\"value\":\"3.215.186.30\"}],\"new\":null}"
time="19-05-2024 07:33:08" level=debug msg="[headers] Content-Length : [228]"
time="19-05-2024 07:33:08" level=debug msg="[headers] Date : [Sun, 19 May 2024 12:33:08 GMT]"
time="19-05-2024 07:33:08" level=debug msg="[headers] Content-Type : [application/json; charset=utf-8]"
time="19-05-2024 07:33:08" level=debug msg="resp-api: http 200"
time="19-05-2024 07:33:08" level=debug msg="req-api: GET http://127.0.0.1:8080/v1/decisions/stream?scopes=ip,range,as,country"
time="19-05-2024 07:33:08" level=debug msg="[URL] GET http://127.0.0.1:8080/v1/decisions/stream?scopes=ip,range,as,country"
dreary-ennui commented 5 months ago

I have also ran into this issue. You can test manually by adding a random decision with a short expiry time.

LaurenceJJones commented 4 months ago

FYI, we have merged a fix but currently our build pipelines are having an issue internally once this is resolved we will publish a new release that will be distributed to our repositories.

Staene commented 4 months ago

Thanks, all! Will the updated bouncer be put on packagecloud or should we upgrade from here?

blotus commented 4 months ago

Hello,

I thought the package was published to our repositories, but the push was never approved. I will rerun it, and the packages should be available soon.

blotus commented 4 months ago

Packages have been pushed @Staene, sorry for the delay.