search

crowdsecurity / lua-cs-bouncer

MIT License
11 stars 13 forks source link

[Bug] Ignore unix socket requests #49

Closed LaurenceJJones closed 1 year ago

LaurenceJJones commented 1 year ago

Currently we check all connections including unix socket request leading to the following error

openresty   | 2023/11/03 11:15:30 [alert] 9#9: *1 [lua] crowdsec_openresty.conf:20):3: [Crowdsec] Remote addr is unix:, client: unix:, server: , request: "GET /json HTTP/1.1", host: "images"
openresty   | 2023/11/03 11:15:30 [error] 9#9: *1 lua entry thread aborted: runtime error: /usr/local/openresty/lualib/crowdsec.lua:161: attempt to index local 'ip_network_address' (a nil value)
openresty   | stack traceback:
openresty   | coroutine 0:
openresty   |   /usr/local/openresty/lualib/crowdsec.lua: in function 'item_to_string'
openresty   |   /usr/local/openresty/lualib/crowdsec.lua:395: in function 'allowIp'
openresty   |   /usr/local/openresty/lualib/crowdsec.lua:457: in function 'Allow

We should implement a check to see if remote_addr is unix

access_by_lua_block {
   local cs = require "crowdsec"
   if ngx.var.remote_addr ~= "unix:" then
      ngx.log(ngx.WARN, "[Crowdsec] Ignoring unix socket request")
   else
    cs.Allow(ngx.var.remote_addr)
   end
}
LaurenceJJones commented 1 year ago

Both lua bouncers have implemented a fix, the upstream lib doesnt need it