Open Typhonragewind opened 2 years ago
I found out with the help from the CrowdSec team that the cause of this is that the GET requests for covers (such as "/cover/727" for example) are not treated as static files as they have no extension or other indication.
Describe the bug/problem This is not a problem per se of CalibreWeb, but i'm reporting this issue here in case there are ways on your end to tackle it that you may wish to implement in the future.
I have calibreweb exposed to the internet over a Nginx reverse proxy which recently got protected by CrowdSec (https://crowdsec.net/), which detects malicious behaviours by log parsing. Ever since i installed it, many times when I open my calibreweb instance, the IP from which i'm accessing it gets banned because CrowdSec thinks it is crawling non-static assets.
This is probably due to the fast loading of cover images, though CrowdSec doesn't seem to take issue with Jellyfin or PhotoPrism, which also quickly load many image assets.
Environment (please complete the following information):