search

maxlerebourg / crowdsec-bouncer-traefik-plugin

Traefik plugin for Crowdsec - WAF and IP protection
Apache License 2.0
260 stars 14 forks source link

:sparkles: add support for appsec in crowdsec #123

Closed maxlerebourg closed 10 months ago

mathieuHa commented 10 months ago

@maxlerebourg

From the logs we see that request has been stopped but in the browser the user still accessed the content:

time="2024-01-22T09:08:52Z" level=debug msg="Request has been aborted [172.18.0.1:59396 - /bar1]: net/http: abort Handler" middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2024-01-22T09:08:56Z" level=debug msg="http: superfluous response.WriteHeader call from github.com/traefik/traefik/v2/pkg/middlewares/capture.(*captureResponseWriter).WriteHeader (capture.go:184)"
time="2024-01-22T09:08:56Z" level=debug msg="Request has been aborted [172.18.0.1:59400 - /bar/rpc2]: net/http: abort Handler" middlewareType=Recovery middlewareName=traefik-internal-recovery

image

could you try with this docker-compose.yaml

version: "3.8"

services:
  traefik:
    image: "traefik:v2.10.4"
    container_name: "traefik"
    restart: unless-stopped
    command:
      - "--log.level=DEBUG"
      - "--accesslog"
      - "--accesslog.filepath=/var/log/traefik/access.log"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"

      - "--experimental.localplugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - logs-local:/var/log/traefik
      - ./:/plugins-local/src/github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
    ports:
      - 8000:80
      - 8080:8080
    depends_on:
      - crowdsec

  whoami-foo:
    image: traefik/whoami
    container_name: "simple-service-foo"
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.router-foo.rule=PathPrefix(`/foo`)"
      - "traefik.http.routers.router-foo.entrypoints=web"
      - "traefik.http.routers.router-foo.middlewares=crowdsec-foo@docker" 
      - "traefik.http.services.service-foo.loadbalancer.server.port=80"
      - "traefik.http.middlewares.crowdsec-foo.plugin.bouncer.enabled=true"
      - "traefik.http.middlewares.crowdsec-foo.plugin.bouncer.crowdseclapikey=40796d93c2958f9e58345514e67740e5="

  whoami2:
    image: traefik/whoami
    container_name: "simple-service-bar"
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.router-bar.rule=PathPrefix(`/bar`)"
      - "traefik.http.routers.router-bar.entrypoints=web"
      - "traefik.http.routers.router-bar.middlewares=crowdsec-bar@docker"
      - "traefik.http.services.service-bar.loadbalancer.server.port=80"
      - "traefik.http.middlewares.crowdsec-bar.plugin.bouncer.enabled=true"
      - "traefik.http.middlewares.crowdsec-bar.plugin.bouncer.crowdseclapikey=40796d93c2958f9e58345514e67740e5="

  crowdsec:
    image: crowdsecurity/crowdsec:dev
    container_name: "crowdsec"
    restart: unless-stopped
    environment:
      COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching
      CUSTOM_HOSTNAME: crowdsec
      BOUNCER_KEY_TRAEFIK: 40796d93c2958f9e58345514e67740e5=
    volumes:
      - ./acquis.yaml:/etc/crowdsec/acquis.yaml:ro
      - logs-local:/var/log/traefik:ro
      - crowdsec-db-local:/var/lib/crowdsec/data/
      - crowdsec-config-local:/etc/crowdsec/
    labels:
      - "traefik.enable=false"
volumes:
  logs-local:
  crowdsec-db-local:
  crowdsec-config-local:

Then Access localhost:8000/bar and then localhost:8000/bar/rpc2

mathieuHa commented 10 months ago

Adding all logs for throubleshooting

Local agent already registered
Check if lapi needs to register an additional agent
time="2024-01-22T08:58:31Z" level=info msg="hub index is up to date"
Running: cscli  collections upgrade "crowdsecurity/linux" 
time="2024-01-22T08:58:31Z" level=info msg="crowdsecurity/linux: up-to-date"
Running: cscli  parsers upgrade "crowdsecurity/whitelists" 
time="2024-01-22T08:58:31Z" level=info msg="crowdsecurity/whitelists: up-to-date"
Running: cscli  parsers install "crowdsecurity/docker-logs" 
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/docker-logs: overwrite"
time="2024-01-22T08:58:32Z" level=info msg="Enabled crowdsecurity/docker-logs"
time="2024-01-22T08:58:32Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
Running: cscli  parsers install "crowdsecurity/cri-logs" 
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/cri-logs: overwrite"
time="2024-01-22T08:58:32Z" level=info msg="Enabled crowdsecurity/cri-logs"
time="2024-01-22T08:58:32Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
Running: cscli  collections install "crowdsecurity/traefik" 
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/traefik-logs: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-logs: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-crawl-non_statics: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-probing: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-bad-user-agent: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-path-traversal-probing: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-sensitive-files: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-sqli-probing: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-xss-probing: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-backdoors-attempts: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="ltsich/http-w00tw00t: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-generic-bf: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-open-proxy: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/http_base: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/http-cve-2021-41773: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/http-cve-2021-42013: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/grafana-cve-2021-43798: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/vmware-vcenter-vmsa-2021-0027: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/fortinet-cve-2018-13379: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/pulse-secure-sslvpn-cve-2019-11510: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/f5-big-ip-cve-2020-5902: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/thinkphp-cve-2018-20062: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/apache_log4j2_cve-2021-44228: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/jira_cve-2021-26086: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/spring4shell_cve-2022-22965: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/vmware-cve-2022-22954: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-37042: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-41082: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-35914: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-40684: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-26134: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-42889: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-41697: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-46169: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-44877: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2019-18935: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/netgear_rce: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2023-22515: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2023-22518: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2023-49103: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/http-cve: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/http-cve: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/base-http-scenarios: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/base-http-scenarios: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/traefik: overwrite"
time="2024-01-22T08:58:33Z" level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists."
time="2024-01-22T08:58:33Z" level=info msg="Enabled collections: crowdsecurity/http-cve"
time="2024-01-22T08:58:33Z" level=info msg="/etc/crowdsec/collections/base-http-scenarios.yaml already exists."
time="2024-01-22T08:58:33Z" level=info msg="Enabled collections: crowdsecurity/base-http-scenarios"
time="2024-01-22T08:58:33Z" level=info msg="/etc/crowdsec/collections/traefik.yaml already exists."
time="2024-01-22T08:58:33Z" level=info msg="Enabled collections: crowdsecurity/traefik"
time="2024-01-22T08:58:33Z" level=info msg="Enabled crowdsecurity/traefik"
time="2024-01-22T08:58:33Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
Running: cscli  collections install "crowdsecurity/appsec-virtual-patching" 
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/appsec-logs: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled parsers: crowdsecurity/appsec-logs"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/appsec-vpatch: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled scenarios: crowdsecurity/appsec-vpatch"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/virtual-patching: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-configs: crowdsecurity/virtual-patching"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/base-config: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/base-config"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-env-access: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-env-access"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-40044: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-40044"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2017-9841: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2017-9841"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2020-11738: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2020-11738"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2022-27926: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-27926"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2022-35914: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-35914"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2022-46169: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-46169"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-20198: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-20198"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-22515: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-22515"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-33617: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-33617"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-34362: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-34362"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-3519: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-3519"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-42793: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-42793"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-50164: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-50164"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-38205: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-38205"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-24489: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-24489"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2021-3129: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2021-3129"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2021-22941: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2021-22941"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2019-12989: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2019-12989"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2022-44877: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-44877"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2018-10562: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2018-10562"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-6553: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6553"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2018-1000861: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2018-1000861"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2019-1003030: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2019-1003030"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2022-22965: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-22965"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-23752: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23752"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-49070: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-49070"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-laravel-debug-mode: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-laravel-debug-mode"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-28121: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-28121"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2020-17496: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2020-17496"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-1389: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-1389"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-7028: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-7028"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-46805: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-46805"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/appsec-virtual-patching: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled collections: crowdsecurity/appsec-virtual-patching"
time="2024-01-22T08:58:34Z" level=info msg="Enabled crowdsecurity/appsec-virtual-patching"
time="2024-01-22T08:58:34Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
time="2024-01-22T08:58:34Z" level=info msg="Enabled feature flags: <none>"
time="2024-01-22T08:58:34Z" level=info msg="Crowdsec v1.5.6-rc11-6-g19d36c0f-19d36c0f"
time="2024-01-22T08:58:34Z" level=info msg="Loading prometheus collectors"
time="2024-01-22T08:58:34Z" level=info msg="Loading CAPI manager"
time="2024-01-22T08:58:35Z" level=info msg="CAPI manager configured successfully"
time="2024-01-22T08:58:35Z" level=error msg="Machine is not enrolled in the console, can't synchronize with the console"
time="2024-01-22T08:58:35Z" level=info msg="Start push to CrowdSec Central API (interval: 17s once, then 10s)"
time="2024-01-22T08:58:35Z" level=info msg="Start sending metrics to CrowdSec Central API (interval: 32m11s once, then 30m0s)"
time="2024-01-22T08:58:35Z" level=info msg="CrowdSec Local API listening on [::]:8080"
time="2024-01-22T08:58:35Z" level=warning msg="scenario list is empty, will not pull yet"
time="2024-01-22T08:58:35Z" level=info msg="capi metrics: sending"
time="2024-01-22T08:58:35Z" level=info msg="Loading grok library /etc/crowdsec/patterns"
time="2024-01-22T08:58:36Z" level=info msg="Loading enrich plugins"
time="2024-01-22T08:58:36Z" level=info msg="Successfully registered enricher 'GeoIpCity'"
time="2024-01-22T08:58:36Z" level=info msg="Successfully registered enricher 'GeoIpASN'"
time="2024-01-22T08:58:36Z" level=info msg="Successfully registered enricher 'IpToRange'"
time="2024-01-22T08:58:36Z" level=info msg="Successfully registered enricher 'reverse_dns'"
time="2024-01-22T08:58:36Z" level=info msg="Successfully registered enricher 'ParseDate'"
time="2024-01-22T08:58:36Z" level=info msg="Successfully registered enricher 'UnmarshalJSON'"
time="2024-01-22T08:58:36Z" level=info msg="Loading parsers from 10 files"
time="2024-01-22T08:58:36Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/cri-logs.yaml stage=s00-raw
time="2024-01-22T08:58:36Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/docker-logs.yaml stage=s00-raw
time="2024-01-22T08:58:36Z" level=info msg="Loaded 2 parser nodes" file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml stage=s00-raw
time="2024-01-22T08:58:36Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/appsec-logs.yaml stage=s01-parse
time="2024-01-22T08:58:36Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml stage=s01-parse
time="2024-01-22T08:58:37Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/traefik-logs.yaml stage=s01-parse
time="2024-01-22T08:58:37Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml stage=s02-enrich
time="2024-01-22T08:58:37Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml stage=s02-enrich
time="2024-01-22T08:58:37Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/http-logs.yaml stage=s02-enrich
time="2024-01-22T08:58:37Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml stage=s02-enrich
time="2024-01-22T08:58:37Z" level=info msg="Loaded 11 nodes from 3 stages"
time="2024-01-22T08:58:37Z" level=info msg="No postoverflow parsers to load"
time="2024-01-22T08:58:37Z" level=info msg="Loading 40 scenario files"
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=throbbing-thunder name=crowdsecurity/http-cve-2021-42013
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=lingering-silence name=crowdsecurity/fortinet-cve-2022-40684
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=green-water name=crowdsecurity/spring4shell_cve-2022-22965
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=nameless-shadow name=crowdsecurity/http-probing
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=throbbing-firefly name=crowdsecurity/CVE-2022-26134
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=delicate-dew name=crowdsecurity/http-bad-user-agent
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=weathered-voice name=crowdsecurity/http-path-traversal-probing
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=billowing-cherry name=crowdsecurity/vmware-cve-2022-22954
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=lively-sky name=crowdsecurity/appsec-vpatch
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=withered-wood name=crowdsecurity/CVE-2023-22515
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=wispy-frost name=crowdsecurity/jira_cve-2021-26086
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=sparkling-night name=crowdsecurity/CVE-2022-42889
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=morning-glitter name=crowdsecurity/CVE-2022-41082
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=twilight-bush name=crowdsecurity/f5-big-ip-cve-2020-5902
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=wispy-star name=crowdsecurity/CVE-2022-35914
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=quiet-breeze name=ltsich/http-w00tw00t
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=damp-surf name=crowdsecurity/CVE-2022-41697
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=restless-river name=crowdsecurity/ssh-bf
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=dry-tree name=crowdsecurity/ssh-bf_user-enum
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=twilight-cherry name=crowdsecurity/thinkphp-cve-2018-20062
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=summer-sun name=crowdsecurity/CVE-2022-46169-bf
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=spring-breeze name=crowdsecurity/CVE-2022-46169-cmd
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=purple-sun name=crowdsecurity/CVE-2022-37042
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=dry-snow name=crowdsecurity/CVE-2023-49103
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=morning-sky name=crowdsecurity/http-backdoors-attempts
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=weathered-bush name=crowdsecurity/fortinet-cve-2018-13379
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=twilight-dream name=crowdsecurity/netgear_rce
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=solitary-sea name=crowdsecurity/vmware-vcenter-vmsa-2021-0027
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=solitary-bird name=crowdsecurity/grafana-cve-2021-43798
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=delicate-shape name=crowdsecurity/apache_log4j2_cve-2021-44228
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=old-grass name=crowdsecurity/CVE-2023-22518
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=bitter-forest name=crowdsecurity/http-xss-probbing
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=twilight-pine name=crowdsecurity/CVE-2019-18935
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=cold-sea name=crowdsecurity/pulse-secure-sslvpn-cve-2019-11510
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=purple-haze name=crowdsecurity/http-generic-bf
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=summer-grass name=LePresidente/http-generic-401-bf
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=nameless-bush name=LePresidente/http-generic-403-bf
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=muddy-violet name=crowdsecurity/ssh-slow-bf
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=quiet-firefly name=crowdsecurity/ssh-slow-bf_user-enum
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=damp-water name=crowdsecurity/http-sensitive-files
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=green-rain name=crowdsecurity/http-open-proxy
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=bitter-field name=crowdsecurity/http-cve-2021-41773
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=little-sunset name=crowdsecurity/CVE-2022-44877
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=ancient-feather name=crowdsecurity/http-sqli-probbing-detection
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=damp-frog name=crowdsecurity/http-crawl-non_statics
time="2024-01-22T08:58:37Z" level=info msg="Loaded 45 scenarios"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22515 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-24489 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-49070 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22965 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-35914 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-44877 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-46169 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-46805 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/base-config to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-17496 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-27926 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-20198 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-env-access to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-laravel-debug-mode to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-10562 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-11738 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-3519 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-38205 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-34362 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-1003030 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23752 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-28121 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-33617 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-1389 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-7028 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2017-9841 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-1000861 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-12989 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-22941 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-50164 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6553 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-3129 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-40044 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-42793 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="loading acquisition file : /etc/crowdsec/acquis.yaml"
time="2024-01-22T08:58:37Z" level=info msg="Adding file /var/log/traefik/access.log to datasources" type=file
time="2024-01-22T08:58:37Z" level=info msg="Cache duration for auth not set, using default: 1m0s" name=myAppSecComponent type=appsec
time="2024-01-22T08:58:37Z" level=info msg="loading /etc/crowdsec/appsec-configs/virtual-patching.yaml" component=appsec_config name=myAppSecComponent type=appsec
time="2024-01-22T08:58:37Z" level=info msg="Loaded 0 outofband rules" component=appsec_config name=crowdsecurity/virtual-patching type=appsec
time="2024-01-22T08:58:37Z" level=info msg="loading inband rule crowdsecurity/base-config" component=appsec_config name=crowdsecurity/virtual-patching type=appsec
time="2024-01-22T08:58:37Z" level=info msg="loading inband rule crowdsecurity/vpatch-*" component=appsec_config name=crowdsecurity/virtual-patching type=appsec
time="2024-01-22T08:58:37Z" level=info msg="Loaded 34 inband rules" component=appsec_config name=crowdsecurity/virtual-patching type=appsec
time="2024-01-22T08:58:37Z" level=info msg="Created 1 appsec runners" name=myAppSecComponent type=appsec
time="2024-01-22T08:58:37Z" level=info msg="Starting processing data"
time="2024-01-22T08:58:37Z" level=info msg="1 appsec runner to start" name=myAppSecComponent type=appsec
time="2024-01-22T08:58:37Z" level=info msg="Starting Appsec server on 0.0.0.0:7422/" name=myAppSecComponent type=appsec
time="2024-01-22T08:58:37Z" level=info msg="Appsec Runner ready to process event" name=myAppSecComponent runner_uuid=1f3c6c20-143a-4e01-8682-1f14daeaf210 type=appsec
time="2024-01-22T08:58:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 08:58:37 UTC] \"POST /v1/watchers/login HTTP/1.1 200 166.118562ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T08:58:37Z" level=info msg="Starting community-blocklist update"
time="2024-01-22T08:58:37Z" level=info msg="capi/community-blocklist : 0 explicit deletions"
time="2024-01-22T08:58:37Z" level=info msg="capi/community-blocklist : received 0 new entries (expected if you just installed crowdsec)"
time="2024-01-22T08:58:37Z" level=info msg="Start pull from CrowdSec Central API (interval: 1h55m54s once, then 2h0m0s)"
time="2024-01-22T08:59:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 08:59:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.473975ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:00:12Z" level=info msg="172.18.0.5 - [Mon, 22 Jan 2024 09:00:12 UTC] \"GET /v1/decisions?ip=172.18.0.1&banned=true HTTP/1.1 200 13.409644ms \"Go-http-client/1.1\" \""
time="2024-01-22T09:00:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:00:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 3.978085ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:01:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:01:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.168075ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:02:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:02:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.254481ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:03:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:03:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.377162ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:04:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:04:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 3.385453ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:05:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:05:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.385656ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:06:06Z" level=info msg="172.18.0.5 - [Mon, 22 Jan 2024 09:06:06 UTC] \"GET /v1/decisions?ip=172.18.0.1&banned=true HTTP/1.1 200 10.790282ms \"Go-http-client/1.1\" \""
time="2024-01-22T09:06:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:06:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 5.017045ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:07:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:07:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 4.654186ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:08:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:08:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.331145ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:08:50Z" level=info msg="172.18.0.5 - [Mon, 22 Jan 2024 09:08:50 UTC] \"GET /v1/decisions?ip=172.18.0.1&banned=true HTTP/1.1 200 10.012428ms \"Go-http-client/1.1\" \""
time="2024-01-22T09:09:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:09:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.350788ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:10:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:10:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 10.126224ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:11:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:11:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.279352ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:12:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:12:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 9.617403ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:13:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:13:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 9.658866ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:14:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:14:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.560704ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:15:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:15:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.333618ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:16:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:16:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 9.692398ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:17:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:17:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.747194ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:18:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:18:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.315339ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:19:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:19:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.937498ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:20:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:20:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.744084ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:21:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:21:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 9.474947ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:22:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:22:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.348799ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:23:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:23:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.178648ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:24:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:24:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 9.153543ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:25:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:25:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.802811ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:26:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:26:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.610297ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
mathieuHa commented 10 months ago

Posting Traefik logs as requested:

time="2024-01-22T08:58:31Z" level=info msg="Configuration loaded from flags."
time="2024-01-22T08:58:31Z" level=info msg="Traefik version 2.10.4 built on 2023-07-24T16:29:02Z"
time="2024-01-22T08:58:31Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"accessLog\":{\"filePath\":\"/var/log/traefik/access.log\",\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"experimental\":{\"localPlugins\":{\"bouncer\":{\"moduleName\":\"github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin\"}}}}"
time="2024-01-22T08:58:31Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2024-01-22T08:58:31Z" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2024-01-22T08:58:31Z" level=debug msg="Starting TCP Server" entryPointName=web
time="2024-01-22T08:58:31Z" level=debug msg="Starting TCP Server" entryPointName=traefik
time="2024-01-22T08:58:31Z" level=info msg="Starting provider *traefik.Provider"
time="2024-01-22T08:58:31Z" level=debug msg="*traefik.Provider provider configuration: {}"
time="2024-01-22T08:58:31Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2024-01-22T08:58:31Z" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
time="2024-01-22T08:58:31Z" level=info msg="Starting provider *docker.Provider"
time="2024-01-22T08:58:31Z" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2024-01-22T08:58:31Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/(\\\\[[\\\\w:.]+\\\\]|[\\\\w\\\\._-]+)(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
time="2024-01-22T08:58:31Z" level=debug msg="Provider connection established with docker 25.0.0 (API 1.44)" providerName=docker
time="2024-01-22T08:58:31Z" level=debug msg="Filtering disabled container" container=traefik-crowdsec-bouncer-traefik-plugin-7a54733af5bf84ebe255789408f54d760eca99e70d7a00862f46b77987ec5cc6 providerName=docker
time="2024-01-22T08:58:31Z" level=debug msg="Filtering disabled container" providerName=docker container=crowdsec-crowdsec-bouncer-traefik-plugin-48b58711b1f80ab2bc80456b0eb2cbbbecca4066fb701c634144b46347c738a1
time="2024-01-22T08:58:31Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"router-bar\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"crowdsec-bar@docker\"],\"service\":\"service-bar\",\"rule\":\"Path(`/bar`)\"},\"router-foo\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"crowdsec-foo@docker\"],\"service\":\"service-foo\",\"rule\":\"Path(`/foo`)\"}},\"services\":{\"service-bar\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.2:80\"}],\"passHostHeader\":true}},\"service-foo\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.3:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"crowdsec-bar\":{\"plugin\":{\"bouncer\":{\"crowdseclapikey\":\"40796d93c2958f9e58345514e67740e5=\",\"enabled\":\"true\"}}},\"crowdsec-foo\":{\"plugin\":{\"bouncer\":{\"crowdseclapikey\":\"40796d93c2958f9e58345514e67740e5=\",\"enabled\":\"true\"}}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2024-01-22T08:58:31Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2024-01-22T08:58:31Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareType=TracingForwarder middlewareName=tracing
time="2024-01-22T08:58:31Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2024-01-22T08:58:31Z" level=debug msg="Creating middleware" middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T08:58:31Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2024-01-22T08:58:31Z" level=debug msg="Creating middleware" middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2024-01-22T08:58:31Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T08:58:31Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal entryPointName=traefik
time="2024-01-22T08:58:31Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2024-01-22T08:58:32Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2024-01-22T08:58:32Z" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining entryPointName=web routerName=router-bar@docker serviceName=service-bar
time="2024-01-22T08:58:32Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=router-bar@docker serviceName=service-bar
time="2024-01-22T08:58:32Z" level=debug msg="Creating server 0 http://172.18.0.2:80" serviceName=service-bar serverName=0 entryPointName=web routerName=router-bar@docker
time="2024-01-22T08:58:32Z" level=debug msg="child http://172.18.0.2:80 now UP"
time="2024-01-22T08:58:32Z" level=debug msg="Propagating new UP status"
time="2024-01-22T08:58:32Z" level=debug msg="Added outgoing tracing middleware service-bar" routerName=router-bar@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
time="2024-01-22T08:58:32Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=router-bar@docker middlewareName=crowdsec-bar@docker
time="2024-01-22T08:58:32Z" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining entryPointName=web routerName=router-foo@docker serviceName=service-foo
time="2024-01-22T08:58:32Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=router-foo@docker serviceName=service-foo
time="2024-01-22T08:58:32Z" level=debug msg="Creating server 0 http://172.18.0.3:80" routerName=router-foo@docker serviceName=service-foo serverName=0 entryPointName=web
time="2024-01-22T08:58:32Z" level=debug msg="child http://172.18.0.3:80 now UP"
time="2024-01-22T08:58:32Z" level=debug msg="Propagating new UP status"
time="2024-01-22T08:58:32Z" level=debug msg="Added outgoing tracing middleware service-foo" entryPointName=web routerName=router-foo@docker middlewareName=tracing middlewareType=TracingForwarder
time="2024-01-22T08:58:32Z" level=debug msg="Adding tracing to middleware" middlewareName=crowdsec-foo@docker entryPointName=web routerName=router-foo@docker
time="2024-01-22T08:58:32Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web
time="2024-01-22T08:58:32Z" level=debug msg="Added outgoing tracing middleware api@internal" routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2024-01-22T08:58:32Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T08:58:32Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix
time="2024-01-22T08:58:32Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
time="2024-01-22T08:58:32Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2024-01-22T08:58:32Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T08:58:32Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T08:58:32Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2024-01-22T09:08:31Z" level=warning msg="A new release has been found: 2.10.7. Please consider updating."
time="2024-01-22T09:08:43Z" level=debug msg="Provider event received {Status:die ID:f2eb5e8f59475dfe6a83d61e54183d85fe76cbfc4a3478bf343bd4a89c9b1ddc From:traefik/whoami Type:container Action:die Actor:{ID:f2eb5e8f59475dfe6a83d61e54183d85fe76cbfc4a3478bf343bd4a89c9b1ddc Attributes:map[com.docker.compose.config-hash:1d9670428e501540db04b42b79d1a0b90bfe135db92c12a2ad7452b2843515f3 com.docker.compose.container-number:1 com.docker.compose.depends_on: com.docker.compose.image:sha256:9807740ea1ff6522e8d61ee199243d524a9f39acdfe4d309a3a9176222ded850 com.docker.compose.oneoff:False com.docker.compose.project:crowdsec-bouncer-traefik-plugin com.docker.compose.project.config_files:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin/docker-compose.local.yml com.docker.compose.project.working_dir:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin com.docker.compose.service:whoami2 com.docker.compose.version:2.24.1 execDuration:806 exitCode:2 image:traefik/whoami name:simple-service-bar org.opencontainers.image.created:2023-07-12T14:02:18Z org.opencontainers.image.description:Tiny Go webserver that prints OS information and HTTP request to output org.opencontainers.image.documentation:https://github.com/traefik/whoami org.opencontainers.image.revision:87f25fc35b3e9051117dddfd11bbae5fbc986581 org.opencontainers.image.source:https://github.com/traefik/whoami org.opencontainers.image.title:whoami org.opencontainers.image.url:https://github.com/traefik/whoami org.opencontainers.image.version:1.10.1 traefik.enable:true traefik.http.middlewares.crowdsec-bar.plugin.bouncer.crowdseclapikey:40796d93c2958f9e58345514e67740e5= traefik.http.middlewares.crowdsec-bar.plugin.bouncer.enabled:true traefik.http.routers.router-bar.entrypoints:web traefik.http.routers.router-bar.middlewares:crowdsec-bar@docker traefik.http.routers.router-bar.rule:Path(`/bar`) traefik.http.services.service-bar.loadbalancer.server.port:80]} Scope:local Time:1705914523 TimeNano:1705914523051934632}" providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-crowdsec-bouncer-traefik-plugin-7a54733af5bf84ebe255789408f54d760eca99e70d7a00862f46b77987ec5cc6
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" providerName=docker container=crowdsec-crowdsec-bouncer-traefik-plugin-48b58711b1f80ab2bc80456b0eb2cbbbecca4066fb701c634144b46347c738a1
time="2024-01-22T09:08:43Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Provider event received {Status:die ID:74a54d211d7fcaf1053e54f2499c41e24661bef2fddb5bc73eaad8b904016ae7 From:traefik/whoami Type:container Action:die Actor:{ID:74a54d211d7fcaf1053e54f2499c41e24661bef2fddb5bc73eaad8b904016ae7 Attributes:map[com.docker.compose.config-hash:2d836820e1bc22630c50f628cc6963b85d2aad390955a51a70e2f696a8da8f95 com.docker.compose.container-number:1 com.docker.compose.depends_on: com.docker.compose.image:sha256:9807740ea1ff6522e8d61ee199243d524a9f39acdfe4d309a3a9176222ded850 com.docker.compose.oneoff:False com.docker.compose.project:crowdsec-bouncer-traefik-plugin com.docker.compose.project.config_files:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin/docker-compose.local.yml com.docker.compose.project.working_dir:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin com.docker.compose.service:whoami-foo com.docker.compose.version:2.24.1 execDuration:806 exitCode:2 image:traefik/whoami name:simple-service-foo org.opencontainers.image.created:2023-07-12T14:02:18Z org.opencontainers.image.description:Tiny Go webserver that prints OS information and HTTP request to output org.opencontainers.image.documentation:https://github.com/traefik/whoami org.opencontainers.image.revision:87f25fc35b3e9051117dddfd11bbae5fbc986581 org.opencontainers.image.source:https://github.com/traefik/whoami org.opencontainers.image.title:whoami org.opencontainers.image.url:https://github.com/traefik/whoami org.opencontainers.image.version:1.10.1 traefik.enable:true traefik.http.middlewares.crowdsec-foo.plugin.bouncer.crowdseclapikey:40796d93c2958f9e58345514e67740e5= traefik.http.middlewares.crowdsec-foo.plugin.bouncer.enabled:true traefik.http.routers.router-foo.entrypoints:web traefik.http.routers.router-foo.middlewares:crowdsec-foo@docker traefik.http.routers.router-foo.rule:Path(`/foo`) traefik.http.services.service-foo.loadbalancer.server.port:80]} Scope:local Time:1705914523 TimeNano:1705914523146452856}" providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-crowdsec-bouncer-traefik-plugin-7a54733af5bf84ebe255789408f54d760eca99e70d7a00862f46b77987ec5cc6
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" providerName=docker container=crowdsec-crowdsec-bouncer-traefik-plugin-48b58711b1f80ab2bc80456b0eb2cbbbecca4066fb701c634144b46347c738a1
time="2024-01-22T09:08:43Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2024-01-22T09:08:43Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2024-01-22T09:08:43Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder routerName=dashboard@internal entryPointName=traefik middlewareName=tracing
time="2024-01-22T09:08:43Z" level=debug msg="Creating middleware" middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2024-01-22T09:08:43Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
time="2024-01-22T09:08:43Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex
time="2024-01-22T09:08:43Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex
time="2024-01-22T09:08:43Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal entryPointName=traefik
time="2024-01-22T09:08:43Z" level=debug msg="Creating middleware" middlewareType=Recovery middlewareName=traefik-internal-recovery entryPointName=traefik
time="2024-01-22T09:08:43Z" level=debug msg="Provider event received {Status:start ID:3465ef2bb99da683101ef56c43ba12743892e3bb0688d8a53106f4471cb3ed0b From:traefik/whoami Type:container Action:start Actor:{ID:3465ef2bb99da683101ef56c43ba12743892e3bb0688d8a53106f4471cb3ed0b Attributes:map[com.docker.compose.config-hash:12d1dbf7de4b82386b5d563f01bd69290eaebd6b3f3246cb1b3399a1df604174 com.docker.compose.container-number:1 com.docker.compose.depends_on: com.docker.compose.image:sha256:9807740ea1ff6522e8d61ee199243d524a9f39acdfe4d309a3a9176222ded850 com.docker.compose.oneoff:False com.docker.compose.project:crowdsec-bouncer-traefik-plugin com.docker.compose.project.config_files:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin/docker-compose.local.yml com.docker.compose.project.working_dir:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin com.docker.compose.replace:f2eb5e8f59475dfe6a83d61e54183d85fe76cbfc4a3478bf343bd4a89c9b1ddc com.docker.compose.service:whoami2 com.docker.compose.version:2.24.1 image:traefik/whoami name:simple-service-bar org.opencontainers.image.created:2023-07-12T14:02:18Z org.opencontainers.image.description:Tiny Go webserver that prints OS information and HTTP request to output org.opencontainers.image.documentation:https://github.com/traefik/whoami org.opencontainers.image.revision:87f25fc35b3e9051117dddfd11bbae5fbc986581 org.opencontainers.image.source:https://github.com/traefik/whoami org.opencontainers.image.title:whoami org.opencontainers.image.url:https://github.com/traefik/whoami org.opencontainers.image.version:1.10.1 traefik.enable:true traefik.http.middlewares.crowdsec-bar.plugin.bouncer.crowdseclapikey:40796d93c2958f9e58345514e67740e5= traefik.http.middlewares.crowdsec-bar.plugin.bouncer.enabled:true traefik.http.routers.router-bar.entrypoints:web traefik.http.routers.router-bar.middlewares:crowdsec-bar@docker traefik.http.routers.router-bar.rule:PathPrefix(`/bar`) traefik.http.services.service-bar.loadbalancer.server.port:80]} Scope:local Time:1705914523 TimeNano:1705914523783818224}" providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" container=traefik-crowdsec-bouncer-traefik-plugin-7a54733af5bf84ebe255789408f54d760eca99e70d7a00862f46b77987ec5cc6 providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" providerName=docker container=crowdsec-crowdsec-bouncer-traefik-plugin-48b58711b1f80ab2bc80456b0eb2cbbbecca4066fb701c634144b46347c738a1
time="2024-01-22T09:08:43Z" level=debug msg="Provider event received {Status:start ID:91c998b3049d25d29b3a8a7bd3a805b865e8807891d64cf73786ce086543c736 From:traefik/whoami Type:container Action:start Actor:{ID:91c998b3049d25d29b3a8a7bd3a805b865e8807891d64cf73786ce086543c736 Attributes:map[com.docker.compose.config-hash:5873a543a73786aef2cbc65dbcc346b3b0bd940615596e2546a48ea5c82093b9 com.docker.compose.container-number:1 com.docker.compose.depends_on: com.docker.compose.image:sha256:9807740ea1ff6522e8d61ee199243d524a9f39acdfe4d309a3a9176222ded850 com.docker.compose.oneoff:False com.docker.compose.project:crowdsec-bouncer-traefik-plugin com.docker.compose.project.config_files:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin/docker-compose.local.yml com.docker.compose.project.working_dir:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin com.docker.compose.replace:74a54d211d7fcaf1053e54f2499c41e24661bef2fddb5bc73eaad8b904016ae7 com.docker.compose.service:whoami-foo com.docker.compose.version:2.24.1 image:traefik/whoami name:simple-service-foo org.opencontainers.image.created:2023-07-12T14:02:18Z org.opencontainers.image.description:Tiny Go webserver that prints OS information and HTTP request to output org.opencontainers.image.documentation:https://github.com/traefik/whoami org.opencontainers.image.revision:87f25fc35b3e9051117dddfd11bbae5fbc986581 org.opencontainers.image.source:https://github.com/traefik/whoami org.opencontainers.image.title:whoami org.opencontainers.image.url:https://github.com/traefik/whoami org.opencontainers.image.version:1.10.1 traefik.enable:true traefik.http.middlewares.crowdsec-foo.plugin.bouncer.crowdseclapikey:40796d93c2958f9e58345514e67740e5= traefik.http.middlewares.crowdsec-foo.plugin.bouncer.enabled:true traefik.http.routers.router-foo.entrypoints:web traefik.http.routers.router-foo.middlewares:crowdsec-foo@docker traefik.http.routers.router-foo.rule:PathPrefix(`/foo`) traefik.http.services.service-foo.loadbalancer.server.port:80]} Scope:local Time:1705914523 TimeNano:1705914523784911166}" providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" container=traefik-crowdsec-bouncer-traefik-plugin-7a54733af5bf84ebe255789408f54d760eca99e70d7a00862f46b77987ec5cc6 providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" providerName=docker container=crowdsec-crowdsec-bouncer-traefik-plugin-48b58711b1f80ab2bc80456b0eb2cbbbecca4066fb701c634144b46347c738a1
time="2024-01-22T09:08:45Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"router-bar\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"crowdsec-bar@docker\"],\"service\":\"service-bar\",\"rule\":\"PathPrefix(`/bar`)\"},\"router-foo\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"crowdsec-foo@docker\"],\"service\":\"service-foo\",\"rule\":\"PathPrefix(`/foo`)\"}},\"services\":{\"service-bar\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.2:80\"}],\"passHostHeader\":true}},\"service-foo\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.3:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"crowdsec-bar\":{\"plugin\":{\"bouncer\":{\"crowdseclapikey\":\"40796d93c2958f9e58345514e67740e5=\",\"enabled\":\"true\"}}},\"crowdsec-foo\":{\"plugin\":{\"bouncer\":{\"crowdseclapikey\":\"40796d93c2958f9e58345514e67740e5=\",\"enabled\":\"true\"}}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2024-01-22T09:08:45Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2024-01-22T09:08:45Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=web routerName=router-foo@docker serviceName=service-foo middlewareName=pipelining
time="2024-01-22T09:08:45Z" level=debug msg="Creating load-balancer" routerName=router-foo@docker serviceName=service-foo entryPointName=web
time="2024-01-22T09:08:45Z" level=debug msg="Creating server 0 http://172.18.0.3:80" serviceName=service-foo serverName=0 entryPointName=web routerName=router-foo@docker
time="2024-01-22T09:08:45Z" level=debug msg="child http://172.18.0.3:80 now UP"
time="2024-01-22T09:08:45Z" level=debug msg="Propagating new UP status"
time="2024-01-22T09:08:45Z" level=debug msg="Added outgoing tracing middleware service-foo" middlewareName=tracing middlewareType=TracingForwarder routerName=router-foo@docker entryPointName=web
time="2024-01-22T09:08:45Z" level=debug msg="Adding tracing to middleware" middlewareName=crowdsec-foo@docker entryPointName=web routerName=router-foo@docker
time="2024-01-22T09:08:45Z" level=debug msg="Creating middleware" routerName=router-bar@docker serviceName=service-bar middlewareName=pipelining middlewareType=Pipelining entryPointName=web
time="2024-01-22T09:08:45Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=router-bar@docker serviceName=service-bar
time="2024-01-22T09:08:45Z" level=debug msg="Creating server 0 http://172.18.0.2:80" serverName=0 entryPointName=web routerName=router-bar@docker serviceName=service-bar
time="2024-01-22T09:08:45Z" level=debug msg="child http://172.18.0.2:80 now UP"
time="2024-01-22T09:08:45Z" level=debug msg="Propagating new UP status"
time="2024-01-22T09:08:45Z" level=debug msg="Added outgoing tracing middleware service-bar" entryPointName=web routerName=router-bar@docker middlewareName=tracing middlewareType=TracingForwarder
time="2024-01-22T09:08:45Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=router-bar@docker middlewareName=crowdsec-bar@docker
time="2024-01-22T09:08:45Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2024-01-22T09:08:45Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2024-01-22T09:08:45Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal middlewareName=tracing
time="2024-01-22T09:08:45Z" level=debug msg="Creating middleware" middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2024-01-22T09:08:45Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2024-01-22T09:08:45Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T09:08:45Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik
time="2024-01-22T09:08:45Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T09:08:45Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=traefik
time="2024-01-22T09:08:52Z" level=debug msg="http: superfluous response.WriteHeader call from github.com/traefik/traefik/v2/pkg/middlewares/capture.(*captureResponseWriter).WriteHeader (capture.go:184)"
time="2024-01-22T09:08:52Z" level=debug msg="Request has been aborted [172.18.0.1:59396 - /bar1]: net/http: abort Handler" middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2024-01-22T09:08:56Z" level=debug msg="http: superfluous response.WriteHeader call from github.com/traefik/traefik/v2/pkg/middlewares/capture.(*captureResponseWriter).WriteHeader (capture.go:184)"
time="2024-01-22T09:08:56Z" level=debug msg="Request has been aborted [172.18.0.1:59400 - /bar/rpc2]: net/http: abort Handler" middlewareType=Recovery middlewareName=traefik-internal-recovery
``
in debug mode:

time="2024-01-22T09:34:00Z" level=debug msg="Added outgoing tracing middleware service-bar" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=router-bar@docker DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 No IP provided for ForwardedHeadersTrustedIPs DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 No IP provided for ClientTrustedIPs DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 cache:New initialized isRedis:false DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 New initialized mode:live time="2024-01-22T09:34:00Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=router-bar@docker middlewareName=crowdsec-bar@docker time="2024-01-22T09:34:00Z" level=debug msg="Creating middleware" routerName=router-foo@docker entryPointName=web serviceName=service-foo middlewareName=pipelining middlewareType=Pipelining time="2024-01-22T09:34:00Z" level=debug msg="Creating load-balancer" routerName=router-foo@docker entryPointName=web serviceName=service-foo time="2024-01-22T09:34:00Z" level=debug msg="Creating server 0 http://172.18.0.3:80" serviceName=service-foo routerName=router-foo@docker entryPointName=web serverName=0 time="2024-01-22T09:34:00Z" level=debug msg="child http://172.18.0.3:80 now UP" time="2024-01-22T09:34:00Z" level=debug msg="Propagating new UP status" time="2024-01-22T09:34:00Z" level=debug msg="Added outgoing tracing middleware service-foo" entryPointName=web routerName=router-foo@docker middlewareName=tracing middlewareType=TracingForwarder DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 No IP provided for ForwardedHeadersTrustedIPs DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 No IP provided for ClientTrustedIPs DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 cache:New initialized isRedis:false DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 New initialized mode:live time="2024-01-22T09:34:00Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=router-foo@docker middlewareName=crowdsec-foo@docker time="2024-01-22T09:34:00Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web time="2024-01-22T09:34:00Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal middlewareName=tracing time="2024-01-22T09:34:00Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix time="2024-01-22T09:34:00Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal time="2024-01-22T09:34:00Z" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboardredirect@internal middlewareType=RedirectRegex entryPointName=traefik time="2024-01-22T09:34:00Z" level=debug msg="Setting up redirection from ^(http:\/\/(\[[\w:.]+\]|[\w\.-]+)(:\d+)?)\/$ to ${1}/dashboard/" middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal time="2024-01-22T09:34:00Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal time="2024-01-22T09:34:00Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareType=TracingForwarder routerName=api@internal entryPointName=traefik middlewareName=tracing time="2024-01-22T09:34:00Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=traefik DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:08 ServeHTTP ip:172.18.0.1 isTrusted:false DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:08 cache:GetDecision ip:172.18.0.1 DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:08 ServeHTTP:getDecision ip:172.18.0.1 isBanned:false cache:miss DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:08 cache:SetDecision ip:172.18.0.1 isBanned:false duration:60s

mathieuHa commented 10 months ago

After enabling appsec, first call looks blocked but then something weird happen and logs are not "normal"

DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:38 ServeHTTP ip:172.18.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:38 cache:GetDecision ip:172.18.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:38 ServeHTTP:getDecision ip:172.18.0.1 isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:38 cache:SetDecision ip:172.18.0.1 isBanned:false duration:60s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:38 handleNextServeHTTP ip:172.18.0.1 isWaf:true appsecQuery statusCode:403
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:49 ServeHTTP ip:172.18.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:49 cache:GetDecision ip:172.18.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:49 ServeHTTP ip:172.18.0.1 cache:hit isBanned:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:49 handleNextServeHTTP ip:172.18.0.1 isWaf:true appsecQuery statusCode:403
time="2024-01-22T09:37:49Z" level=debug msg="http: superfluous response.WriteHeader call from github.com/traefik/traefik/v2/pkg/middlewares/capture.(*captureResponseWriter).WriteHeader (capture.go:184)"
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:56 ServeHTTP ip:172.18.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:56 cache:GetDecision ip:172.18.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:56 ServeHTTP ip:172.18.0.1 cache:hit isBanned:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:56 handleNextServeHTTP ip:172.18.0.1 isWaf:true appsecQuery statusCode:403
time="2024-01-22T09:37:56Z" level=debug msg="http: superfluous response.WriteHeader call from github.com/traefik/traefik/v2/pkg/middlewares/capture.(*captureResponseWriter).WriteHeader (capture.go:184)"
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:58 ServeHTTP ip:172.18.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:58 cache:GetDecision ip:172.18.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:58 ServeHTTP ip:172.18.0.1 cache:hit isBanned:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:58 handleNextServeHTTP ip:172.18.0.1 isWaf:true appsecQuery statusCode:403
time="2024-01-22T09:37:58Z" level=debug msg="http: superfluous response.WriteHeader call from github.com/traefik/traefik/v2/pkg/middlewares/capture.(*captureResponseWriter).WriteHeader (capture.go:184)