CrowdSec - lightweight and collaborative security engine
Forum Replies Created
-
Forum: Plugins
In reply to: [CrowdSec] Unexpected CURL call failure: issueThanks.
It seems that your “api_url” setting is empty as your log shows”api_url”:””Can you set
http://localhost:8080in your Local API URL setting and try again ?
Thanks- This reply was modified 3 years, 2 months ago by CrowdSec - lightweight and collaborative security engine.
Forum: Plugins
In reply to: [CrowdSec] Unexpected CURL call failure: issueThanks.
Well, it seems to be not so easy to debug.
Could you check if the PHP curl extension is installed ?
You can runphp -r 'var_dump(extension_loaded("curl"));'
for example and if the result isbool(true), it is ok.
Could you enable de debug mode (Advanced settings), then clic the test button and share the content of what appears in the/wp-content/plugins/crowdsec/logs/debug.logfile ?
For a working test, I have this kind of lines in debug.log :2023-04-25T07:01:31.390386+00:00|100|Instantiate client|…
2023-04-25T07:01:31.411349+00:00|100|Instantiate cache|…
2023-04-25T07:01:31.411465+00:00|100|Instantiate remediation engine|…
2023-04-25T07:01:31.411920+00:00|100|Cache result …
2023-04-25T07:01:31.411946+00:00|100|Now processing a bouncer request …
2023-04-25T07:01:31.421607+00:00|100|Decisions have been sorted by priority| …
2023-04-25T07:01:31.421989+00:00|200|Final remediation|{"remediation":"bypass"} …Maybe we will see something usefull in these lines.
And maybe you could also test without Curl by disabling “Use cURL to call Local API” in the Connection details settings ?
ThanksForum: Plugins
In reply to: [CrowdSec] Unexpected CURL call failure: issueHi @houdini69,
Thanks for your message.
Your error message indicates that you received no response for the tested curl call.
I suppose you are using the last version of Crowdsec and the plugin.
Maybe a first step to debug this problem would be to make a direct curl call with this type of command:curl -H "X-Api-Key:your-bouncer-api-key" your-crowdsec-url/v1/decisions\?ip=192.168.1.254It should look like below on a basic installation:
curl -H "X-Api-Key:ab4429********725d43feb2" http://localhost:8080/v1/decisions\?ip=192.168.1.254Could you test it to see if it works or if you can get a useful error message ?
(If it works, you should get “null” for an IP with no active decision”)
Thanks- This reply was modified 3 years, 2 months ago by CrowdSec - lightweight and collaborative security engine.
- This reply was modified 3 years, 2 months ago by CrowdSec - lightweight and collaborative security engine.
- This reply was modified 3 years, 2 months ago by CrowdSec - lightweight and collaborative security engine.
- This reply was modified 3 years, 2 months ago by CrowdSec - lightweight and collaborative security engine.
Forum: Plugins
In reply to: [CrowdSec] Log-folderHi @alekscee,
we just published a new 2.3.0 release of the plugin.
This release contains necessary .htacess and an updated documentation for Nginx users.
I’m closing this issue. Happy to continue the conversation here or elsewhere.
Thanks again.Forum: Plugins
In reply to: [CrowdSec] Log-folderHello @alekscee ,
you are right: server-side rules should be added to prevent access to these files. If this is not possible, the logging of files can be completely disabled using the “Disable prod log” parameter.
As we can not do this in the plugin sources (we don’t know if user works with Apache, Nginx or anything else), I think we should at least add this notice in the advanced settings and add some configuration examples in the documentation.
Will do so asap.
Thank you for pointing that out.
[UPDATE] : For those using Apache, we will add a .htaccess file in the .logs folder with some “deny” directives.- This reply was modified 3 years, 3 months ago by CrowdSec - lightweight and collaborative security engine.
Forum: Plugins
In reply to: [CrowdSec] Stream Mode ErrorHi, I’m closing this issue. Happy to continue the conversation here or elsewhere.
Forum: Plugins
In reply to: [CrowdSec] Stream Mode ErrorHi,
I just tested with Lite Speed Cache (not connected to any external cloud service and using the Essentials presets).
I tested to access a cached page with a banned IP and the ban wall has been displayed. Thus, it seems to be working without the need of enabling auto_prepend mode.
Maybe there are other advanced settings with the Lite Speed Cache plugin that could break the process but this basic check works as expected.
ThanksForum: Plugins
In reply to: [CrowdSec] Does Crowdsec works in WordPress Multiste Subdomains?Thinking back to your problem, I think the ban you got even without an active decision came from a previously cached decision.
But then, only an analysis of your logs and your configuration could have told us.
I hope it will be better with individual installations.
Thanks.Forum: Plugins
In reply to: [CrowdSec] Stream Mode ErrorHi,
I just realized that I did not understand your initial message correctly.
Sorry for that.
This plugin has not been tested with a WordPress “MultiSite feature” installation. And I guess it is not supported. Some users have already multiple WordPress connected to one single CrowdSec agent but they are using individual WordPress sites with a Bouncer plugin for each site (cache can be shared with Redis for example and it is possible to use the same bouncer key)
Considering your last issue : “ban wall is not displayed whereas a ban remediation is logged“, I wasn’t able to test the LiteSpeed cache as it seems to be required to register for some external service. If you can test to disable it and see if this is better, it could help us.
For now, I am not sure if the issue comes from this Cache plugin or from a MultiSite installation (or from something else …).- If this is a Multisite issue:
I can’t tell if or when we will be able to work on a MultiSite support. There is a feature request for it but I have no idea on the time it will take to add this support. As you mentionned, there is only one static file created for the auto_prepend mode, thus this will be maybe be a part of the work.
- If this is a Lite Speed compatibility issue
If this is the same kind of problem that we had with the WP Super Cache plugin, the problem is that those kind plugin bypasses all the plugin loading process and serves the cached content. One can consider that not bouncing cached content is not a real issue. Uncached content (form POST …) should be still protected. But if showing a ban/captcha wall is really wanted, the auto_prepend mode seems to be the only way to act before such Cache plugins.
Thanks again.
Forum: Plugins
In reply to: [CrowdSec] Does Crowdsec works in WordPress Multiste Subdomains?Hi,
Thanks for your reply.
I will close this issue.
But, for information: bouncer does not ban any IP. Bouncer just applies decisions.cscli decisions listshows only decisions manually added.
To get all decisions (even those pulled from the community shared data), you could trycscli decisions list --allThanks
Forum: Plugins
In reply to: [CrowdSec] Does Crowdsec works in WordPress Multiste Subdomains?Hi,
I just realized that I did not understand your initial message correctly.
I was not aware of this Multisite feature you are talking about.
And as it just happened a feature request about this : https://github.com/crowdsecurity/cs-wordpress-bouncer/issues/128
I just realized my mistake. Sorry about that.
Well, I guess now that this plugin does not support this Multisite feature for now.
If you make new tests with the new version of the plugin, do not hesitate to tell me what you notice.I think that the compatibility with MultiSite will require a lot of work, but it is something that should be possible one day.
We’ll take a closer look, and I’ll get back to you if there’s any news.
Thanks again.
Forum: Plugins
In reply to: [CrowdSec] Stream Mode ErrorHi,
I just released a new2.0.3version of the plugin : I guess that won’t solve your problem, but there are more debug messages (about what the bouncer will try to show after the remediation has been recovered).
Maybe it could help us.
Thanks.- This reply was modified 3 years, 4 months ago by CrowdSec - lightweight and collaborative security engine.
Forum: Plugins
In reply to: [CrowdSec] Stream Mode ErrorCould you test to disable LSCache ?
If the html is cached before bouncing can act, then I guess it could lead to your issue.
We had the same issue with WP Super Cache plugin : https://github.com/crowdsecurity/cs-wordpress-bouncer/blob/main/docs/USER_GUIDE.md#auto-prepend-file-mode
I did not test with LSCache but, for the WP Cache plugin, a solution was to use the auto-prepend-file mode (see the above link to).
Please let me know.
ThanksForum: Plugins
In reply to: [CrowdSec] Stream Mode ErrorHi,
Indeed, logs are showing that the cached remediation is a “ban”.
And, as you are in stream mode and your bouncing level is “normal”, you should then see a ban wall (if you access the website with the “IP Redacted IP”).
Do you still have any cache plugin enabled ?Thanks
Forum: Plugins
In reply to: [CrowdSec] Does Crowdsec works in WordPress Multiste Subdomains?Hi,
Looking at your PHP errors, I understood what could possibly happen.I released a new
2.0.2version of the plugin with a fix for your issue.Please let me know if it is ok with this new release.
Thanks