does not block
ScreNN opened this issue · comments
The plugin began to skip many of the USA and beyond. Is there something wrong with the base?
I can’t help you without any further information.
These seem to be smart bots that don't even get caught by fail2ban. But CrowdSec seems to catch them. I checked your GeoBlock, it works, but it lets these guys through. They go to 404 instead of 403 for some reason. What information can I give you?
Here's the GeoBlock settings
# Traefik GeoBlock Plugin
geoblock:
plugin:
geoblock:
allowLocalRequests: true
logLocalRequests: false
logAllowedRequests: false
logApiRequests: true
api: "https://get.geojs.io/v1/ip/country/{ip}"
apiTimeoutMs: 750
cacheSize: 150
forceMonthlyUpdate: true
allowUnknownCountries: false
unknownCountryApiResponse: "nil"
countries:
- RUThese are some kind of scanners. But shouldn't GeoBlock block them?
Are those HTTP/s requests or tcp/udp requests?
Traefik shows that these are HTTP/2.0 (GET, POST) requests. I have UDP closed. I only have port 443 of HTTPS open.
I think I figured out why these guys aren't banning the plugin. They don't pass the country in headers
According to CrowdSec database, these are HTTP scanners, TCP scanners, Brut-Force, UDP scanners etc.
I think I figured it out. I should have written a fake router in traefik proxy
http:
routers:
catchall:
entryPoints:
- "https"
# catchall rule
rule: "PathPrefix(`/`)"
service: unavailable
# lowest possible priority
# evaluated when no other router is matched
priority: 1
services:
# Service that will always answer a 503 Service Unavailable response
unavailable:
loadBalancer:
servers: {}Geoblock does not use the http country header. Did you have multiple routers configured?
Geoblock does not use the http country header. Did you have multiple routers configured?
I have different routers, I have several services open outside.
After adding a fake router, the geoblock catches the guys well, with no skips
Sounds good, so I'm closing the issue.