[BUG] Captcha redirect to captcha after performing the challenge
avidflyer17 opened this issue Β· comments
Describe the bug π
After performing a manual ban via cscli, and performing the captcha challenge, it redirect to the captcha again instead of the initial requested page.
Expected behavior π
After performing the captcha challenge, it should redirect to the requested page.
Context π
Logs from test (ips are changed)
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:36 cache:Get key:98.76.54.432
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:36 ServeHTTP ip:98.76.54.432 cache:hit isBanned:c
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:36 handleErrorServeHTTP ip:98.76.54.432 remediation:c
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:36 cache:Get key:98.76.54.432_captcha
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:36 captcha:Check ip:98.76.54.432 pass:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:53 ServeHTTP ip:12.34.56.67 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:53 cache:Get key:12.34.56.67
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:53 ServeHTTP:Get ip:12.34.56.67 isBanned:false cache:miss
INFO: GeoBlock: 2024/04/01 14:19:53 Loaded from database: {FR 2024-04-01 14:18:42.993692803 +0200 CEST m=+4170.873838902}
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:55 ServeHTTP ip:12.34.56.67 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:55 cache:Get key:12.34.56.67
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:55 ServeHTTP ip:12.34.56.67 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:55 ServeHTTP:Get ip:12.34.56.67 isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:55 cache:Get key:12.34.56.67
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:55 ServeHTTP:Get ip:12.34.56.67 isBanned:false cache:miss`
fileConfig.yml
crowdsec-bouncer-traefik-plugin:
plugin:
crowdsec-bouncer-traefik-plugin:
logLevel: DEBUG
crowdsecLapiKey: xxxxxxxxx
enabled: true
crowdsecMode: stream
crowdsecAppsecEnabled: false
crowdsecAppsecHost: crowdsec:7422
rowdsecLapiHost: crowdsec:8080
crowdsecLapiScheme: http
forwardedHeadersTrustedIPs:
- 172.18.0.0/24
- 10.0.20.0/24
clientTrustedIPs:
- 192.168.1.0/24
captchaProvider: recaptcha
captchaSiteKey: xxxxxxx
captchaSecretKey: xxxxxxx
captchaGracePeriodSeconds: 1800
captchaHTMLFilePath: /captcha.html`
traefik.yml
crowdsec-bouncer-traefik-plugin:
moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
version: "v1.3.0-dev1"
profile.yaml
name: captcha_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip" && Alert.GetScenario() contains "http" && GetDecisionsSinceCount(Alert.GetValue(), "24h") <= 3
## Same as above but only 3 captcha decision per 24 hours before ban
decisions:
- type: captcha
duration: 4h
on_success: break
---
name: default_ip_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
decisions:
- type: ban
duration: 4h
#duration_expr: "Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)"
on_success: break
Version (please complete the following information):
- OS: Ubuntu 22.04
- Traefik version: 2.11.0
- Plugin version: v1.3.0-dev1
- Redis ? : No
To Reproduce
Steps to reproduce the behavior:
- Deploy plugin + config
- manual ban with captcha
- Go to an url protected by Crowdsec
- Perform captcha challenge
- After successfully performing captcha, I'm redirect to the captcha challenge again.
Comments
Maybe I did a mistake but no sure where, if it's not an issue, please forgive me :)
Thanks for your work.
Hi @avidflyer17,
I'll look into this.
However to start and check everything is ok could you please test with release v1.3.0-beta1
.
The release v1.3.0-dev1
has been deleted (was linking a developpement branch).
Also, I dunno if it's important but there are IP from your logs, you may want to remove them if some belong to you.
I'll keep you updated if I find something wrong
Hi @avidflyer17,
I'll look into this. However to start and check everything is ok could you please test with release
v1.3.0-beta1
. The releasev1.3.0-dev1
has been deleted (was linking a developpement branch).Also, I dunno if it's important but there are IP from your logs, you may want to remove them if some belong to you.
I'll keep you updated if I find something wrong
Hello Mathieu,
Thanks for your fast feedback on my issue.
The IP shown in the provided logs are false, I changed them.
Anyway, after making the changes in traefik.yml to :
crowdsec-bouncer-traefik-plugin:
moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
version: "v1.3.0-beta1"
And restart of traefik, I did a ban test with captcha. Result is still the same : I have the captcha displayed, but after resolving it, it redirects to captcha again.
Regards,
EDIT:
Can it be related to google captcha settings ?
Do you have recommendations for this part ?
@maxlerebourg is working on it and has identified a little bit of difference between the providers.
We'll keep you updated.
Oh ! Thanks for the quick feedback.
Happy to be helpful π
Hi, @maxlerebourg solved it.
I added a bit of documentation on recaptcha here
I released v1.3.0-beta2.
Could you try it and tell us if this solves your issue ?
We are eager for any feedback on this new captcha feature :)
Regards
I just tested it and it's working as expected :)
Now, waiting for the custom ban page lol
Thanks you both for the awesome support.