Describe the bug 🐛
After performing a manual ban via cscli, and performing the captcha challenge, it redirect to the captcha again instead of the initial requested page.

Expected behavior 👀
After performing the captcha challenge, it should redirect to the requested page.

Context 🔎
Logs from test (ips are changed)

DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:36 cache:Get key:98.76.54.432
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:36 ServeHTTP ip:98.76.54.432 cache:hit isBanned:c
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:36 handleErrorServeHTTP ip:98.76.54.432 remediation:c
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:36 cache:Get key:98.76.54.432_captcha
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:36 captcha:Check ip:98.76.54.432 pass:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:53 ServeHTTP ip:12.34.56.67 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:53 cache:Get key:12.34.56.67
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:53 ServeHTTP:Get ip:12.34.56.67 isBanned:false cache:miss
INFO: GeoBlock: 2024/04/01 14:19:53 Loaded from database:  {FR 2024-04-01 14:18:42.993692803 +0200 CEST m=+4170.873838902}
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:55 ServeHTTP ip:12.34.56.67 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:55 cache:Get key:12.34.56.67
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:55 ServeHTTP ip:12.34.56.67 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:55 ServeHTTP:Get ip:12.34.56.67 isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:55 cache:Get key:12.34.56.67
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/04/01 14:19:55 ServeHTTP:Get ip:12.34.56.67 isBanned:false cache:miss`

fileConfig.yml

    crowdsec-bouncer-traefik-plugin:
      plugin:
        crowdsec-bouncer-traefik-plugin:
          logLevel: DEBUG
          crowdsecLapiKey: xxxxxxxxx
          enabled: true
          crowdsecMode: stream
          crowdsecAppsecEnabled: false
          crowdsecAppsecHost: crowdsec:7422
          rowdsecLapiHost: crowdsec:8080
          crowdsecLapiScheme: http
          forwardedHeadersTrustedIPs: 
            - 172.18.0.0/24
            - 10.0.20.0/24
          clientTrustedIPs: 
            - 192.168.1.0/24
          captchaProvider: recaptcha
          captchaSiteKey: xxxxxxx
          captchaSecretKey: xxxxxxx
          captchaGracePeriodSeconds: 1800
          captchaHTMLFilePath: /captcha.html`

traefik.yml

    crowdsec-bouncer-traefik-plugin:
      moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
      version: "v1.3.0-dev1"

profile.yaml

name: captcha_remediation
filters:
  - Alert.Remediation == true && Alert.GetScope() == "Ip" && Alert.GetScenario() contains "http" && GetDecisionsSinceCount(Alert.GetValue(), "24h") <= 3
## Same as above but only 3 captcha decision per 24 hours before ban
decisions:
 - type: captcha
   duration: 4h
on_success: break
---
name: default_ip_remediation
filters:
 - Alert.Remediation == true && Alert.GetScope() == "Ip"
decisions:
 - type: ban
   duration: 4h
#duration_expr: "Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)"
on_success: break

Version (please complete the following information):

• OS: Ubuntu 22.04
• Traefik version: 2.11.0
• Plugin version: v1.3.0-dev1
• Redis ? : No

To Reproduce
Steps to reproduce the behavior:

1. Deploy plugin + config
2. manual ban with captcha
3. Go to an url protected by Crowdsec
4. Perform captcha challenge
5. After successfully performing captcha, I'm redirect to the captcha challenge again.

Comments
Maybe I did a mistake but no sure where, if it's not an issue, please forgive me :)

Thanks for your work.

Hi @avidflyer17,

I'll look into this.
However to start and check everything is ok could you please test with release v1.3.0-beta1.
The release v1.3.0-dev1 has been deleted (was linking a developpement branch).

Also, I dunno if it's important but there are IP from your logs, you may want to remove them if some belong to you.

I'll keep you updated if I find something wrong

Hi @avidflyer17,

I'll look into this. However to start and check everything is ok could you please test with release v1.3.0-beta1. The release v1.3.0-dev1 has been deleted (was linking a developpement branch).

Also, I dunno if it's important but there are IP from your logs, you may want to remove them if some belong to you.

I'll keep you updated if I find something wrong

Hello Mathieu,

Thanks for your fast feedback on my issue.

The IP shown in the provided logs are false, I changed them.

Anyway, after making the changes in traefik.yml to :

    crowdsec-bouncer-traefik-plugin:
      moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
      version: "v1.3.0-beta1"

And restart of traefik, I did a ban test with captcha. Result is still the same : I have the captcha displayed, but after resolving it, it redirects to captcha again.

Regards,

EDIT:
Can it be related to google captcha settings ?
Do you have recommendations for this part ?

@maxlerebourg is working on it and has identified a little bit of difference between the providers.
We'll keep you updated.

Oh ! Thanks for the quick feedback.

Happy to be helpful 😊

Hi, @maxlerebourg solved it.
I added a bit of documentation on recaptcha here
I released v1.3.0-beta2.

Could you try it and tell us if this solves your issue ?
We are eager for any feedback on this new captcha feature :)

Regards

I just tested it and it's working as expected :)
Now, waiting for the custom ban page lol

Thanks you both for the awesome support.