Giters

maxlerebourg / crowdsec-bouncer-traefik-plugin

Traefik plugin for Crowdsec - WAF and IP protection

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Instrunctions unclear regarding captcha

rwjack opened this issue · comments

commented

Hey, this is an amazing update, having a captcha really helps when users get 403's on accident and then they can't do anything about it unless I remove the crowdsec decision manually.

Although I don't seem to fully understand the concept of captcha.html and ban.html.

Where am I supposed to place those? For example: /etc/traefik/captcha/?
If that's the case, should I then configure the following:

captchaHTMLFilePath: /etc/traefik/captcha/captcha.html
banHTMLFilePath: /etc/traefik/captcha/ban.html

Also, would there be a possibility of reading captchaSecretKey from a file? So basically captchaSecretKeyFile?

Same what you did with crowdsecLapiKeyFile. It seems easier to store secrets in external files and deploy those alongside the config, rather than modifying the config itself during deployment.

commented

Hey rwjack,
For CaptchaSecretKey and captchaSiteKey, file reader is already implemented, so you can already use this kind of setup with CaptchaSecretKeyFile and captchaSiteKeyFile (the readme mention it).

For the captcha.html and ban.html, download our templates available on this repo and link them to your traefik instance (via volume binding for docker).

You can customize them too, the only requirement for captcha to work is to keep these line of code in the new template:

<head>
...
   <script src="{{ .FrontendJS }}" async defer></script>
...
</head>
<body>
...
   <div id="captcha" class="{{ .FrontendKey }}" data-sitekey="{{ .SiteKey }}" data-callback="captchaCallback">
...
   
  <script>
    function captchaCallback() {
      setTimeout(() => document.querySelector('#captcha-form').submit(), 500);
    }
  </script>
</body>
commented

Hi Max,

OK, great regarding the CaptchaSecretKeyFile!

As for the html files, I'll test it out locally. I was just confused about where to place the files since I run traefik on a VM and not in Docker, but I suppose my initial idea would work.

commented

Yes, you can place html files every where on your vm, BUT traefik need to have the right to read them (this is obvious, but can lead to misconfiguration).

commented

All clear then!