[BUG] CrowdsecAppsecFailureBlock false should also not block when crowdsec is down
trunneml opened this issue Β· comments
Describe the bug π
Setting CrowdsecAppsecFailureBlock
to false
works for 500, but if a connection to crowdsec is not possible crowdsec-bouncer-traefik-plugin still returns 403
Expected behavior π
When crowdsec api is not available and CrowdsecAppsecFailureBlock
is set to false
Traefik should just work as normal.
To Reproduce
Steps to reproduce the behavior:
- Configure crowdsec-bouncer-traefik-plugin with CrowdsecAppsecFailureBlock set to false
- Stop crowdsec
- Try to open a service behinde Traefik
- See error
Hi we'll look into it.
In the mean time could you provide some informations like the version of the plugin, runtime (docker, kubernetes, binary, vm..).
Hey @trunneml
I looked into the code, the CrowdsecAppsecFailureBlock: false
handle the appsec response status code 500 only. We followed the protocol from Crowdsec to implement our plugin.
I don't know if it's smart to totally bypass our plugin when crowdsec is unreachable.
We could add a new variable CrowdsecAppsecUnreachableBlock
to handle this case, and by default is true.
What do you think ?
An extra flag fixes my problem.
Background: Croudsec LAPI is in an different network segment.