From 0944cd13602fc5fd725568d400fa6605a059bc0a Mon Sep 17 00:00:00 2001 From: sabban Date: Thu, 20 Mar 2025 17:31:49 +0100 Subject: [PATCH 1/5] fix(crowdsec): correct configuration key and cache key format Changed ~CAPTCHA_EXPIRATION~ to ~CACHE_EXPIRATION~ in ~csmod.allowIp~ function. Updated cache key format in ~live_query~ function to include "decision_cache" prefix. --- lib/crowdsec.lua | 2 +- lib/plugins/crowdsec/live.lua | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/crowdsec.lua b/lib/crowdsec.lua index 915892e8..ec160f91 100644 --- a/lib/crowdsec.lua +++ b/lib/crowdsec.lua @@ -413,7 +413,7 @@ function csmod.allowIp(ip) ip, runtime.conf["API_URL"], runtime.conf["REQUEST_TIMEOUT"], - runtime.conf["CAPTCHA_EXPIRATION"], + runtime.conf["CACHE_EXPIRATION"], REMEDIATION_API_KEY_HEADER, runtime.conf['API_KEY'], runtime.userAgent, diff --git a/lib/plugins/crowdsec/live.lua b/lib/plugins/crowdsec/live.lua index 6cd0ffc2..275de6ae 100644 --- a/lib/plugins/crowdsec/live.lua +++ b/lib/plugins/crowdsec/live.lua @@ -66,7 +66,7 @@ function live:live_query(ip, api_url, timeout, cache_expiration, api_key_header, end local cache_value = decision.type .. "/" .. decision.origin local key,_ = utils.item_to_string(decision.value, decision.scope) - local succ, err, forcible = live.cache:set(key, cache_value, cache_expiration, 0) + local succ, err, forcible = live.cache:set("decision_cache" .. key, cache_value, cache_expiration, 0) ngx.log(ngx.DEBUG, "Adding '" .. key .. "' in cache for '" .. cache_expiration .. "' seconds with decision type'" .. decision.type .. "'with origin'" .. decision.origin ) --debug if not succ then ngx.log(ngx.ERR, "failed to add ".. decision.value .." : "..err) From cf41e9bff3e40915a0a76dde0cc8332beb0ef673 Mon Sep 17 00:00:00 2001 From: sabban Date: Thu, 20 Mar 2025 17:39:38 +0100 Subject: [PATCH 2/5] fix(caching): correct cache key format in live_query function Ensure the cache key format includes the "decision_cache/" prefix to prevent key conflicts and improve cache management. --- lib/plugins/crowdsec/live.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/plugins/crowdsec/live.lua b/lib/plugins/crowdsec/live.lua index 275de6ae..cf49f368 100644 --- a/lib/plugins/crowdsec/live.lua +++ b/lib/plugins/crowdsec/live.lua @@ -48,7 +48,7 @@ function live:live_query(ip, api_url, timeout, cache_expiration, api_key_header, if body == "null" then -- no result from API, no decision for this IP -- set ip in cache and DON'T block it local key,_ = utils.item_to_string(ip, "ip") - local succ, err, forcible = live.cache:set(key, "none", cache_expiration, 1) + local succ, err, forcible = live.cache:set("decision_cache/" .. key, "none", cache_expiration, 1) -- ngx.log(ngx.DEBUG, "Adding '" .. key .. "' in cache for '" .. cache_expiration .. "' seconds") --debug if not succ then @@ -66,7 +66,7 @@ function live:live_query(ip, api_url, timeout, cache_expiration, api_key_header, end local cache_value = decision.type .. "/" .. decision.origin local key,_ = utils.item_to_string(decision.value, decision.scope) - local succ, err, forcible = live.cache:set("decision_cache" .. key, cache_value, cache_expiration, 0) + local succ, err, forcible = live.cache:set("decision_cache/" .. key, cache_value, cache_expiration, 0) ngx.log(ngx.DEBUG, "Adding '" .. key .. "' in cache for '" .. cache_expiration .. "' seconds with decision type'" .. decision.type .. "'with origin'" .. decision.origin ) --debug if not succ then ngx.log(ngx.ERR, "failed to add ".. decision.value .." : "..err) From 343f2e798c06cc306d6505d262588c1b55334f84 Mon Sep 17 00:00:00 2001 From: sabban Date: Thu, 20 Mar 2025 17:44:24 +0100 Subject: [PATCH 3/5] mark debug --- lib/crowdsec.lua | 4 +++- lib/plugins/crowdsec/live.lua | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/crowdsec.lua b/lib/crowdsec.lua index ec160f91..c1a20f82 100644 --- a/lib/crowdsec.lua +++ b/lib/crowdsec.lua @@ -355,6 +355,7 @@ function csmod.allowIp(ip) local key_type = key_parts[1] if key_type == "normal" then local decision_string, flag_id = runtime.cache:get("decision_cache/" .. key) + ngx.log(ngx.DEBUG, "[CACHE] Looking for '" .. key .. "' in cache") local t = utils.split_on_delimiter(decision_string,"/") if t == nil then return true, nil, "Failed to split decision string" @@ -382,9 +383,10 @@ function csmod.allowIp(ip) item = key_type.."_"..table.concat(netmask, ":").."_"..iputils.ipv6_band(ip_network_address, netmask) end local decision_string, flag_id = runtime.cache:get("decision_cache/" .. item) + ngx.log(ngx.DEBUG, "[CACHE] Looking for '" .. key .. "' in cache") if decision_string ~= nil then -- we have it in cache if decision_string == "none" then - ngx.log(ngx.DEBUG, "'" .. key .. "' is in cache with value'" .. decision_string .. "'") + ngx.log(ngx.DEBUG, "[CACHE]'" .. key .. "' is in cache with value'" .. decision_string .. "'") return true, nil, nil end ngx.log(ngx.DEBUG, "'" .. key .. "' is in cache with value'" .. decision_string .. "'") diff --git a/lib/plugins/crowdsec/live.lua b/lib/plugins/crowdsec/live.lua index cf49f368..7f993e14 100644 --- a/lib/plugins/crowdsec/live.lua +++ b/lib/plugins/crowdsec/live.lua @@ -67,7 +67,7 @@ function live:live_query(ip, api_url, timeout, cache_expiration, api_key_header, local cache_value = decision.type .. "/" .. decision.origin local key,_ = utils.item_to_string(decision.value, decision.scope) local succ, err, forcible = live.cache:set("decision_cache/" .. key, cache_value, cache_expiration, 0) - ngx.log(ngx.DEBUG, "Adding '" .. key .. "' in cache for '" .. cache_expiration .. "' seconds with decision type'" .. decision.type .. "'with origin'" .. decision.origin ) --debug + ngx.log(ngx.DEBUG, "[CACHE] Adding '" .. key .. "' in cache for '" .. cache_expiration .. "' seconds with decision type'" .. decision.type .. "'with origin'" .. decision.origin ) --debug if not succ then ngx.log(ngx.ERR, "failed to add ".. decision.value .." : "..err) end From 80548c0dc07d166fc414824af4d7eb22ebc7e2c2 Mon Sep 17 00:00:00 2001 From: sabban Date: Thu, 20 Mar 2025 17:47:32 +0100 Subject: [PATCH 4/5] marke debug --- lib/plugins/crowdsec/live.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/plugins/crowdsec/live.lua b/lib/plugins/crowdsec/live.lua index 7f993e14..167a984a 100644 --- a/lib/plugins/crowdsec/live.lua +++ b/lib/plugins/crowdsec/live.lua @@ -50,7 +50,7 @@ function live:live_query(ip, api_url, timeout, cache_expiration, api_key_header, local key,_ = utils.item_to_string(ip, "ip") local succ, err, forcible = live.cache:set("decision_cache/" .. key, "none", cache_expiration, 1) -- - ngx.log(ngx.DEBUG, "Adding '" .. key .. "' in cache for '" .. cache_expiration .. "' seconds") --debug + ngx.log(ngx.DEBUG, "[CACHE] Adding '" .. key .. "' in cache for '" .. cache_expiration .. "' seconds") --debug if not succ then ngx.log(ngx.ERR, "failed to add ip '" .. ip .. "' in cache: ".. err) end From 54934b4820551ef6c356451e875a83da48c88046 Mon Sep 17 00:00:00 2001 From: sabban Date: Thu, 20 Mar 2025 18:41:46 +0100 Subject: [PATCH 5/5] fix the test as well --- t/10_live_ban_and_cache.t | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/t/10_live_ban_and_cache.t b/t/10_live_ban_and_cache.t index 97b69efc..7a59fd2c 100644 --- a/t/10_live_ban_and_cache.t +++ b/t/10_live_ban_and_cache.t @@ -135,19 +135,17 @@ qr/DEBUG CACHE:[^ ]*/ DEBUG CACHE:metrics_first_run:false DEBUG CACHE:metrics_processed/ip_type=ipv4&:1 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&, -DEBUG CACHE:ipv4_4294967295_16843010:none +DEBUG CACHE:decision_cache/ipv4_4294967295_16843010:none DEBUG CACHE:captcha_ok:false -DEBUG CACHE:ipv4_4294967295_16843010:none DEBUG CACHE:metrics_first_run:false DEBUG CACHE:metrics_processed/ip_type=ipv4&:2 -DEBUG CACHE:ipv4_4294967295_16843009:ban/CAPI +DEBUG CACHE:decision_cache/ipv4_4294967295_16843009:ban/CAPI DEBUG CACHE:metrics_dropped/ip_type=ipv4&origin=CAPI&:1 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,dropped/ip_type=ipv4&origin=CAPI&, DEBUG CACHE:captcha_ok:false -DEBUG CACHE:ipv4_4294967295_16843010:none DEBUG CACHE:metrics_first_run:false DEBUG CACHE:metrics_processed/ip_type=ipv4&:3 -DEBUG CACHE:ipv4_4294967295_16843009:ban/CAPI +DEBUG CACHE:decision_cache/ipv4_4294967295_16843009:ban/CAPI DEBUG CACHE:metrics_dropped/ip_type=ipv4&origin=CAPI&:2 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,dropped/ip_type=ipv4&origin=CAPI&, DEBUG CACHE:captcha_ok:false