You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug 🐛
Setting CrowdsecAppsecFailureBlock to false works for 500, but if a connection to crowdsec is not possible crowdsec-bouncer-traefik-plugin still returns 403
Expected behavior 👀
When crowdsec api is not available and CrowdsecAppsecFailureBlock is set to false Traefik should just work as normal.
To Reproduce
Steps to reproduce the behavior:
Configure crowdsec-bouncer-traefik-plugin with CrowdsecAppsecFailureBlock set to false
Stop crowdsec
Try to open a service behinde Traefik
See error
The text was updated successfully, but these errors were encountered:
Hi we'll look into it.
In the mean time could you provide some informations like the version of the plugin, runtime (docker, kubernetes, binary, vm..).
Hey @trunneml
I looked into the code, the CrowdsecAppsecFailureBlock: false handle the appsec response status code 500 only. We followed the protocol from Crowdsec to implement our plugin.
I don't know if it's smart to totally bypass our plugin when crowdsec is unreachable.
We could add a new variable CrowdsecAppsecUnreachableBlock to handle this case, and by default is true.
Describe the bug 🐛
Setting
CrowdsecAppsecFailureBlock
tofalse
works for 500, but if a connection to crowdsec is not possible crowdsec-bouncer-traefik-plugin still returns 403Expected behavior 👀
When crowdsec api is not available and
CrowdsecAppsecFailureBlock
is set tofalse
Traefik should just work as normal.To Reproduce
Steps to reproduce the behavior:
The text was updated successfully, but these errors were encountered: