Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ add support for appsec in crowdsec #123

Merged
merged 11 commits into from
Jan 24, 2024
Merged

✨ add support for appsec in crowdsec #123

merged 11 commits into from
Jan 24, 2024

Conversation

maxlerebourg
Copy link
Owner

No description provided.

@maxlerebourg maxlerebourg linked an issue Jan 21, 2024 that may be closed by this pull request
[FEATURE] AppSec Integration #122
Closed
@mathieuHa mathieuHa self-requested a review January 21, 2024 15:05
mathieuHa
mathieuHa previously requested changes Jan 21, 2024
View reviewed changes
Copy link
Collaborator

@mathieuHa mathieuHa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some missing documentation and adjustement are needed before we can merge this

pkg/configuration/configuration.go Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
bouncer.go Show resolved Hide resolved
bouncer.go Show resolved Hide resolved
bouncer.go Outdated Show resolved Hide resolved
@mathieuHa
Copy link
Collaborator

@maxlerebourg

From the logs we see that request has been stopped but in the browser the user still accessed the content:

time="2024-01-22T09:08:52Z" level=debug msg="Request has been aborted [172.18.0.1:59396 - /bar1]: net/http: abort Handler" middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2024-01-22T09:08:56Z" level=debug msg="http: superfluous response.WriteHeader call from github.com/traefik/traefik/v2/pkg/middlewares/capture.(*captureResponseWriter).WriteHeader (capture.go:184)"
time="2024-01-22T09:08:56Z" level=debug msg="Request has been aborted [172.18.0.1:59400 - /bar/rpc2]: net/http: abort Handler" middlewareType=Recovery middlewareName=traefik-internal-recovery

image

could you try with this docker-compose.yaml

version: "3.8"

services:
  traefik:
    image: "traefik:v2.10.4"
    container_name: "traefik"
    restart: unless-stopped
    command:
      - "--log.level=DEBUG"
      - "--accesslog"
      - "--accesslog.filepath=/var/log/traefik/access.log"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"

      - "--experimental.localplugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - logs-local:/var/log/traefik
      - ./:/plugins-local/src/github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
    ports:
      - 8000:80
      - 8080:8080
    depends_on:
      - crowdsec

  whoami-foo:
    image: traefik/whoami
    container_name: "simple-service-foo"
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.router-foo.rule=PathPrefix(`/foo`)"
      - "traefik.http.routers.router-foo.entrypoints=web"
      - "traefik.http.routers.router-foo.middlewares=crowdsec-foo@docker" 
      - "traefik.http.services.service-foo.loadbalancer.server.port=80"
      - "traefik.http.middlewares.crowdsec-foo.plugin.bouncer.enabled=true"
      - "traefik.http.middlewares.crowdsec-foo.plugin.bouncer.crowdseclapikey=40796d93c2958f9e58345514e67740e5="

  whoami2:
    image: traefik/whoami
    container_name: "simple-service-bar"
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.router-bar.rule=PathPrefix(`/bar`)"
      - "traefik.http.routers.router-bar.entrypoints=web"
      - "traefik.http.routers.router-bar.middlewares=crowdsec-bar@docker"
      - "traefik.http.services.service-bar.loadbalancer.server.port=80"
      - "traefik.http.middlewares.crowdsec-bar.plugin.bouncer.enabled=true"
      - "traefik.http.middlewares.crowdsec-bar.plugin.bouncer.crowdseclapikey=40796d93c2958f9e58345514e67740e5="

  crowdsec:
    image: crowdsecurity/crowdsec:dev
    container_name: "crowdsec"
    restart: unless-stopped
    environment:
      COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching
      CUSTOM_HOSTNAME: crowdsec
      BOUNCER_KEY_TRAEFIK: 40796d93c2958f9e58345514e67740e5=
    volumes:
      - ./acquis.yaml:/etc/crowdsec/acquis.yaml:ro
      - logs-local:/var/log/traefik:ro
      - crowdsec-db-local:/var/lib/crowdsec/data/
      - crowdsec-config-local:/etc/crowdsec/
    labels:
      - "traefik.enable=false"
volumes:
  logs-local:
  crowdsec-db-local:
  crowdsec-config-local:

Then Access localhost:8000/bar and then localhost:8000/bar/rpc2

@mathieuHa
Copy link
Collaborator

Adding all logs for throubleshooting

Local agent already registered
Check if lapi needs to register an additional agent
time="2024-01-22T08:58:31Z" level=info msg="hub index is up to date"
Running: cscli  collections upgrade "crowdsecurity/linux" 
time="2024-01-22T08:58:31Z" level=info msg="crowdsecurity/linux: up-to-date"
Running: cscli  parsers upgrade "crowdsecurity/whitelists" 
time="2024-01-22T08:58:31Z" level=info msg="crowdsecurity/whitelists: up-to-date"
Running: cscli  parsers install "crowdsecurity/docker-logs" 
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/docker-logs: overwrite"
time="2024-01-22T08:58:32Z" level=info msg="Enabled crowdsecurity/docker-logs"
time="2024-01-22T08:58:32Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
Running: cscli  parsers install "crowdsecurity/cri-logs" 
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/cri-logs: overwrite"
time="2024-01-22T08:58:32Z" level=info msg="Enabled crowdsecurity/cri-logs"
time="2024-01-22T08:58:32Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
Running: cscli  collections install "crowdsecurity/traefik" 
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/traefik-logs: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-logs: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-crawl-non_statics: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-probing: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-bad-user-agent: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-path-traversal-probing: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-sensitive-files: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-sqli-probing: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-xss-probing: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-backdoors-attempts: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="ltsich/http-w00tw00t: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-generic-bf: overwrite"
time="2024-01-22T08:58:32Z" level=warning msg="crowdsecurity/http-open-proxy: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/http_base: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/http-cve-2021-41773: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/http-cve-2021-42013: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/grafana-cve-2021-43798: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/vmware-vcenter-vmsa-2021-0027: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/fortinet-cve-2018-13379: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/pulse-secure-sslvpn-cve-2019-11510: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/f5-big-ip-cve-2020-5902: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/thinkphp-cve-2018-20062: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/apache_log4j2_cve-2021-44228: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/jira_cve-2021-26086: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/spring4shell_cve-2022-22965: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/vmware-cve-2022-22954: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-37042: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-41082: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-35914: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-40684: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-26134: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-42889: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-41697: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-46169: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2022-44877: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2019-18935: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/netgear_rce: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2023-22515: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2023-22518: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/CVE-2023-49103: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/http-cve: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/http-cve: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/base-http-scenarios: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/base-http-scenarios: overwrite"
time="2024-01-22T08:58:33Z" level=warning msg="crowdsecurity/traefik: overwrite"
time="2024-01-22T08:58:33Z" level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists."
time="2024-01-22T08:58:33Z" level=info msg="Enabled collections: crowdsecurity/http-cve"
time="2024-01-22T08:58:33Z" level=info msg="/etc/crowdsec/collections/base-http-scenarios.yaml already exists."
time="2024-01-22T08:58:33Z" level=info msg="Enabled collections: crowdsecurity/base-http-scenarios"
time="2024-01-22T08:58:33Z" level=info msg="/etc/crowdsec/collections/traefik.yaml already exists."
time="2024-01-22T08:58:33Z" level=info msg="Enabled collections: crowdsecurity/traefik"
time="2024-01-22T08:58:33Z" level=info msg="Enabled crowdsecurity/traefik"
time="2024-01-22T08:58:33Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
Running: cscli  collections install "crowdsecurity/appsec-virtual-patching" 
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/appsec-logs: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled parsers: crowdsecurity/appsec-logs"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/appsec-vpatch: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled scenarios: crowdsecurity/appsec-vpatch"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/virtual-patching: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-configs: crowdsecurity/virtual-patching"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/base-config: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/base-config"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-env-access: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-env-access"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-40044: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-40044"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2017-9841: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2017-9841"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2020-11738: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2020-11738"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2022-27926: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-27926"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2022-35914: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-35914"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2022-46169: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-46169"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-20198: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-20198"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-22515: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-22515"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-33617: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-33617"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-34362: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-34362"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-3519: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-3519"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-42793: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-42793"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-50164: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-50164"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-38205: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-38205"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2023-24489: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-24489"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2021-3129: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2021-3129"
time="2024-01-22T08:58:33Z" level=info msg="crowdsecurity/vpatch-CVE-2021-22941: OK"
time="2024-01-22T08:58:33Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2021-22941"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2019-12989: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2019-12989"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2022-44877: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-44877"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2018-10562: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2018-10562"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-6553: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6553"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2018-1000861: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2018-1000861"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2019-1003030: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2019-1003030"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2022-22965: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-22965"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-23752: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23752"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-49070: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-49070"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-laravel-debug-mode: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-laravel-debug-mode"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-28121: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-28121"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2020-17496: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2020-17496"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-1389: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-1389"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-7028: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-7028"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/vpatch-CVE-2023-46805: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-46805"
time="2024-01-22T08:58:34Z" level=info msg="crowdsecurity/appsec-virtual-patching: OK"
time="2024-01-22T08:58:34Z" level=info msg="Enabled collections: crowdsecurity/appsec-virtual-patching"
time="2024-01-22T08:58:34Z" level=info msg="Enabled crowdsecurity/appsec-virtual-patching"
time="2024-01-22T08:58:34Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
time="2024-01-22T08:58:34Z" level=info msg="Enabled feature flags: <none>"
time="2024-01-22T08:58:34Z" level=info msg="Crowdsec v1.5.6-rc11-6-g19d36c0f-19d36c0f"
time="2024-01-22T08:58:34Z" level=info msg="Loading prometheus collectors"
time="2024-01-22T08:58:34Z" level=info msg="Loading CAPI manager"
time="2024-01-22T08:58:35Z" level=info msg="CAPI manager configured successfully"
time="2024-01-22T08:58:35Z" level=error msg="Machine is not enrolled in the console, can't synchronize with the console"
time="2024-01-22T08:58:35Z" level=info msg="Start push to CrowdSec Central API (interval: 17s once, then 10s)"
time="2024-01-22T08:58:35Z" level=info msg="Start sending metrics to CrowdSec Central API (interval: 32m11s once, then 30m0s)"
time="2024-01-22T08:58:35Z" level=info msg="CrowdSec Local API listening on [::]:8080"
time="2024-01-22T08:58:35Z" level=warning msg="scenario list is empty, will not pull yet"
time="2024-01-22T08:58:35Z" level=info msg="capi metrics: sending"
time="2024-01-22T08:58:35Z" level=info msg="Loading grok library /etc/crowdsec/patterns"
time="2024-01-22T08:58:36Z" level=info msg="Loading enrich plugins"
time="2024-01-22T08:58:36Z" level=info msg="Successfully registered enricher 'GeoIpCity'"
time="2024-01-22T08:58:36Z" level=info msg="Successfully registered enricher 'GeoIpASN'"
time="2024-01-22T08:58:36Z" level=info msg="Successfully registered enricher 'IpToRange'"
time="2024-01-22T08:58:36Z" level=info msg="Successfully registered enricher 'reverse_dns'"
time="2024-01-22T08:58:36Z" level=info msg="Successfully registered enricher 'ParseDate'"
time="2024-01-22T08:58:36Z" level=info msg="Successfully registered enricher 'UnmarshalJSON'"
time="2024-01-22T08:58:36Z" level=info msg="Loading parsers from 10 files"
time="2024-01-22T08:58:36Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/cri-logs.yaml stage=s00-raw
time="2024-01-22T08:58:36Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/docker-logs.yaml stage=s00-raw
time="2024-01-22T08:58:36Z" level=info msg="Loaded 2 parser nodes" file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml stage=s00-raw
time="2024-01-22T08:58:36Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/appsec-logs.yaml stage=s01-parse
time="2024-01-22T08:58:36Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml stage=s01-parse
time="2024-01-22T08:58:37Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/traefik-logs.yaml stage=s01-parse
time="2024-01-22T08:58:37Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml stage=s02-enrich
time="2024-01-22T08:58:37Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml stage=s02-enrich
time="2024-01-22T08:58:37Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/http-logs.yaml stage=s02-enrich
time="2024-01-22T08:58:37Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml stage=s02-enrich
time="2024-01-22T08:58:37Z" level=info msg="Loaded 11 nodes from 3 stages"
time="2024-01-22T08:58:37Z" level=info msg="No postoverflow parsers to load"
time="2024-01-22T08:58:37Z" level=info msg="Loading 40 scenario files"
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=throbbing-thunder name=crowdsecurity/http-cve-2021-42013
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=lingering-silence name=crowdsecurity/fortinet-cve-2022-40684
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=green-water name=crowdsecurity/spring4shell_cve-2022-22965
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=nameless-shadow name=crowdsecurity/http-probing
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=throbbing-firefly name=crowdsecurity/CVE-2022-26134
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=delicate-dew name=crowdsecurity/http-bad-user-agent
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=weathered-voice name=crowdsecurity/http-path-traversal-probing
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=billowing-cherry name=crowdsecurity/vmware-cve-2022-22954
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=lively-sky name=crowdsecurity/appsec-vpatch
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=withered-wood name=crowdsecurity/CVE-2023-22515
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=wispy-frost name=crowdsecurity/jira_cve-2021-26086
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=sparkling-night name=crowdsecurity/CVE-2022-42889
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=morning-glitter name=crowdsecurity/CVE-2022-41082
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=twilight-bush name=crowdsecurity/f5-big-ip-cve-2020-5902
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=wispy-star name=crowdsecurity/CVE-2022-35914
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=quiet-breeze name=ltsich/http-w00tw00t
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=damp-surf name=crowdsecurity/CVE-2022-41697
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=restless-river name=crowdsecurity/ssh-bf
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=dry-tree name=crowdsecurity/ssh-bf_user-enum
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=twilight-cherry name=crowdsecurity/thinkphp-cve-2018-20062
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=summer-sun name=crowdsecurity/CVE-2022-46169-bf
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=spring-breeze name=crowdsecurity/CVE-2022-46169-cmd
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=purple-sun name=crowdsecurity/CVE-2022-37042
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=dry-snow name=crowdsecurity/CVE-2023-49103
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=morning-sky name=crowdsecurity/http-backdoors-attempts
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=weathered-bush name=crowdsecurity/fortinet-cve-2018-13379
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=twilight-dream name=crowdsecurity/netgear_rce
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=solitary-sea name=crowdsecurity/vmware-vcenter-vmsa-2021-0027
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=solitary-bird name=crowdsecurity/grafana-cve-2021-43798
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=delicate-shape name=crowdsecurity/apache_log4j2_cve-2021-44228
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=old-grass name=crowdsecurity/CVE-2023-22518
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=bitter-forest name=crowdsecurity/http-xss-probbing
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=twilight-pine name=crowdsecurity/CVE-2019-18935
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=cold-sea name=crowdsecurity/pulse-secure-sslvpn-cve-2019-11510
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=purple-haze name=crowdsecurity/http-generic-bf
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=summer-grass name=LePresidente/http-generic-401-bf
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=nameless-bush name=LePresidente/http-generic-403-bf
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=muddy-violet name=crowdsecurity/ssh-slow-bf
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=quiet-firefly name=crowdsecurity/ssh-slow-bf_user-enum
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=damp-water name=crowdsecurity/http-sensitive-files
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=green-rain name=crowdsecurity/http-open-proxy
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=bitter-field name=crowdsecurity/http-cve-2021-41773
time="2024-01-22T08:58:37Z" level=info msg="Adding trigger bucket" cfg=little-sunset name=crowdsecurity/CVE-2022-44877
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=ancient-feather name=crowdsecurity/http-sqli-probbing-detection
time="2024-01-22T08:58:37Z" level=info msg="Adding leaky bucket" cfg=damp-frog name=crowdsecurity/http-crawl-non_statics
time="2024-01-22T08:58:37Z" level=info msg="Loaded 45 scenarios"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22515 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-24489 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-49070 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22965 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-35914 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-44877 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-46169 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-46805 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/base-config to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-17496 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-27926 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-20198 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-env-access to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-laravel-debug-mode to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-10562 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-11738 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-3519 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-38205 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-34362 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-1003030 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23752 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-28121 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-33617 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-1389 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-7028 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2017-9841 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-1000861 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-12989 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-22941 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-50164 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6553 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-3129 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-40044 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-42793 to appsec rules"
time="2024-01-22T08:58:37Z" level=info msg="loading acquisition file : /etc/crowdsec/acquis.yaml"
time="2024-01-22T08:58:37Z" level=info msg="Adding file /var/log/traefik/access.log to datasources" type=file
time="2024-01-22T08:58:37Z" level=info msg="Cache duration for auth not set, using default: 1m0s" name=myAppSecComponent type=appsec
time="2024-01-22T08:58:37Z" level=info msg="loading /etc/crowdsec/appsec-configs/virtual-patching.yaml" component=appsec_config name=myAppSecComponent type=appsec
time="2024-01-22T08:58:37Z" level=info msg="Loaded 0 outofband rules" component=appsec_config name=crowdsecurity/virtual-patching type=appsec
time="2024-01-22T08:58:37Z" level=info msg="loading inband rule crowdsecurity/base-config" component=appsec_config name=crowdsecurity/virtual-patching type=appsec
time="2024-01-22T08:58:37Z" level=info msg="loading inband rule crowdsecurity/vpatch-*" component=appsec_config name=crowdsecurity/virtual-patching type=appsec
time="2024-01-22T08:58:37Z" level=info msg="Loaded 34 inband rules" component=appsec_config name=crowdsecurity/virtual-patching type=appsec
time="2024-01-22T08:58:37Z" level=info msg="Created 1 appsec runners" name=myAppSecComponent type=appsec
time="2024-01-22T08:58:37Z" level=info msg="Starting processing data"
time="2024-01-22T08:58:37Z" level=info msg="1 appsec runner to start" name=myAppSecComponent type=appsec
time="2024-01-22T08:58:37Z" level=info msg="Starting Appsec server on 0.0.0.0:7422/" name=myAppSecComponent type=appsec
time="2024-01-22T08:58:37Z" level=info msg="Appsec Runner ready to process event" name=myAppSecComponent runner_uuid=1f3c6c20-143a-4e01-8682-1f14daeaf210 type=appsec
time="2024-01-22T08:58:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 08:58:37 UTC] \"POST /v1/watchers/login HTTP/1.1 200 166.118562ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T08:58:37Z" level=info msg="Starting community-blocklist update"
time="2024-01-22T08:58:37Z" level=info msg="capi/community-blocklist : 0 explicit deletions"
time="2024-01-22T08:58:37Z" level=info msg="capi/community-blocklist : received 0 new entries (expected if you just installed crowdsec)"
time="2024-01-22T08:58:37Z" level=info msg="Start pull from CrowdSec Central API (interval: 1h55m54s once, then 2h0m0s)"
time="2024-01-22T08:59:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 08:59:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.473975ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:00:12Z" level=info msg="172.18.0.5 - [Mon, 22 Jan 2024 09:00:12 UTC] \"GET /v1/decisions?ip=172.18.0.1&banned=true HTTP/1.1 200 13.409644ms \"Go-http-client/1.1\" \""
time="2024-01-22T09:00:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:00:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 3.978085ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:01:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:01:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.168075ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:02:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:02:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.254481ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:03:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:03:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.377162ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:04:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:04:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 3.385453ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:05:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:05:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.385656ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:06:06Z" level=info msg="172.18.0.5 - [Mon, 22 Jan 2024 09:06:06 UTC] \"GET /v1/decisions?ip=172.18.0.1&banned=true HTTP/1.1 200 10.790282ms \"Go-http-client/1.1\" \""
time="2024-01-22T09:06:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:06:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 5.017045ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:07:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:07:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 4.654186ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:08:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:08:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.331145ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:08:50Z" level=info msg="172.18.0.5 - [Mon, 22 Jan 2024 09:08:50 UTC] \"GET /v1/decisions?ip=172.18.0.1&banned=true HTTP/1.1 200 10.012428ms \"Go-http-client/1.1\" \""
time="2024-01-22T09:09:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:09:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.350788ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:10:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:10:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 10.126224ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:11:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:11:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.279352ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:12:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:12:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 9.617403ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:13:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:13:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 9.658866ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:14:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:14:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.560704ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:15:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:15:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.333618ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:16:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:16:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 9.692398ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:17:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:17:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.747194ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:18:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:18:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.315339ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:19:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:19:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.937498ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:20:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:20:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.744084ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:21:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:21:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 9.474947ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:22:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:22:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.348799ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:23:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:23:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.178648ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:24:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:24:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 9.153543ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:25:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:25:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.802811ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""
time="2024-01-22T09:26:37Z" level=info msg="127.0.0.1 - [Mon, 22 Jan 2024 09:26:37 UTC] \"GET /v1/heartbeat HTTP/1.1 200 8.610297ms \"crowdsec/v1.5.6-rc11-6-g19d36c0f-19d36c0f\" \""

@mathieuHa
Copy link
Collaborator

mathieuHa commented Jan 22, 2024
edited

Posting Traefik logs as requested:

time="2024-01-22T08:58:31Z" level=info msg="Configuration loaded from flags."
time="2024-01-22T08:58:31Z" level=info msg="Traefik version 2.10.4 built on 2023-07-24T16:29:02Z"
time="2024-01-22T08:58:31Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"accessLog\":{\"filePath\":\"/var/log/traefik/access.log\",\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"experimental\":{\"localPlugins\":{\"bouncer\":{\"moduleName\":\"github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin\"}}}}"
time="2024-01-22T08:58:31Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2024-01-22T08:58:31Z" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2024-01-22T08:58:31Z" level=debug msg="Starting TCP Server" entryPointName=web
time="2024-01-22T08:58:31Z" level=debug msg="Starting TCP Server" entryPointName=traefik
time="2024-01-22T08:58:31Z" level=info msg="Starting provider *traefik.Provider"
time="2024-01-22T08:58:31Z" level=debug msg="*traefik.Provider provider configuration: {}"
time="2024-01-22T08:58:31Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2024-01-22T08:58:31Z" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
time="2024-01-22T08:58:31Z" level=info msg="Starting provider *docker.Provider"
time="2024-01-22T08:58:31Z" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2024-01-22T08:58:31Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/(\\\\[[\\\\w:.]+\\\\]|[\\\\w\\\\._-]+)(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
time="2024-01-22T08:58:31Z" level=debug msg="Provider connection established with docker 25.0.0 (API 1.44)" providerName=docker
time="2024-01-22T08:58:31Z" level=debug msg="Filtering disabled container" container=traefik-crowdsec-bouncer-traefik-plugin-7a54733af5bf84ebe255789408f54d760eca99e70d7a00862f46b77987ec5cc6 providerName=docker
time="2024-01-22T08:58:31Z" level=debug msg="Filtering disabled container" providerName=docker container=crowdsec-crowdsec-bouncer-traefik-plugin-48b58711b1f80ab2bc80456b0eb2cbbbecca4066fb701c634144b46347c738a1
time="2024-01-22T08:58:31Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"router-bar\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"crowdsec-bar@docker\"],\"service\":\"service-bar\",\"rule\":\"Path(`/bar`)\"},\"router-foo\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"crowdsec-foo@docker\"],\"service\":\"service-foo\",\"rule\":\"Path(`/foo`)\"}},\"services\":{\"service-bar\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.2:80\"}],\"passHostHeader\":true}},\"service-foo\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.3:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"crowdsec-bar\":{\"plugin\":{\"bouncer\":{\"crowdseclapikey\":\"40796d93c2958f9e58345514e67740e5=\",\"enabled\":\"true\"}}},\"crowdsec-foo\":{\"plugin\":{\"bouncer\":{\"crowdseclapikey\":\"40796d93c2958f9e58345514e67740e5=\",\"enabled\":\"true\"}}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2024-01-22T08:58:31Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2024-01-22T08:58:31Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareType=TracingForwarder middlewareName=tracing
time="2024-01-22T08:58:31Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2024-01-22T08:58:31Z" level=debug msg="Creating middleware" middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T08:58:31Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2024-01-22T08:58:31Z" level=debug msg="Creating middleware" middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2024-01-22T08:58:31Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T08:58:31Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal entryPointName=traefik
time="2024-01-22T08:58:31Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2024-01-22T08:58:32Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2024-01-22T08:58:32Z" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining entryPointName=web routerName=router-bar@docker serviceName=service-bar
time="2024-01-22T08:58:32Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=router-bar@docker serviceName=service-bar
time="2024-01-22T08:58:32Z" level=debug msg="Creating server 0 http://172.18.0.2:80" serviceName=service-bar serverName=0 entryPointName=web routerName=router-bar@docker
time="2024-01-22T08:58:32Z" level=debug msg="child http://172.18.0.2:80 now UP"
time="2024-01-22T08:58:32Z" level=debug msg="Propagating new UP status"
time="2024-01-22T08:58:32Z" level=debug msg="Added outgoing tracing middleware service-bar" routerName=router-bar@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
time="2024-01-22T08:58:32Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=router-bar@docker middlewareName=crowdsec-bar@docker
time="2024-01-22T08:58:32Z" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining entryPointName=web routerName=router-foo@docker serviceName=service-foo
time="2024-01-22T08:58:32Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=router-foo@docker serviceName=service-foo
time="2024-01-22T08:58:32Z" level=debug msg="Creating server 0 http://172.18.0.3:80" routerName=router-foo@docker serviceName=service-foo serverName=0 entryPointName=web
time="2024-01-22T08:58:32Z" level=debug msg="child http://172.18.0.3:80 now UP"
time="2024-01-22T08:58:32Z" level=debug msg="Propagating new UP status"
time="2024-01-22T08:58:32Z" level=debug msg="Added outgoing tracing middleware service-foo" entryPointName=web routerName=router-foo@docker middlewareName=tracing middlewareType=TracingForwarder
time="2024-01-22T08:58:32Z" level=debug msg="Adding tracing to middleware" middlewareName=crowdsec-foo@docker entryPointName=web routerName=router-foo@docker
time="2024-01-22T08:58:32Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web
time="2024-01-22T08:58:32Z" level=debug msg="Added outgoing tracing middleware api@internal" routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2024-01-22T08:58:32Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T08:58:32Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix
time="2024-01-22T08:58:32Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
time="2024-01-22T08:58:32Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2024-01-22T08:58:32Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T08:58:32Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T08:58:32Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2024-01-22T09:08:31Z" level=warning msg="A new release has been found: 2.10.7. Please consider updating."
time="2024-01-22T09:08:43Z" level=debug msg="Provider event received {Status:die ID:f2eb5e8f59475dfe6a83d61e54183d85fe76cbfc4a3478bf343bd4a89c9b1ddc From:traefik/whoami Type:container Action:die Actor:{ID:f2eb5e8f59475dfe6a83d61e54183d85fe76cbfc4a3478bf343bd4a89c9b1ddc Attributes:map[com.docker.compose.config-hash:1d9670428e501540db04b42b79d1a0b90bfe135db92c12a2ad7452b2843515f3 com.docker.compose.container-number:1 com.docker.compose.depends_on: com.docker.compose.image:sha256:9807740ea1ff6522e8d61ee199243d524a9f39acdfe4d309a3a9176222ded850 com.docker.compose.oneoff:False com.docker.compose.project:crowdsec-bouncer-traefik-plugin com.docker.compose.project.config_files:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin/docker-compose.local.yml com.docker.compose.project.working_dir:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin com.docker.compose.service:whoami2 com.docker.compose.version:2.24.1 execDuration:806 exitCode:2 image:traefik/whoami name:simple-service-bar org.opencontainers.image.created:2023-07-12T14:02:18Z org.opencontainers.image.description:Tiny Go webserver that prints OS information and HTTP request to output org.opencontainers.image.documentation:https://github.com/traefik/whoami org.opencontainers.image.revision:87f25fc35b3e9051117dddfd11bbae5fbc986581 org.opencontainers.image.source:https://github.com/traefik/whoami org.opencontainers.image.title:whoami org.opencontainers.image.url:https://github.com/traefik/whoami org.opencontainers.image.version:1.10.1 traefik.enable:true traefik.http.middlewares.crowdsec-bar.plugin.bouncer.crowdseclapikey:40796d93c2958f9e58345514e67740e5= traefik.http.middlewares.crowdsec-bar.plugin.bouncer.enabled:true traefik.http.routers.router-bar.entrypoints:web traefik.http.routers.router-bar.middlewares:crowdsec-bar@docker traefik.http.routers.router-bar.rule:Path(`/bar`) traefik.http.services.service-bar.loadbalancer.server.port:80]} Scope:local Time:1705914523 TimeNano:1705914523051934632}" providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-crowdsec-bouncer-traefik-plugin-7a54733af5bf84ebe255789408f54d760eca99e70d7a00862f46b77987ec5cc6
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" providerName=docker container=crowdsec-crowdsec-bouncer-traefik-plugin-48b58711b1f80ab2bc80456b0eb2cbbbecca4066fb701c634144b46347c738a1
time="2024-01-22T09:08:43Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Provider event received {Status:die ID:74a54d211d7fcaf1053e54f2499c41e24661bef2fddb5bc73eaad8b904016ae7 From:traefik/whoami Type:container Action:die Actor:{ID:74a54d211d7fcaf1053e54f2499c41e24661bef2fddb5bc73eaad8b904016ae7 Attributes:map[com.docker.compose.config-hash:2d836820e1bc22630c50f628cc6963b85d2aad390955a51a70e2f696a8da8f95 com.docker.compose.container-number:1 com.docker.compose.depends_on: com.docker.compose.image:sha256:9807740ea1ff6522e8d61ee199243d524a9f39acdfe4d309a3a9176222ded850 com.docker.compose.oneoff:False com.docker.compose.project:crowdsec-bouncer-traefik-plugin com.docker.compose.project.config_files:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin/docker-compose.local.yml com.docker.compose.project.working_dir:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin com.docker.compose.service:whoami-foo com.docker.compose.version:2.24.1 execDuration:806 exitCode:2 image:traefik/whoami name:simple-service-foo org.opencontainers.image.created:2023-07-12T14:02:18Z org.opencontainers.image.description:Tiny Go webserver that prints OS information and HTTP request to output org.opencontainers.image.documentation:https://github.com/traefik/whoami org.opencontainers.image.revision:87f25fc35b3e9051117dddfd11bbae5fbc986581 org.opencontainers.image.source:https://github.com/traefik/whoami org.opencontainers.image.title:whoami org.opencontainers.image.url:https://github.com/traefik/whoami org.opencontainers.image.version:1.10.1 traefik.enable:true traefik.http.middlewares.crowdsec-foo.plugin.bouncer.crowdseclapikey:40796d93c2958f9e58345514e67740e5= traefik.http.middlewares.crowdsec-foo.plugin.bouncer.enabled:true traefik.http.routers.router-foo.entrypoints:web traefik.http.routers.router-foo.middlewares:crowdsec-foo@docker traefik.http.routers.router-foo.rule:Path(`/foo`) traefik.http.services.service-foo.loadbalancer.server.port:80]} Scope:local Time:1705914523 TimeNano:1705914523146452856}" providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-crowdsec-bouncer-traefik-plugin-7a54733af5bf84ebe255789408f54d760eca99e70d7a00862f46b77987ec5cc6
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" providerName=docker container=crowdsec-crowdsec-bouncer-traefik-plugin-48b58711b1f80ab2bc80456b0eb2cbbbecca4066fb701c634144b46347c738a1
time="2024-01-22T09:08:43Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2024-01-22T09:08:43Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2024-01-22T09:08:43Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder routerName=dashboard@internal entryPointName=traefik middlewareName=tracing
time="2024-01-22T09:08:43Z" level=debug msg="Creating middleware" middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2024-01-22T09:08:43Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
time="2024-01-22T09:08:43Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex
time="2024-01-22T09:08:43Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex
time="2024-01-22T09:08:43Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal entryPointName=traefik
time="2024-01-22T09:08:43Z" level=debug msg="Creating middleware" middlewareType=Recovery middlewareName=traefik-internal-recovery entryPointName=traefik
time="2024-01-22T09:08:43Z" level=debug msg="Provider event received {Status:start ID:3465ef2bb99da683101ef56c43ba12743892e3bb0688d8a53106f4471cb3ed0b From:traefik/whoami Type:container Action:start Actor:{ID:3465ef2bb99da683101ef56c43ba12743892e3bb0688d8a53106f4471cb3ed0b Attributes:map[com.docker.compose.config-hash:12d1dbf7de4b82386b5d563f01bd69290eaebd6b3f3246cb1b3399a1df604174 com.docker.compose.container-number:1 com.docker.compose.depends_on: com.docker.compose.image:sha256:9807740ea1ff6522e8d61ee199243d524a9f39acdfe4d309a3a9176222ded850 com.docker.compose.oneoff:False com.docker.compose.project:crowdsec-bouncer-traefik-plugin com.docker.compose.project.config_files:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin/docker-compose.local.yml com.docker.compose.project.working_dir:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin com.docker.compose.replace:f2eb5e8f59475dfe6a83d61e54183d85fe76cbfc4a3478bf343bd4a89c9b1ddc com.docker.compose.service:whoami2 com.docker.compose.version:2.24.1 image:traefik/whoami name:simple-service-bar org.opencontainers.image.created:2023-07-12T14:02:18Z org.opencontainers.image.description:Tiny Go webserver that prints OS information and HTTP request to output org.opencontainers.image.documentation:https://github.com/traefik/whoami org.opencontainers.image.revision:87f25fc35b3e9051117dddfd11bbae5fbc986581 org.opencontainers.image.source:https://github.com/traefik/whoami org.opencontainers.image.title:whoami org.opencontainers.image.url:https://github.com/traefik/whoami org.opencontainers.image.version:1.10.1 traefik.enable:true traefik.http.middlewares.crowdsec-bar.plugin.bouncer.crowdseclapikey:40796d93c2958f9e58345514e67740e5= traefik.http.middlewares.crowdsec-bar.plugin.bouncer.enabled:true traefik.http.routers.router-bar.entrypoints:web traefik.http.routers.router-bar.middlewares:crowdsec-bar@docker traefik.http.routers.router-bar.rule:PathPrefix(`/bar`) traefik.http.services.service-bar.loadbalancer.server.port:80]} Scope:local Time:1705914523 TimeNano:1705914523783818224}" providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" container=traefik-crowdsec-bouncer-traefik-plugin-7a54733af5bf84ebe255789408f54d760eca99e70d7a00862f46b77987ec5cc6 providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" providerName=docker container=crowdsec-crowdsec-bouncer-traefik-plugin-48b58711b1f80ab2bc80456b0eb2cbbbecca4066fb701c634144b46347c738a1
time="2024-01-22T09:08:43Z" level=debug msg="Provider event received {Status:start ID:91c998b3049d25d29b3a8a7bd3a805b865e8807891d64cf73786ce086543c736 From:traefik/whoami Type:container Action:start Actor:{ID:91c998b3049d25d29b3a8a7bd3a805b865e8807891d64cf73786ce086543c736 Attributes:map[com.docker.compose.config-hash:5873a543a73786aef2cbc65dbcc346b3b0bd940615596e2546a48ea5c82093b9 com.docker.compose.container-number:1 com.docker.compose.depends_on: com.docker.compose.image:sha256:9807740ea1ff6522e8d61ee199243d524a9f39acdfe4d309a3a9176222ded850 com.docker.compose.oneoff:False com.docker.compose.project:crowdsec-bouncer-traefik-plugin com.docker.compose.project.config_files:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin/docker-compose.local.yml com.docker.compose.project.working_dir:/home/mhx/projects/docker/crowdsec-bouncer-traefik-plugin com.docker.compose.replace:74a54d211d7fcaf1053e54f2499c41e24661bef2fddb5bc73eaad8b904016ae7 com.docker.compose.service:whoami-foo com.docker.compose.version:2.24.1 image:traefik/whoami name:simple-service-foo org.opencontainers.image.created:2023-07-12T14:02:18Z org.opencontainers.image.description:Tiny Go webserver that prints OS information and HTTP request to output org.opencontainers.image.documentation:https://github.com/traefik/whoami org.opencontainers.image.revision:87f25fc35b3e9051117dddfd11bbae5fbc986581 org.opencontainers.image.source:https://github.com/traefik/whoami org.opencontainers.image.title:whoami org.opencontainers.image.url:https://github.com/traefik/whoami org.opencontainers.image.version:1.10.1 traefik.enable:true traefik.http.middlewares.crowdsec-foo.plugin.bouncer.crowdseclapikey:40796d93c2958f9e58345514e67740e5= traefik.http.middlewares.crowdsec-foo.plugin.bouncer.enabled:true traefik.http.routers.router-foo.entrypoints:web traefik.http.routers.router-foo.middlewares:crowdsec-foo@docker traefik.http.routers.router-foo.rule:PathPrefix(`/foo`) traefik.http.services.service-foo.loadbalancer.server.port:80]} Scope:local Time:1705914523 TimeNano:1705914523784911166}" providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" container=traefik-crowdsec-bouncer-traefik-plugin-7a54733af5bf84ebe255789408f54d760eca99e70d7a00862f46b77987ec5cc6 providerName=docker
time="2024-01-22T09:08:43Z" level=debug msg="Filtering disabled container" providerName=docker container=crowdsec-crowdsec-bouncer-traefik-plugin-48b58711b1f80ab2bc80456b0eb2cbbbecca4066fb701c634144b46347c738a1
time="2024-01-22T09:08:45Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"router-bar\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"crowdsec-bar@docker\"],\"service\":\"service-bar\",\"rule\":\"PathPrefix(`/bar`)\"},\"router-foo\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"crowdsec-foo@docker\"],\"service\":\"service-foo\",\"rule\":\"PathPrefix(`/foo`)\"}},\"services\":{\"service-bar\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.2:80\"}],\"passHostHeader\":true}},\"service-foo\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.3:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"crowdsec-bar\":{\"plugin\":{\"bouncer\":{\"crowdseclapikey\":\"40796d93c2958f9e58345514e67740e5=\",\"enabled\":\"true\"}}},\"crowdsec-foo\":{\"plugin\":{\"bouncer\":{\"crowdseclapikey\":\"40796d93c2958f9e58345514e67740e5=\",\"enabled\":\"true\"}}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2024-01-22T09:08:45Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2024-01-22T09:08:45Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=web routerName=router-foo@docker serviceName=service-foo middlewareName=pipelining
time="2024-01-22T09:08:45Z" level=debug msg="Creating load-balancer" routerName=router-foo@docker serviceName=service-foo entryPointName=web
time="2024-01-22T09:08:45Z" level=debug msg="Creating server 0 http://172.18.0.3:80" serviceName=service-foo serverName=0 entryPointName=web routerName=router-foo@docker
time="2024-01-22T09:08:45Z" level=debug msg="child http://172.18.0.3:80 now UP"
time="2024-01-22T09:08:45Z" level=debug msg="Propagating new UP status"
time="2024-01-22T09:08:45Z" level=debug msg="Added outgoing tracing middleware service-foo" middlewareName=tracing middlewareType=TracingForwarder routerName=router-foo@docker entryPointName=web
time="2024-01-22T09:08:45Z" level=debug msg="Adding tracing to middleware" middlewareName=crowdsec-foo@docker entryPointName=web routerName=router-foo@docker
time="2024-01-22T09:08:45Z" level=debug msg="Creating middleware" routerName=router-bar@docker serviceName=service-bar middlewareName=pipelining middlewareType=Pipelining entryPointName=web
time="2024-01-22T09:08:45Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=router-bar@docker serviceName=service-bar
time="2024-01-22T09:08:45Z" level=debug msg="Creating server 0 http://172.18.0.2:80" serverName=0 entryPointName=web routerName=router-bar@docker serviceName=service-bar
time="2024-01-22T09:08:45Z" level=debug msg="child http://172.18.0.2:80 now UP"
time="2024-01-22T09:08:45Z" level=debug msg="Propagating new UP status"
time="2024-01-22T09:08:45Z" level=debug msg="Added outgoing tracing middleware service-bar" entryPointName=web routerName=router-bar@docker middlewareName=tracing middlewareType=TracingForwarder
time="2024-01-22T09:08:45Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=router-bar@docker middlewareName=crowdsec-bar@docker
time="2024-01-22T09:08:45Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2024-01-22T09:08:45Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2024-01-22T09:08:45Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal middlewareName=tracing
time="2024-01-22T09:08:45Z" level=debug msg="Creating middleware" middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2024-01-22T09:08:45Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2024-01-22T09:08:45Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T09:08:45Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik
time="2024-01-22T09:08:45Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2024-01-22T09:08:45Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=traefik
time="2024-01-22T09:08:52Z" level=debug msg="http: superfluous response.WriteHeader call from github.com/traefik/traefik/v2/pkg/middlewares/capture.(*captureResponseWriter).WriteHeader (capture.go:184)"
time="2024-01-22T09:08:52Z" level=debug msg="Request has been aborted [172.18.0.1:59396 - /bar1]: net/http: abort Handler" middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2024-01-22T09:08:56Z" level=debug msg="http: superfluous response.WriteHeader call from github.com/traefik/traefik/v2/pkg/middlewares/capture.(*captureResponseWriter).WriteHeader (capture.go:184)"
time="2024-01-22T09:08:56Z" level=debug msg="Request has been aborted [172.18.0.1:59400 - /bar/rpc2]: net/http: abort Handler" middlewareType=Recovery middlewareName=traefik-internal-recovery
``
in debug mode:

time="2024-01-22T09:34:00Z" level=debug msg="Added outgoing tracing middleware service-bar" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=router-bar@docker
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 No IP provided for ForwardedHeadersTrustedIPs
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 No IP provided for ClientTrustedIPs
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 New initialized mode:live
time="2024-01-22T09:34:00Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=router-bar@docker middlewareName=crowdsec-bar@docker
time="2024-01-22T09:34:00Z" level=debug msg="Creating middleware" routerName=router-foo@docker entryPointName=web serviceName=service-foo middlewareName=pipelining middlewareType=Pipelining
time="2024-01-22T09:34:00Z" level=debug msg="Creating load-balancer" routerName=router-foo@docker entryPointName=web serviceName=service-foo
time="2024-01-22T09:34:00Z" level=debug msg="Creating server 0 http://172.18.0.3:80" serviceName=service-foo routerName=router-foo@docker entryPointName=web serverName=0
time="2024-01-22T09:34:00Z" level=debug msg="child http://172.18.0.3:80 now UP"
time="2024-01-22T09:34:00Z" level=debug msg="Propagating new UP status"
time="2024-01-22T09:34:00Z" level=debug msg="Added outgoing tracing middleware service-foo" entryPointName=web routerName=router-foo@docker middlewareName=tracing middlewareType=TracingForwarder
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 No IP provided for ForwardedHeadersTrustedIPs
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 No IP provided for ClientTrustedIPs
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:00 New initialized mode:live
time="2024-01-22T09:34:00Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=router-foo@docker middlewareName=crowdsec-foo@docker
time="2024-01-22T09:34:00Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web
time="2024-01-22T09:34:00Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal middlewareName=tracing
time="2024-01-22T09:34:00Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix
time="2024-01-22T09:34:00Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2024-01-22T09:34:00Z" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik
time="2024-01-22T09:34:00Z" level=debug msg="Setting up redirection from ^(http:\/\/(\[[\w:.]+\]|[\w\._-]+)(:\d+)?)\/$ to ${1}/dashboard/" middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2024-01-22T09:34:00Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2024-01-22T09:34:00Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareType=TracingForwarder routerName=api@internal entryPointName=traefik middlewareName=tracing
time="2024-01-22T09:34:00Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=traefik
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:08 ServeHTTP ip:172.18.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:08 cache:GetDecision ip:172.18.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:08 ServeHTTP:getDecision ip:172.18.0.1 isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:34:08 cache:SetDecision ip:172.18.0.1 isBanned:false duration:60s

@mathieuHa
Copy link
Collaborator

mathieuHa commented Jan 22, 2024
edited

After enabling appsec, first call looks blocked but then something weird happen and logs are not "normal"

DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:38 ServeHTTP ip:172.18.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:38 cache:GetDecision ip:172.18.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:38 ServeHTTP:getDecision ip:172.18.0.1 isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:38 cache:SetDecision ip:172.18.0.1 isBanned:false duration:60s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:38 handleNextServeHTTP ip:172.18.0.1 isWaf:true appsecQuery statusCode:403
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:49 ServeHTTP ip:172.18.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:49 cache:GetDecision ip:172.18.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:49 ServeHTTP ip:172.18.0.1 cache:hit isBanned:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:49 handleNextServeHTTP ip:172.18.0.1 isWaf:true appsecQuery statusCode:403
time="2024-01-22T09:37:49Z" level=debug msg="http: superfluous response.WriteHeader call from github.com/traefik/traefik/v2/pkg/middlewares/capture.(*captureResponseWriter).WriteHeader (capture.go:184)"
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:56 ServeHTTP ip:172.18.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:56 cache:GetDecision ip:172.18.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:56 ServeHTTP ip:172.18.0.1 cache:hit isBanned:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:56 handleNextServeHTTP ip:172.18.0.1 isWaf:true appsecQuery statusCode:403
time="2024-01-22T09:37:56Z" level=debug msg="http: superfluous response.WriteHeader call from github.com/traefik/traefik/v2/pkg/middlewares/capture.(*captureResponseWriter).WriteHeader (capture.go:184)"
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:58 ServeHTTP ip:172.18.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:58 cache:GetDecision ip:172.18.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:58 ServeHTTP ip:172.18.0.1 cache:hit isBanned:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/01/22 09:37:58 handleNextServeHTTP ip:172.18.0.1 isWaf:true appsecQuery statusCode:403
time="2024-01-22T09:37:58Z" level=debug msg="http: superfluous response.WriteHeader call from github.com/traefik/traefik/v2/pkg/middlewares/capture.(*captureResponseWriter).WriteHeader (capture.go:184)

@mathieuHa mathieuHa dismissed their stale review January 24, 2024 13:10

All checked

@mathieuHa mathieuHa merged commit b68c692 into main Jan 24, 2024
15 checks passed
@maxlerebourg maxlerebourg deleted the 122-feature-appsec-integration branch April 4, 2024 05:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mathieuHa mathieuHa mathieuHa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FEATURE] AppSec Integration
2 participants
@maxlerebourg @mathieuHa