bunkerweb icon indicating copy to clipboard operation
bunkerweb copied to clipboard
verified publisher icon bunkerity

[BUG] resty.lock / mlcache error in set_by_lua* context triggered by unknown requests to suspicious domain

Open jojolll opened this issue 5 months ago • 0 comments

What happened?

Hi,

I'm seeing repeated errors in BunkerWeb related to resty.lock and resty.mlcache, specifically when used within a set_by_lua* block. The logs mention that ngx.sleep() is not allowed in this context, which causes failures during mlcache:get().

How to reproduce?

These errors are being triggered by requests coming from a suspicious-looking domain: 2fc06050-f2ff-43f5-9fd3-ac219b1036e7.domain.cf

Note: This is not the root domain I actively use in my BunkerWeb configuration, but the DNS points to my server IP. I don’t know the exact nature of the requests — they might be malicious or just malformed — but they consistently trigger this error.

I'm not sure if this behavior is expected or if there's something misconfigured. Just opening this issue in case there's something that can or should be handled differently.

Configuration file(s) (yaml or .env)

Relevant log output

2025/08/07 17:44:10 [error] 179241#179241: *368728 failed to run set_by_lua*: /usr/share/bunkerweb/deps/lib/lua/resty/lock.lua:154: API disabled in the context of set_by_lua*
stack traceback:
    [C]: in function 'sleep'
    /usr/share/bunkerweb/deps/lib/lua/resty/lock.lua:154: in function 'lock'
    /usr/share/bunkerweb/deps/lib/lua/resty/mlcache.lua:730: in function 'get'
    /usr/share/bunkerweb/lua/bunkerweb/cachestore.lua:107: in function 'get'
    set_by_lua(default-server-http/whitelist.conf:3):62: in main chunk, client: 162.158.179.30, server: _, request: "GET /syn/ HTTP/1.1", host: "2fc06050-f2ff-43f5-9fd3-ac219b1036e7.domain.cf", referrer: "http://2fc06050-f2ff-43f5-9fd3-ac219b1036e7.domain.cf/syn/"

2025/08/07 17:44:28 [error] 179240#179240: *368912 failed to run set_by_lua*: /usr/share/bunkerweb/deps/lib/lua/resty/lock.lua:154: API disabled in the context of set_by_lua*
stack traceback:
    [C]: in function 'sleep'
    /usr/share/bunkerweb/deps/lib/lua/resty/lock.lua:154: in function 'lock'
    /usr/share/bunkerweb/deps/lib/lua/resty/mlcache.lua:730: in function 'get'
    /usr/share/bunkerweb/lua/bunkerweb/cachestore.lua:107: in function 'get'
    set_by_lua(default-server-http/whitelist.conf:3):62: in main chunk, client: 172.71.215.127, server: _, request: "GET /web/ HTTP/2.0", host: "2fc06050-f2ff-43f5-9fd3-ac219b1036e7.domain.cf", referrer: "https://2fc06050-f2ff-43f5-9fd3-ac219b1036e7.domain.cf/web/"

BunkerWeb version

1.6.3

What integration are you using?

Linux

Linux distribution (if applicable)

Debian VM

Removed private data

  • [x] I have removed all private data from the configuration file and the logs

Code of Conduct

  • [x] I agree to follow this project's Code of Conduct

jojolll avatar Aug 07 '25 15:08 jojolll