crowdsecurity
Update crowdsec.lua
This commit makes ban decisions more important than captcha descisions for a single IP in live mode.
Hey thank you for your PR if we want to give priority to ban decisions could we break earlier?
core.Debug("Checking all decisions for ip="..source_ip)
for i, decision in pairs(decisions) do
--parse all decisions for that ip
decisType = decision.type
if decision.type == "ban" then
core.Debug("Ban descision found")
break
end
core.Debug("Captcha descision found")
--priority to ban decision
core.msleep(1)
end
however, I ask the team input on this as the bouncer is not respecting the order or decisions made.
Hi,
Sure we could break earlier, thanks for the optimization :)
The decisions returned by LAPI using http://[LAPI_URL]/v1/decisions?ip=176.172.45.172 are ordered from earlier to last :
[ { "duration": "1h56m40.30511709s", "id": 12033439, "origin": "crowdsec", "scenario": "xxx/xxx-baduser-captcha", "scope": "Ip", "type": "captcha", "value": "176.172.45.172" }, { "duration": "3h59m46.163659811s", "id": 12033440, "origin": "crowdsec", "scenario": "xxx/xxx-baduser-ban", "scope": "Ip", "type": "ban", "value": "176.172.45.172" } ]
So the captcha type is kept in the original code.
I don't think that's a good idea either to keep the last decision (can be a captcha) because in my mind a ban is more important than a captcha.
The decisions returned by LAPI using http://[LAPI_URL]/v1/decisions?ip=176.172.45.172 are ordered from earlier to last :
Cause technically just using HAproxy can trigger mutilple ban scenarios EG user keeps crawling getting 401,403 response codes and keep triggering ban after ban. Since we already know they have an existing ban we can exit earlier and not have to loop over many decisions
Apologies for the delay, asking @AlteredCoder or @nitescuc for a second pair of 👀 then we can merge