hub icon indicating copy to clipboard operation
hub copied to clipboard
verified publisher icon crowdsecurity

crowdsecurity/jellyfin-whitelist needs to include http code 204 for /Sessions/Playing/Progress to remove False Positive

Open LePresidente opened this issue 9 months ago • 1 comments

Describe the bug Jellyfin returns 204 instead of 403 in the current whitelist for /Sessions/Playing/Progress path causing crowdsecurity/http-probing to ban client

To Reproduce Run client against jellyfin server

Expected behavior The above should not cause a ban

LePresidente avatar Mar 13 '25 04:03 LePresidente

I don't think adding HTTP status code 204 to the whitelist is needed. Looking at the http-probing filter, it only looks at requests that have an HTTP status code of 404, 403, or 400. So Jellyfin returning 204 on that endpoint can't cause http-probing to trigger, but Jellyfin returning 403 could which is already captured by the whitelist. Are you sure Jellyfin returning 204 on that endpoint is causing http-probing to trigger and not something else?

Copied from current http-probing scenario below for reference:

filter: "evt.Meta.service == 'http' && evt.Meta.http_status in ['404', '403', '400'] && evt.Parsed.static_ressource == 'false'"

Jgigantino31 avatar Jul 16 '25 14:07 Jgigantino31