calibre-web icon indicating copy to clipboard operation
calibre-web copied to clipboard

Published 20 hours ago verified publisher icon janeczku

Triggering Crowdsec decisions

Open Typhonragewind opened this issue 2 years ago • 1 comments

Describe the bug/problem This is not a problem per se of CalibreWeb, but i'm reporting this issue here in case there are ways on your end to tackle it that you may wish to implement in the future.

I have calibreweb exposed to the internet over a Nginx reverse proxy which recently got protected by CrowdSec (https://crowdsec.net/), which detects malicious behaviours by log parsing. Ever since i installed it, many times when I open my calibreweb instance, the IP from which i'm accessing it gets banned because CrowdSec thinks it is crawling non-static assets.

image

This is probably due to the fast loading of cover images, though CrowdSec doesn't seem to take issue with Jellyfin or PhotoPrism, which also quickly load many image assets.

Environment (please complete the following information):

  • OS: [Ubuntu 20]
  • Calibre-Web version: [0.6.18]:
  • Docker container: [LinuxServer]:
  • Browser: [Firefox 100]

Typhonragewind avatar May 20 '22 11:05 Typhonragewind

I found out with the help from the CrowdSec team that the cause of this is that the GET requests for covers (such as "/cover/727" for example) are not treated as static files as they have no extension or other indication.

Typhonragewind avatar Jun 02 '22 12:06 Typhonragewind