Contrib.social

Error ::1 has been banned

Open on Drupal.org →
Created on 1 February 2023, almost 2 years ago

In my local development environment, I get the error "::1 has been banned" with crowdsec enabled.
My local environment is
- Ubuntu 22.04,
- Apache 2.4.52 with virtual host definition
- PHP 8.1.14

🐛 Bug report
Status

Active

Version

1.0

Component

Code

Created by

🇩🇪Germany joergM

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @joergM
  • Comment almost 2 years ago
    🇩🇪Germany jurgenhaas Gottmadingen

    Sorry @joergM for my late response.

    This is not a bug, this is how this is supposed to be working. It tells us (a) that your local environment works with IPv6 and (b) that something is creating too many 4xx requests to the site, which is recognized as malicious behaviour and the IP therefore gets banned for a period of time.

    You can turn off the "whisper" monitoring in the crowdsec settings, if you don't bother about such behaviour. However, it is a pretty good feature to keep such requests away from your website, e.g. if somebody is testing all those /wp-* paths.

    Good practice seems to be, to only use the crowdsec module in production and not in local development environments, because there it is fairly expected that you get 4xx requests. Or you could use the config_split module and with that keep crowdsec enabled but disable the whisper module locally.

  • Status changed to Postponed: needs info almost 2 years ago
  • Comment almost 2 years ago
    🇩🇪Germany jurgenhaas Gottmadingen

    @joergM what's the status on this?

  • Comment 8 days ago
    🇭🇺Hungary aron novak Hungary, Budapest

    I think this is generally valid that non-public addresses should not be included in the business logic of this module.
    We needed to solve it for the sake of our automated tests.
    And I am sure crowdsec must be enabled during the tests. If ever it would cause a crash somewhere, the test suite of the site must be aware of that.
    Will provide a MR soon.

  • Merge request !5Exclude private IPs generally → (Closed) created by aron novak
  • Comment 8 days ago
    🇭🇺Hungary aron novak Hungary, Budapest

    If the MR is in good direction, we can extend it to handle IPv6, loopback and so on.

  • Comment 8 days ago
    🇭🇺Hungary aron novak Hungary, Budapest

    Of course we can make it configurable.

  • Comment 7 days ago
    🇩🇪Germany jurgenhaas Gottmadingen

    Thanks @aron novak for your contribution. However, I'm not in favour of such exceptions. If the whisper feature should not be used in either development or test environments, then use $config['crowdsec.settings']['whisper']['enable'] = 0; in the settings.php of that environment. That will do the same thing: 4xx requests will not be banned, and in those environments you won't receive external requests anyway, so there's no point in having that whisper handling enabled there.

    Specifically to the question of local IP addresses, that's nowadays very hard to determine. From the regex in the MR I can tell at least 2 issues: 10.x addresses are also used as public addresses by some IPs since the IPv4 shortage and Docker environments are also using 169.x address ranges. But that's only 2 examples where this would fail. We should assume that there are so many more.

    But it's not only hard to determine private address ranges, it's also not necessary if you turn off whispering where it's not required.

  • Comment 7 days ago
    System Message
  • Comment 7 days ago
    🇭🇺Hungary aron novak Hungary, Budapest

    I agree that `$config['crowdsec.settings']['whisper']['enable'] = 0;` should be fine in these cases.
    There was one robustness improvement in the MR that's still valuable, I'll propose that separately.
    Going to set back the status where it was originally.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024