CrowdSec - lightweight and collaborative security engine

Hi, I’m closing this issue. Happy to continue the conversation here or elsewhere.

Hi,
I just tested with Lite Speed Cache (not connected to any external cloud service and using the Essentials presets).

I tested to access a cached page with a banned IP and the ban wall has been displayed. Thus, it seems to be working without the need of enabling auto_prepend mode.

Maybe there are other advanced settings with the Lite Speed Cache plugin that could break the process but this basic check works as expected.

Thanks

Thinking back to your problem, I think the ban you got even without an active decision came from a previously cached decision.

But then, only an analysis of your logs and your configuration could have told us.

I hope it will be better with individual installations.

Thanks.

Hi,

I just realized that I did not understand your initial message correctly.
Sorry for that.

This plugin has not been tested with a WordPress “MultiSite feature” installation. And I guess it is not supported. Some users have already multiple WordPress connected to one single CrowdSec agent but they are using individual WordPress sites with a Bouncer plugin for each site (cache can be shared with Redis for example and it is possible to use the same bouncer key)

Considering your last issue : “ban wall is not displayed whereas a ban remediation is logged“, I wasn’t able to test the LiteSpeed cache as it seems to be required to register for some external service. If you can test to disable it and see if this is better, it could help us.

For now, I am not sure if the issue comes from this Cache plugin or from a MultiSite installation (or from something else …).

• If this is a Multisite issue:

I can’t tell if or when we will be able to work on a MultiSite support. There is a feature request for it but I have no idea on the time it will take to add this support. As you mentionned, there is only one static file created for the auto_prepend mode, thus this will be maybe be a part of the work.

• If this is a Lite Speed compatibility issue
  
  If this is the same kind of problem that we had with the WP Super Cache plugin, the problem is that those kind plugin bypasses all the plugin loading process and serves the cached content. One can consider that not bouncing cached content is not a real issue. Uncached content (form POST …) should be still protected. But if showing a ban/captcha wall is really wanted, the auto_prepend mode seems to be the only way to act before such Cache plugins.
  
  
  Thanks again.
  
  

Hi,
Thanks for your reply.

I will close this issue.

But, for information: bouncer does not ban any IP. Bouncer just applies decisions.

cscli decisions list shows only decisions manually added.

To get all decisions (even those pulled from the community shared data), you could try cscli decisions list --all

Thanks

Hi,

I just realized that I did not understand your initial message correctly.

I was not aware of this Multisite feature you are talking about.

And as it just happened a feature request about this : https://github.com/crowdsecurity/cs-wordpress-bouncer/issues/128
I just realized my mistake. Sorry about that.

Well, I guess now that this plugin does not support this Multisite feature for now.

If you make new tests with the new version of the plugin, do not hesitate to tell me what you notice.

I think that the compatibility with MultiSite will require a lot of work, but it is something that should be possible one day.

We’ll take a closer look, and I’ll get back to you if there’s any news.

Thanks again.

Hi,
I just released a new 2.0.3 version of the plugin : I guess that won’t solve your problem, but there are more debug messages (about what the bouncer will try to show after the remediation has been recovered).

Maybe it could help us.

Thanks.

• This reply was modified 2 years, 1 month ago by CrowdSec - lightweight and collaborative security engine.

Could you test to disable LSCache ?

If the html is cached before bouncing can act, then I guess it could lead to your issue.

We had the same issue with WP Super Cache plugin : https://github.com/crowdsecurity/cs-wordpress-bouncer/blob/main/docs/USER_GUIDE.md#auto-prepend-file-mode

I did not test with LSCache but, for the WP Cache plugin, a solution was to use the auto-prepend-file mode (see the above link to).

Please let me know.

Thanks

Hi,
Indeed, logs are showing that the cached remediation is a “ban”.
And, as you are in stream mode and your bouncing level is “normal”, you should then see a ban wall (if you access the website with the “IP Redacted IP”).

Do you still have any cache plugin enabled ?

Thanks

Hi,
Looking at your PHP errors, I understood what could possibly happen.

I released a new 2.0.2 version of the plugin with a fix for your issue.

Please let me know if it is ok with this new release.

Thanks

Ok!

So it seems to work as expected now.

For information, the cURL call does not depend on any WordPress plugin or cache settings, so it’s weird that it works now (returns null if there is no decision for the tested IP) and wasn’t before (returns nothing).

I let this issue open if you find something new ??

I will close it later.

Thanks

I close this one ??

Hi,
I think we should try to make the Live mode work first (Stream Mode off).

The cURL test is a good start :
1) Create a fake decision for some IP : cscli decisions add --ip 1.2.3.4 --duration 2h --type ban

2) This cURL call should retrieve a result:
curl -H "X-Api-Key: ***" https://localhost:8080/v1/decisions?ip=1.2.3.4

You should have a result like:
[{"duration":"1h59m17.846736476s","id":1,"origin":"cscli","scenario":"manual 'ban' ","scope":"Ip","type":"ban","value":"1.2.3.4"}]

If not, there is something wrong with the crowdsec agent.

If you have a result, we will have to find what is going wrong with the plugin.

Please try the “Test Connection” button (Stream Mode OFF) and see if you have a result or some error in logs. If there is no logs in the plugin log directory, maybe you could find something interestion in the apache logs or nginx logs (depending on what you are using).

Thanks

Hi,
Thanks for your message.

As far as I understand, it should work with the same key for all your wordpress sites. (We already have some users using the same key for multiple WorpPress sites)

Do you have more details on the error “There’s been a critical error on this website.” . May be there is some useful log somewhere that will tell us what is wrong on the sub domain site.

You can also try to generate a key with another bouncer name (the bouncer name is not important for the plugin):
cscli bouncers add wordpress-bouncer-2 or cscli bouncers add the-name-you-want

Thanks

Hi,

Thanks for you message.

Yes, you should see a message saying if bouncing has been executed succesfully or not.

I guess (as in your Stream Mode Error issue ), that something goes wrong with your request.

As in the Stream Mode Error issue, I suggest you to try with Curl and also to enable the debug log (Advanced -> Enable debug mode)

Thanks