Skip to content

Commit

Permalink
exit with ngx.DECLINED when the request is allowed (#62)
Browse files Browse the repository at this point in the history
  • Loading branch information
blotus authored Feb 6, 2024
1 parent 0e4983a commit 26e9c0c
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions lib/crowdsec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -569,11 +569,11 @@ end

function csmod.Allow(ip)
if runtime.conf["ENABLED"] == "false" then
return "Disabled", nil
ngx.exit(ngx.DECLINED)
end

if ngx.req.is_internal() then
return
ngx.exit(ngx.DECLINED)
end

local remediationSource = flag.BOUNCER_SOURCE
Expand All @@ -583,7 +583,7 @@ function csmod.Allow(ip)
for k, v in pairs(runtime.conf["EXCLUDE_LOCATION"]) do
if ngx.var.uri == v then
ngx.log(ngx.ERR, "whitelisted location: " .. v)
return
ngx.exit(ngx.DECLINED)
end
local uri_to_check = v
if utils.ends_with(uri_to_check, "/") == false then
Expand Down Expand Up @@ -667,8 +667,7 @@ function csmod.Allow(ip)
end
-- captcha is valid, we redirect the IP to its previous URI but in GET method
ngx.req.set_method(ngx.HTTP_GET)
ngx.redirect(previous_uri)
return
return ngx.redirect(previous_uri)
else
ngx.log(ngx.ALERT, "Invalid captcha from " .. ip)
end
Expand Down Expand Up @@ -708,9 +707,11 @@ function csmod.Allow(ip)
ngx.log(ngx.ERR, "Lua shared dict (crowdsec cache) is full, please increase dict size in config")
end
ngx.log(ngx.ALERT, "[Crowdsec] denied '" .. ip .. "' with '"..remediation.."'")
return
end
end
end
ngx.exit(ngx.DECLINED)
end


Expand Down

0 comments on commit 26e9c0c

Please sign in to comment.