Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Middleware never responds to client #8

Open
KetchupBomb opened this issue Jan 6, 2025 · 0 comments
Open

Middleware never responds to client #8

KetchupBomb opened this issue Jan 6, 2025 · 0 comments

Comments

@KetchupBomb
Copy link

Working without plugin

services:
  whoami:
    command:
      - --verbose
    image: traefik/whoami
    labels:
      traefik.enable: "true"
      traefik.http.routers.http.entrypoints: http
      # traefik.http.routers.http.middlewares: badbotblocker
      traefik.http.routers.http.rule: PathPrefix(`/whoami`)

  traefik:
    command:
      - --entrypoints.http.address=:80
      - --experimental.plugins.traefik-ultimate-bad-bot-blocker.modulename=github.com/discoverygarden/traefik-ultimate-bad-bot-blocker
      - --experimental.plugins.traefik-ultimate-bad-bot-blocker.version=v0.2.0
      - --log.level=INFO
      - --providers.docker.exposedbydefault=false
    image: traefik
    labels:
      traefik.enable: "true"
      traefik.http.middlewares.badbotblocker.plugin.traefik-ultimate-bad-bot-blocker.ipblocklisturls: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/refs/heads/master/_generator_lists/bad-ip-addresses.list
      traefik.http.middlewares.badbotblocker.plugin.traefik-ultimate-bad-bot-blocker.loglevel: DEBUG
      traefik.http.middlewares.badbotblocker.plugin.traefik-ultimate-bad-bot-blocker.useragentblocklisturls: https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list
    ports:
      - 81:80
      - 444:443
    volumes:
      - /docker/traefik/data/plugins-storage:/plugins-storage
      - /var/run/docker.sock:/var/run/docker.sock:ro
Traefik startup log 
2025-01-05T22:51:32-08:00 INF Traefik version 3.2.3 built on 2024-12-16T10:31:50Z version=3.2.3
2025-01-05T22:51:32-08:00 INF 
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://doc.traefik.io/traefik/contributing/data-collection/
2025-01-05T22:51:32-08:00 INF Loading plugins... plugins=["traefik-ultimate-bad-bot-blocker"]
2025-01-05T22:51:34-08:00 INF Plugins loaded. plugins=["traefik-ultimate-bad-bot-blocker"]
2025-01-05T22:51:34-08:00 INF Starting provider aggregator *aggregator.ProviderAggregator
2025-01-05T22:51:34-08:00 INF Starting provider *traefik.Provider
2025-01-05T22:51:34-08:00 INF Starting provider *acme.ChallengeTLSALPN
2025-01-05T22:51:34-08:00 INF Starting provider *docker.Provider
Working HTTP request 
$ curl -vs localhost:81/whoami
*   Trying 127.0.0.1:81...
* Connected to localhost (127.0.0.1) port 81 (#0)
> GET /whoami HTTP/1.1
> Host: localhost:81
> User-Agent: curl/7.81.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Length: 431
< Content-Type: text/plain; charset=utf-8
< Date: Mon, 06 Jan 2025 06:56:24 GMT
< 
Hostname: whoami
IP: 127.0.0.1
IP: ::1
IP: 192.168.223.66
RemoteAddr: 192.168.223.7:36100
GET /whoami HTTP/1.1
Host: localhost:81
User-Agent: curl/7.81.0
Accept: */*
Accept-Encoding: gzip
Traceparent: 00-d44a3cae4ea8888a3e4f49b082efe6f8-e9d9158c416dc4d4-01
X-Forwarded-For: 192.168.223.1
X-Forwarded-Host: localhost:81
X-Forwarded-Port: 81
X-Forwarded-Proto: http
X-Forwarded-Server: traefik
X-Real-Ip: 192.168.223.1

* Connection #0 to host localhost left intact

Enabling plugin causes issues

Once traefik-ultimate-bad-bot-blocker is enabled:

  1. the plugin loads in Traefik
  2. requests are received by Traefik
  3. plugin logging indicates allow/deny decision
    • allowed requests made it to whoami -- whoami logs a request (and I assume sends a response)
    • denied requests are logged
  4. Traefik, and therefore the client, never receive a response

Code change:

       traefik.http.routers.http.entrypoints: http
-      # traefik.http.routers.http.middlewares: badbotblocker
+      traefik.http.routers.http.middlewares: badbotblocker
       traefik.http.routers.http.rule: PathPrefix(`/whoami`)
Traefik startup log 
2025-01-05T23:02:36-08:00 INF Traefik version 3.2.3 built on 2024-12-16T10:31:50Z version=3.2.3
2025-01-05T23:02:36-08:00 INF 
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://doc.traefik.io/traefik/contributing/data-collection/
2025-01-05T23:02:36-08:00 INF Loading plugins... plugins=["traefik-ultimate-bad-bot-blocker"]
2025-01-05T23:02:37-08:00 INF Plugins loaded. plugins=["traefik-ultimate-bad-bot-blocker"]
2025-01-05T23:02:37-08:00 INF Starting provider aggregator *aggregator.ProviderAggregator
2025-01-05T23:02:37-08:00 INF Starting provider *traefik.Provider
2025-01-05T23:02:37-08:00 INF Starting provider *docker.Provider
2025-01-05T23:02:37-08:00 INF Starting provider *acme.ChallengeTLSALPN
2025/01/05 23:02:37 Bad Bot Blocker INFO: Updating CIDR blocklist
2025/01/05 23:02:37 Bad Bot Blocker INFO: Updating user agent blocklist
2025/01/05 23:02:37 Bad Bot Blocker INFO: Updated block lists. Blocked CIDRs:  10000  Duration:  83.531643ms
Stalled HTTP request 
$ curl -vs localhost:81/whoami
*   Trying 127.0.0.1:81...
* Connected to localhost (127.0.0.1) port 81 (#0)
> GET /whoami HTTP/1.1
> Host: localhost:81
> User-Agent: curl/7.81.0
> Accept: */*
>
traefik-ultimate-bad-bot-blocker logging 
2025/01/05 23:03:43 Bad Bot Blocker DEBUG: Checking request: CIDR: "192.168.223.1:35018" user agent: "curl/7.81.0"
2025/01/05 23:03:43 Bad Bot Blocker DEBUG: Checked request in 6.33695ms
whoami --verbose logging 
2025/01/05 23:05:46 Starting up on port 80
2025/01/05 23:05:59 192.168.223.7:38430 - - [05/Jan/2025:23:05:59 -0800] "GET /whoami HTTP/1.1" - -

Simulated bad request is detected

Simulating a request that should be blocked is logged by the plugin in the logs, but the client still hangs:

Sending bad User-Agent (adstxtcrawlertp) 
2025/01/05 23:19:19 Bad Bot Blocker DEBUG: Checking request: CIDR: "192.168.223.1:43476" user agent: "AdsTxtCrawlerTP"
2025/01/05 23:19:19 Bad Bot Blocker INFO: blocked request with user agent adstxtcrawlertp because it contained adstxtcrawlertp
2025/01/05 23:19:19 Bad Bot Blocker DEBUG: Checked request in 5.281855ms
Request still stalls 
$ curl -vskLH 'User-Agent: AdsTxtCrawlerTP' localhost:81/whoami
*   Trying 127.0.0.1:81...
* Connected to localhost (127.0.0.1) port 81 (#0)
> GET /whoami HTTP/1.1
> Host: localhost:81
> Accept: */*
> User-Agent: AdsTxtCrawlerTP
>

Any ideas what would be causing the middleware to not allow the response make it back to the client? Thanks for any help.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@KetchupBomb