[appsec] - misleading error log
Hello,
crowdsec version: 1.6.5~rc4
crowdsec-openresty-bouncer: 1.0.2
I found these entries in the crowdsec logs on one of our servers yesterday, which made me a bit worried that we were exposing any of the Crowdsec ports on our public ip's. But that was not the case.. after some digging i found out that if a connection is made towards our openresty whilst the api key is invalidated between the openresty-bouncer and lapi it will produce these logs below. What makes it a bit misleading from my point of view is that it shows the clients ip as (real ip).
`
Now that i understand why, it kind of makes sense reading these logs, but at first they were pretty unclear.
3 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
I agree imo, the real IP doesnt really add any value to the actual message, it should really say Invalid api key or something
Yes fully agree 👍