C
CrowdSec3mo ago
pokeghost

Diagnosing what causes "Http error 400 while talking to LAPI"

Hi everyone. We have CrowdSec deployed in production (with OpenResty bouncer if this is relevant) and even though it works properly, "Http error 400 while talking to LAPI" are regularly being thrown in the logs. These seem to happen only for certain types of requests (origin and paths) I couldn't find any relevant information on why error 400 happens. How can we look deeper into what causes these errors, like seeing the exact contents of LAPI request that caused the error? Thank you in advance!
5 Replies
CrowdSec
CrowdSec3mo ago
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.
Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
blotus
blotus3mo ago
You mean in the bouncer logs ? Do you see anything in the crowdsec logs at the same time ?
pokeghost
pokeghostOP3mo ago
These originate from the bouncer's Allow() function. In /var/log/crowdsec.log I can see a lot of msg="QueryDecisionWithFilter : context canceled" but I wasn't able to find any details on it. Do you have suggestions where should I look?
iiamloz
iiamloz3mo ago
Are you on the latest version of CrowdSec eg: version 1.6.8?
pokeghost
pokeghostOP3mo ago
yes, here's the version details: 
version: v1.6.8-debian-pragmatic-amd64-f209766e
Codename: alphaga
BuildDate: 2025-03-25_14:51:10
GoVersion: 1.24.1
Platform: linux
libre2: C++
User-Agent: crowdsec/v1.6.8-debian-pragmatic-amd64-f209766e-linux
Constraint_parser: >= 1.0, <= 3.0
Constraint_scenario: >= 1.0, <= 3.0
Constraint_api: v1
Constraint_acquis: >= 1.0, < 2.0
Built-in optional components: cscli_setup, datasource_appsec, datasource_cloudwatch, datasource_docker, datasource_file, datasource_http, datasource_journalctl, datasource_k8s-audit, datasource_kafka, datasource_kinesis, datasource_loki, datasource_s3, datasource_syslog, datasource_victorialogs, datasource_wineventlog
version: v1.6.8-debian-pragmatic-amd64-f209766e
Codename: alphaga
BuildDate: 2025-03-25_14:51:10
GoVersion: 1.24.1
Platform: linux
libre2: C++
User-Agent: crowdsec/v1.6.8-debian-pragmatic-amd64-f209766e-linux
Constraint_parser: >= 1.0, <= 3.0
Constraint_scenario: >= 1.0, <= 3.0
Constraint_api: v1
Constraint_acquis: >= 1.0, < 2.0
Built-in optional components: cscli_setup, datasource_appsec, datasource_cloudwatch, datasource_docker, datasource_file, datasource_http, datasource_journalctl, datasource_k8s-audit, datasource_kafka, datasource_kinesis, datasource_loki, datasource_s3, datasource_syslog, datasource_victorialogs, datasource_wineventlog

Did you find this page helpful?