C
CrowdSec4w ago
vedtoto

Use of nginx variables with AppSec

Hello, do you have any practical examples on how to utilize these? https://docs.crowdsec.net/u/bouncers/openresty#nginx-variables I tried setting for example within a specific location in my openresty config. But it does not disable appsec (still getting banned) - Maybe i have gotten this wrong? set $disable_appsec 1 cs-openresty-bouncer = v1.1.1 crowdsec = v1.7.0 And also, if i were to change this value dynamically based on conditions, in what lua directive will this variable be evaluated?
OpenResty | CrowdSec
📚 Documentation
3 Replies
CrowdSec
CrowdSec4w ago
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.
Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
blotus
blotus4w ago
it's an issue in the documentation, the correct variable is crowdsec_disable_appsec
vedtoto
vedtotoOP4w ago
Ah ok, still not getting it to work. But i will keep trying.. Not sure how it's supposed to work. Appsec is initialized in the http directive and this variable needs to be declared within server/location/if directive. I guess some further evaluation is done behind the scenes? That was on me, we use different path for openresty. So i still used the old lua libs for openresty bouncer :) I was able to declare it in my openresty conf and then use it in lua code like this.. if anyone else is interested. Very nice improvement! 
access_by_lua_block {

        local wafwl = require "wafwl"
        local http_host = ngx.var.http_host

        if wafwl.is_whitelisted() then

                ngx.log(ngx.ERR,"Crowdsec-WAF is disabled for this domain - not evaluating request: " .. http_host)
                ngx.var.crowdsec_disable_appsec = 1

        end
}
access_by_lua_block {

        local wafwl = require "wafwl"
        local http_host = ngx.var.http_host

        if wafwl.is_whitelisted() then

                ngx.log(ngx.ERR,"Crowdsec-WAF is disabled for this domain - not evaluating request: " .. http_host)
                ngx.var.crowdsec_disable_appsec = 1

        end
}

Did you find this page helpful?