-
Notifications
You must be signed in to change notification settings - Fork 4
Open
Description
With Crowdsec On, Apache-generated redirects become completely broken, namely due to the Location: header being stripped from the response, as well as the link in the HTML response body becoming blank.
With Crowdsec Off (normal behavior):
# curl -i https://website/links
HTTP/2 301
location: https://website/links/
content-length: 360
content-type: text/html; charset=iso-8859-1
date: Thu, 01 May 2025 23:12:39 GMT
server: Apache
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://website/links/">here</a>.</p>
<hr>
<address>Apache Server at <a href="mailto:xxx">hostname</a> Port 443</address>
</body></html>
With Crowdsec On (broken):
# curl -i https://website/links
HTTP/2 301
content-length: 325
content-type: text/html; charset=iso-8859-1
date: Thu, 01 May 2025 23:11:26 GMT
server: Apache
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="">here</a>.</p>
<hr>
<address>Apache Server at <a href="mailto:xxx">hostname</a> Port 443</address>
</body></html>
note that the Location: header is gone, and the href target has become blank.
a strange message also appears in the Apache error log:
[Thu May 01 18:08:53.664067 2025] [crowdsec:error] [pid 1401022:tid 253409144008992] [remote 1.1.1.1:55744] crowdsec: service 'http://127.0.0.1:8080/v1/decisions?ip=1.1.1.1' returned 301, request rejected: /links
the message makes it sound like the local API is returning a 301, but it's not
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels