You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, thank you for the effort in this fantastic project!
I think that I found a bug, or I can't understand the source of the block.
I'm using bunkerweb with multisite configuration, using one docker-compose file that points to different ip-port and I have the blacklist feature enabled.
When I try to reach my webpage from my mobile phone using carrier network I got a 403, and looking into the logs I see that my IP is in cached blacklist and my access was denied. The problem is that the IP is not in blacklist, neither in the cache of bunkerweb that i can access through the GUI in cache section.
The IP is not personal, is one of the IP used by my carrier so I can post it: 5.91.150.116
You can check, it's not in any lists at the moment and it is considered an italian IP (I've enabled Country whitelist).
This is the cached blacklist ip file downloaded by gui: blacklist.txt
How to reproduce?
you have to leave the default value on BLACKLIST_IP_URLS and USE_BLACKLIST.
After that you have to use the public IP 5.91.150.116.
The bunkerweb proxy will respond you 403.
Configuration file(s) (yaml or .env)
Docker compose file:
`version: '3.5'services: bunkerweb: restart: always image: bunkerity/bunkerweb:1.5.11 ports: - 80:8080 - 443:8443 labels: - "bunkerweb.INSTANCE=yes" environment: - SERVER_NAME=***mysite***.dyndns.org bunkerweb.***mysite***.dyndns.org - MULTISITE=yes - LOG_LEVEL=notice - API_WHITELIST_IP=127.0.0.0/8 10.21.30.0/24 - SEND_ANONYMOUS_REPORT=no #When set to yes, the Bad behavior feature will be enabled. - USE_BAD_BEHAVIOR=yes #List of HTTP status codes considered as suspicious - BAD_BEHAVIOR_STATUS_CODES=400 401 403 404 405 429 444 #The duration time (in seconds) of a ban when a client reached the threshold - BAD_BEHAVIOR_BAN_TIME=3600 #Maximum number of suspicious HTTP status codes within the time period - BAD_BEHAVIOR_THRESHOLD=60 #Period of time where we count suspicious HTTP status codes - BAD_BEHAVIOR_COUNT_TIME=120 - ***mysite***.dyndns.org_AUTO_LETS_ENCRYPT=yes - ***mysite***[email protected] - ***mysite***.dyndns.org_USE_LETS_ENCRYPT_STAGING=no - ***mysite***.dyndns.org_USE_REVERSE_PROXY=yes - ***mysite***.dyndns.org_REVERSE_PROXY_HOST=http://dashmachine:5000 - ***mysite***.dyndns.org_REDIRECT_HTTP_TO_HTTPS=yes - ***mysite***.dyndns.org_WHITELIST_COUNTRY=IT - bunkerweb.***mysite***.dyndns.org_AUTO_LETS_ENCRYPT=yes - bunkerweb.***mysite***[email protected] - bunkerweb.***mysite***.dyndns.org_USE_LETS_ENCRYPT_STAGING=no - bunkerweb.***mysite***.dyndns.org_USE_UI=yes - bunkerweb.***mysite***.dyndns.org_USE_REVERSE_PROXY=yes - bunkerweb.***mysite***.dyndns.org_REVERSE_PROXY_HOST=http://bw-ui:7000 - bunkerweb.***mysite***.dyndns.org_REDIRECT_HTTP_TO_HTTPS=yes - bunkerweb.***mysite***.dyndns.org_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504 - bunkerweb.***mysite***.dyndns.org_WHITELIST_IP=192.168.1.0/24 10.21.30.0/24 - bunkerweb.***mysite***.dyndns.org_BLACKLIST_IP=0.0.0.0/0 networks: - bw-universe - bw-services bw-scheduler: restart: always image: bunkerity/bunkerweb-scheduler:1.5.11 depends_on: - bunkerweb - bw-docker volumes: - bw-data:/data environment: - DOCKER_HOST=tcp://bw-docker:2375 networks: - bw-universe - bw-docker bw-docker: restart: always image: tecnativa/docker-socket-proxy:nightly volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: - CONTAINERS=1 - LOG_LEVEL=warning networks: - bw-docker bw-ui: image: bunkerity/bunkerweb-ui:1.5.11 restart: always depends_on: - bw-docker volumes: - bw-data:/data environment: - DOCKER_HOST=tcp://bw-docker:2375 - ADMIN_USERNAME=zzzzzzzzzzzzzzzzzz - ADMIN_PASSWORD=zzzzzzzzzzzzzzzzzzzzz networks: - bw-universe - bw-docker dashmachine: image: rmountjoy/dashmachine:latest restart: always volumes: - /opt/services/dashmachine:/dashmachine/dashmachine/user_data networks: - bw-servicesvolumes: bw-data: #source: /opt/services/bunkerweb/bw-data #type: bindnetworks: bw-universe: name: bw-universe ipam: driver: default config: - subnet: 10.21.30.0/24 bw-services: name: bw-services #driver: bridge bw-docker: name: bw-docker`
Relevant log output
the error from the log is:
`bunkerweb_1 | 2024/11/10 21:47:34 [warn] 644#644: *1718 [ACCESS] denied access from blacklist : IP is in cached blacklist (info : ip), client: 5.91.150.116, server: ***mysite***.dyndns.org, request: "GET / HTTP/2.0", host: "***mysite***.home.dyndns.org"bunkerweb_1 |***mysite***.dyndns.org 5.91.150.116 - - [10/Nov/2024:21:47:34 +0000] "GET / HTTP/2.0" 403 184240 "-""Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36"bunkerweb_1 | 2024/11/10 21:47:34 [notice] 644#644: *1719 [BADBEHAVIOR] increased counter for IP 5.91.150.116 (1/60), context: ngx.timer, client: 5.91.150.116, server: 0.0.0.0:8443bunkerweb_1 | 2024/11/10 21:47:34 [notice] 644#644: signal 17 (SIGCHLD) received from 1288bunkerweb_1 | 2024/11/10 21:47:34 [notice] 644#644: unknown process 1288 exited with code 0bunkerweb_1 | 2024/11/10 21:47:34 [error] 644#644: *1720 [BUNKERNET] can't report IP : status code != 200, context: ngx.timer, client: 5.91.150.116, server: 0.0.0.0:8443`
BunkerWeb version
1.5.11
What integration are you using?
Docker
Linux distribution (if applicable)
Ubuntu
Removed private data
I have removed all private data from the configuration file and the logs
Code of Conduct
I agree to follow this project's Code of Conduct
The text was updated successfully, but these errors were encountered:
Hi @Ablablab, I couldn't reproduce the issue you encountered. Is this still occurring ?
Yes it's still present and I found it in another instance of bunkerweb (my father's home). I found that a lot of requests from my mobile phone carrier are blacklisted even if the public IP is not in the ban list
What happened?
Hello, thank you for the effort in this fantastic project!
I think that I found a bug, or I can't understand the source of the block.
I'm using bunkerweb with multisite configuration, using one docker-compose file that points to different ip-port and I have the blacklist feature enabled.
When I try to reach my webpage from my mobile phone using carrier network I got a 403, and looking into the logs I see that my IP is in cached blacklist and my access was denied. The problem is that the IP is not in blacklist, neither in the cache of bunkerweb that i can access through the GUI in cache section.
The IP is not personal, is one of the IP used by my carrier so I can post it: 5.91.150.116
You can check, it's not in any lists at the moment and it is considered an italian IP (I've enabled Country whitelist).
This is the cached blacklist ip file downloaded by gui:
blacklist.txt
How to reproduce?
you have to leave the default value on BLACKLIST_IP_URLS and USE_BLACKLIST.
After that you have to use the public IP 5.91.150.116.
The bunkerweb proxy will respond you 403.
Configuration file(s) (yaml or .env)
Relevant log output
BunkerWeb version
1.5.11
What integration are you using?
Docker
Linux distribution (if applicable)
Ubuntu
Removed private data
Code of Conduct
The text was updated successfully, but these errors were encountered: