Hi,

besides slack and discord it would be nice if we could define a custom webhook

regards

Plugin(s)
Crowdsec
What's needed and why ?
Data info of crowdsec metrics

Implementations ideas (optional)
Im attaching the docker compose of the crowdsec which is working at the moment

wget https://raw.githubusercontent.com/crowdsecurity/example-docker-compose/main/crowdsec/dashboard/Dockerfile

  crowdsec:
    image: crowdsecurity/crowdsec:v1.5.1
    volumes:
      - cs-data:/var/lib/crowdsec/data:rw
      - ./acquis.yaml:/etc/crowdsec/acquis.yaml
      - bw-logs:/var/log:ro
      - cs-config:/etc/crowdsec:rw
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - BOUNCER_KEY_bunkerweb=s3cr3tb0unc3rk3y
      - COLLECTIONS=crowdsecurity/nginx
      - GID=1000
      - ENABLE_PARSERS=crowdsecurity/whitelists
    networks:
      - bw-universe

  dashboard:
    container_name: crowdsecdashboard
    build: ./dashboard
    restart: unless-stopped
    depends_on:
      - crowdsec
    networks:
      - bw-universe
    ports:
      - 1111:3000
    environment:
      - MB_DB_FILE=/data/metabase.db
      - MGID=1000
    volumes:
      - cs-data:/metabase-data/

volumes:
  bw-data:
   driver: local-persist
   driver_opts:
     mountpoint: /waf/sites/bw-data
  bw-logs:
   driver: local-persist
   driver_opts:
     mountpoint: /waf/sites/bw-logs
  cs-data:
   driver: local-persist
   driver_opts:
     mountpoint: /waf/sites/cs-data
  cs-config:
   driver: local-persist
   driver_opts:
     mountpoint: /waf/sites/cs-config

bunkerweb officer docker-compose sample:

my docker-compose.yml:

Plugin

crowdsec

Implementations ideas (optional)

Hi,

i want to connect crowdsec to my central lapi running on an other host.
but the docker container everytimes registers with the local server and overwrites the local_api_credentials.
what is the way to connect crowdsec to a central lapi?

regards

Code of Conduct

• I agree to follow this project's Code of Conduct

What happened?

[error] 230#230: *112 [ACCESS] virustotal:access() failed : /usr/share/bunkerweb/deps/lib/lua/resty/upload.lua:109: http v2 not supported yet

How to reproduce?

use virustotal and configure apikey

Configuration file(s) (yaml or .env)

services:
  bunkerweb:
    image: bunkerity/bunkerweb:1.5.6
    ports:
      - 80:8080
      - 443:8443
    labels:
      - "bunkerweb.INSTANCE=yes"
    environment:
      - SERVER_NAME=www.xxxxx.com
      - MULTISITE=yes
      - DATABASE_URI=mariadb+pymysql://xxxx:xxxx@bw-db:xxxx/db # Remember to set a stronger password for the database
      - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
      - USE_CLAMAV=yes
      - CLAMAV_HOST=clamav
      - USE_VIRUSTOTAL=yes
      - VIRUSTOTAL_API_KEY=90xxxxxx9a78a64
      - AUTO_LETS_ENCRYPT=yes
      - USE_CROWDSEC=yes
      - CROWDSEC_API=http://crowdsec:xxxx
      - CROWDSEC_API_KEY=xxxxx
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - www.xxxx.com_USE_UI=yes
      - www.xxxx.com_USE_REVERSE_PROXY=yes
      - www.xxxx.com_REVERSE_PROXY_URL=/admin
      - www.xxxx.com_REVERSE_PROXY_HOST=http://bw-ui:7000
      - www.xxxx.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504

Relevant log output

2024/04/11 09:50:29 [error] 230#230: *112 [ACCESS] virustotal:access() failed : /usr/share/bunkerweb/deps/lib/lua/resty/upload.lua:109: http v2 not supported yet, client: xxxxxx, server: bw.andyou.com, request: "POST /vulnerabilities/upload/ HTTP/2.0", host: "bw.xxxxx.com", referrer: "https://xxxx.xxxxx.com/vulnerabilities/upload/"

BunkerWeb version

1.5.6

What integration are you using?

Docker

Linux distribution (if applicable)

No response

Removed private data

• I have removed all private data from the configuration file and the logs

Code of Conduct

• I agree to follow this project's Code of Conduct

Duplicate of @andyoulovexy issue:
#87

Plugin(s)
All

Description
In documentation 1.5.1 I see link to
EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/tags/v1.1.zip
but accessible last release is v1.0 (main). I have tried to use coraza branch of bunkerweb-plugins, but I don't see plugins (crowdsec and clamav) in BW_UI.

BunkerWeb version
Version of BunkerWeb - 1.5.1.

Hello, I have problem ban IP on BunkerWeb from crowdsec.

Plugin(s)
crowdsec

Description
I see in crowdsec container some banned IP, but I can't see it in bunkerweb.

How to reproduce

For all services is activated "Use CrowdSec" option.

docker-compose exec crowdsec cscli bouncers list
Name IP Address Valid Last API pull Type Version Auth Type
bunkerweb 10.20.31.2 ✔ 2023-07-28T12:58:59Z crowdsec-bunkerweb-bouncer v0.1 api-key

docker-compose exec crowdsec cscli decisions list
│ ID │ Source │ Scope:Value │ Reason │ Action │ Country │ AS │ Events │ expiration │ Alert ID │
│ 435131 │ crowdsec │ Ip:59.18.150.155 │ crowdsecurity/thinkphp-cve-2018-20062 │ ban │ KR │ 4766 Korea Telecom │ 1 │ 3h30m18.129711836s │ 160 │
│ 435130 │ crowdsec │ Ip:146.190.33.8 │ crowdsecurity/CVE-2022-26134 │ ban │ US │ 14061 DIGITALOCEAN-ASN │ 1 │ 3h15m33.070097333s │ 159 │
│ 435127 │ crowdsec │ Ip:167.94.138.49 │ crowdsecurity/http-bad-user-agent │ ban │ US │ 398324 CENSYS-ARIN-01 │ 2 │ 1h16m53.328785208s │ 156 │
│ 435123 │ crowdsec │ Ip:139.59.182.142 │ crowdsecurity/jira_cve-2021-26086 │ ban │ GB │ 14061 DIGITALOCEAN-ASN │ 1 │ 8m36.788698052s │ 152 │

docker-compose exec bunkerweb bwcli bans
[2023-07-28 18:01:03] - API - ℹ - Successfully sent API request to http://127.0.0.1:5000/bans
[2023-07-28 18:01:03] - CLI - ℹ - CLI command status : ✔ (success)
List of bans for 127.0.0.1:
No ban found

dockec-compose.yaml

services:
bunkerweb:
image: bunkerity/bunkerweb
ports:
- 80:8080
- 443:8443
labels:
- "bunkerweb.INSTANCE"
environment:
...
- USE_CROWDSEC=yes
- CROWDSEC_API=http://crowdsec:8080
- CROWDSEC_API_KEY=xxxxx
...

crowdsec:
image: crowdsecurity/crowdsec:v1.5.1
environment:
- BOUNCER_KEY_bunkerweb=xxxxx

BunkerWeb version
BunkerWeb - actual version 1.5.0

docker-compose exec crowdsec cscli version
2023/07/28 18:09:07 version: v1.5.1-eddb994c0b48d77b34a3f22b719dc5716670d2ae
2023/07/28 18:09:07 Codename: alphaga
2023/07/28 18:09:07 BuildDate: 2023-05-17_11:05:12
2023/07/28 18:09:07 GoVersion: 1.20.4
2023/07/28 18:09:07 Platform: docker
2023/07/28 18:09:07 Constraint_parser: >= 1.0, <= 2.0
2023/07/28 18:09:07 Constraint_scenario: >= 1.0, < 3.0
2023/07/28 18:09:07 Constraint_api: v1
2023/07/28 18:09:07 Constraint_acquis: >= 1.0, < 2.0

crowdsec plugins README linux setup missing.

https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec#linux

Plugin
goAuthentik is Keycloak alternative with Proxy authentication and other features out of the box. Adding support of it to bunkerweb will simplify configuration of secure authentication in bunkerweb environment. For more information see this page: https://goauthentik.io/docs/providers/proxy/forward_auth

Settings (optional)

1. Location of goAuthentik Proxy authentification outpost
2. Domain level mode. If yes, uses mentioned mode of auth, else switches to single application mode. See goAuthentik docs.
3. List of auth_request_set variables and proxy_set_header parameters in order to define,which authentication data nginx passes to proxified service

Implementations ideas (optional)
As I understand, It is required to allow plugin to extend the nginx config file of reverse-proxy plugin and add additional config file to extend server block. Also this plugin can be extended to generic auth_request plugin with pre-defined goAuthentik config templates

Plugin(s)
VirusTotal

What's needed and why ?
We need to add new files on VT and wait for the results in case a file is not already uploaded. This will increase the security.

The setting SCAN_MODE could be used with the following values :

• hash : don't upload files to VT, only use hashes
• upload : upload files to VT if the file is not already present

The scan of a new file on VT can take some times so we need to display a "waiting page" for the user.

Plugin

crowdsec

Settings (optional)

No response

Implementations ideas (optional)

[ACCESS] denied access from crowdsec : CrowSec bouncer denied request, client: xxx.xxx.xxx.xxx

but there is no decision for that ip, the ip is also on the crowdsec whitelist
why is the ip reported to be bad?

Code of Conduct

• I agree to follow this project's Code of Conduct

Plugin(s)
ClamAV and VirusTotal

What's needed and why ?
With high number of file uploads, a cluster of ClamAV and API might be useful to spread the load. We need to document how to achieve this.

Implementations ideas (optional)
https://docs.clamav.net/manual/Installing/Docker.html#multiple-containers-sharing-the-same-mounted-databases

Plugin(s)
ClamAV and VirusTotal

What's needed and why ?
With a high number and/or big uploaded files, the ClamAV/VirusTotal scan can take some time. When that's the case, we need a way to do it async and display a "waiting page" to the user until scan is finished.

We can use the ASYNC_SCAN setting with a yes or no value.

bunkerweb log：
2023/11/01 16:16:26 [warn] 730#730: 372 [lua] _G write guard:12: __newindex(): writing a global Lua variable ('iend') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
stack traceback:
/etc/bunkerweb/plugins/clamav/clamav.lua:236: in function 'scan'
/etc/bunkerweb/plugins/clamav/clamav.lua:85: in function </etc/bunkerweb/plugins/clamav/clamav.lua:67>
[C]: in function 'pcall'
/usr/share/bunkerweb/lua/bunkerweb/helpers.lua:126: in function 'call_plugin'
access_by_lua(suc.snagou.com/access-lua.conf:1):73: in main chunk, client: x.x.x.x, server: xxxx.com, request: "POST /@yang/index.php?c=uploadfile&a=ueditor&action=uploadfile HTTP/1.0", host: "xxxx.com", referrer: "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38"
2023/11/01 16:16:26 [warn] 730#730: 372 [ACCESS] denied access from clamav : file with checksum d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010is detected : Win.Test.EICAR_HDB-1, client: x.x.x.x, server: xxxx.com, request: "POST /@yang/index.php?c=uploadfile&a=ueditor&action=uploadfile HTTP/1.0", host: "xxxx.com", referrer: "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38"
xxxx.com x.x.x.x - - [01/Nov/2023:16:16:26 +0000] "GET /data/upload/image/20231102/1698854501958921.pdf HTTP/1.0" 200 184 "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36"
---pODs2Bt4---A--
[01/Nov/2023:16:16:26 +0000] 16988553868.563090 x.x.x.x 0 192.168.32.3 8080
---pODs2Bt4---B--
GET /data/upload/image/20231102/1698854501958921.pdf HTTP/1.0
Host: xxxx.com
X-Real-IP: x.x.x.x
X-Forwarded-For: x.x.x.x
Referer: http://xxxx.com/@yang/index.php?c=content&a=edit&id=38
X-Forwarded-Proto: http
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36
Cookie: PHPSESSID=38mgt0rq9n74b3jhcbjb5pv1to
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9

---pODs2Bt4---F--
HTTP/1.0 200
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Referrer-Policy: strict-origin-when-cross-origin
ETag: "65427665-b8"
Last-Modified: Wed, 01 Nov 2023 16:01:41 GMT
Last-Modified: Wed, 01 Nov 2023 16:01:41 GMT
Connection: close
X-Powered-By:
Content-Type: application/pdf
Content-Length: 184
Date: Wed, 01 Nov 2023 16:16:26 GMT
Feature-Policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
Server:
Server:
Content-Security-Policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';
X-Content-Type-Options: nosniff
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()
X-XSS-Protection: 1; mode=block
Expect-CT:
X-AspNet-Version:
X-AspNetMvc-Version:

---pODs2Bt4---H--

---pODs2Bt4---Z--

xxxx.com x.x.x.x - - [01/Nov/2023:16:16:26 +0000] "POST /@yang/index.php?c=uploadfile&a=ueditor&action=uploadfile HTTP/1.0" 403 703540 "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36"
xxxx.com x.x.x.x - - [01/Nov/2023:16:16:33 +0000] "POST /@yang/index.php?c=content&a=edit&id=38 HTTP/1.0" 200 655 "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36"
---8W6ch3Jr---A--
[01/Nov/2023:16:16:33 +0000] 169885539399.701045 x.x.x.x 0 192.168.32.3 8080
---8W6ch3Jr---B--
POST /@yang/index.php?c=content&a=edit&id=38 HTTP/1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36
X-Forwarded-Proto: http
Content-Type: application/x-www-form-urlencoded
Upgrade-Insecure-Requests: 1
Content-Length: 180
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Connection: close
Origin: http://xxxx.com
X-Forwarded-For: x.x.x.x
X-Real-IP: x.x.x.x
Host: xxxx.com
Referer: http://xxxx.com/@yang/index.php?c=content&a=edit&id=38
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=38mgt0rq9n74b3jhcbjb5pv1to
Accept-Language: zh-CN,zh;q=0.9

---8W6ch3Jr---C--
data%5Bcatid%5D=34&data%5Btitle%5D=%E8%BE%BE%E5%B0%94%E6%96%87%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95&data%5Bxiazai%5D=&file=eicar_com.pdf&data%5Bstatus%5D=1&submit=%E6%8F%90%E4%BA%A4

---8W6ch3Jr---F--
HTTP/1.0 200
Referrer-Policy: strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Security-Policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';
X-Powered-By:
Connection: close
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Nov 2023 16:16:33 GMT
Feature-Policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
Server:
Server:
X-Content-Type-Options: nosniff
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()
X-XSS-Protection: 1; mode=block
Expect-CT:
X-AspNet-Version:
X-AspNetMvc-Version:

---8W6ch3Jr---H--

---8W6ch3Jr---Z--

xxxx.com x.x.x.x - - [01/Nov/2023:16:16:35 +0000] "GET /@yang/index.php?c=content&a=edit&id=38 HTTP/1.0" 200 4623 "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36"
---Mru2hNOq---A--
[01/Nov/2023:16:16:35 +0000] 169885539523.818664 x.x.x.x 0 192.168.32.3 8080
---Mru2hNOq---B--
GET /@yang/index.php?c=content&a=edit&id=38 HTTP/1.0
Accept-Language: zh-CN,zh;q=0.9
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=38mgt0rq9n74b3jhcbjb5pv1to
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36
X-Forwarded-Proto: http
Upgrade-Insecure-Requests: 1
Connection: close
Referer: http://xxxx.com/@yang/index.php?c=content&a=edit&id=38
X-Forwarded-For: x.x.x.x
X-Real-IP: x.x.x.x
Host: xxxx.com

---Mru2hNOq---F--
HTTP/1.0 200
Referrer-Policy: strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Security-Policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';
X-Powered-By:
Connection: close
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Nov 2023 16:16:35 GMT
Feature-Policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
Server:
Server:
X-Content-Type-Options: nosniff
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()
X-XSS-Protection: 1; mode=block
Expect-CT:
X-AspNet-Version:
X-AspNetMvc-Version:

---Mru2hNOq---H--

---Mru2hNOq---Z--

clamav log:

I use nikto test my website ,crowdsec logs show nikto server ip ,but cscli decision list havn't,bwcli bans had it

crowdsec log:
time="24-05-2023 10:22:54" level=error msg="while fetching bouncer info: select bouncer: ent: bouncer not found: unable to query" ip=10.10.0.1
time="24-05-2023 10:22:54" level=info msg="10.10.0.1 - [Wed, 24 May 2023 10:22:54 UTC] "GET /v1/decisions?ip=172.96.188.138 HTTP/1.1 403 4.831249ms "crowdsec-bunkerweb-bouncer/v0.1" ""
time="24-05-2023 10:22:54" level=error msg="while fetching bouncer info: select bouncer: ent: bouncer not found: unable to query" ip=10.10.0.1
time="24-05-2023 10:22:54" level=info msg="10.10.0.1 - [Wed, 24 May 2023 10:22:54 UTC] "GET /v1/decisions?ip=172.96.188.138 HTTP/1.1 403 1.003643ms "crowdsec-bunkerweb-bouncer/v0.1" ""
time="24-05-2023 10:22:57" level=error msg="while fetching bouncer info: select bouncer: ent: bouncer not found: unable to query" ip=10.10.0.1
time="24-05-2023 10:22:57" level=info msg="10.10.0.1 - [Wed, 24 May 2023 10:22:57 UTC] "GET /v1/decisions?ip=172.96.188.138 HTTP/1.1 403 772.089?s "crowdsec-bunkerweb-bouncer/v0.1" ""
time="24-05-2023 10:22:58" level=error msg="while fetching bouncer info: select bouncer: ent: bouncer not found: unable to query" ip=10.10.0.1
time="24-05-2023 10:22:58" level=info msg="10.10.0.1 - [Wed, 24 May 2023 10:22:58 UTC] "GET /v1/decisions?ip=172.96.188.138 HTTP/1.1 403 678.359?s "crowdsec-bunkerweb-bouncer/v0.1" ""
time="24-05-2023 10:22:59" level=error msg="while fetching bouncer info: select bouncer: ent: bouncer not found: unable to query" ip=10.10.0.1
time="24-05-2023 10:22:59" level=info msg="10.10.0.1 - [Wed, 24 May 2023 10:22:59 UTC] "GET /v1/decisions?ip=x.x.x.x HTTP/1.1 403 730.18?s "crowdsec-bunkerweb-bouncer/v0.1" ""
time="24-05-2023 10:23:01" level=error msg="while fetching bouncer info: select bouncer: ent: bouncer not found: unable to query" ip=10.10.0.1
time="24-05-2023 10:23:01" level=info msg="10.10.0.1 - [Wed, 24 May 2023 10:23:01 UTC] "GET /v1/decisions?ip=x.x.x.x HTTP/1.1 403 682.316?s "crowdsec-bunkerweb-bouncer/v0.1" ""
time="24-05-2023 10:23:02" level=error msg="while fetching bouncer info: select bouncer: ent: bouncer not found: unable to query" ip=10.10.0.1
time="24-05-2023 10:23:02" level=info msg="10.10.0.1 - [Wed, 24 May 2023 10:23:02 UTC] "GET /v1/decisions?ip=x.x.x.x HTTP/1.1 403 1.24194ms "crowdsec-bunkerweb-bouncer/v0.1" ""
time="24-05-2023 10:23:03" level=error msg="while fetching bouncer info: select bouncer: ent: bouncer not found: unable to query" ip=10.10.0.1
time="24-05-2023 10:23:03" level=info msg="10.10.0.1 - [Wed, 24 May 2023 10:23:03 UTC] "GET /v1/decisions?ip=x.x.x.x HTTP/1.1 403 752.75?s "crowdsec-bunkerweb-bouncer/v0.1" ""
time="24-05-2023 10:23:04" level=error msg="while fetching bouncer info: select bouncer: ent: bouncer not found: unable to query" ip=10.10.0.1
time="24-05-2023 10:23:04" level=info msg="10.10.0.1 - [Wed, 24 May 2023 10:23:04 UTC] "GET /v1/decisions?ip=x.x.x.x HTTP/1.1 403 777.849?s "crowdsec-bunkerweb-bouncer/v0.1" ""
time="24-05-2023 10:23:05" level=error msg="while fetching bouncer info: select bouncer: ent: bouncer not found: unable to query" ip=10.10.0.1
time="24-05-2023 10:23:05" level=info msg="10.10.0.1 - [Wed, 24 May 2023 10:23:05 UTC] "GET /v1/decisions?ip=x.x.x.x HTTP/1.1 403 708.404?s "crowdsec-bunkerweb-bouncer/v0.1" ""

Plugin(s)
VirusTotal

What's needed and why ?
In addition to files, VirusTotal can also "scan" IP addresses (sample report : https://www.virustotal.com/gui/ip-address/1.2.3.4). We can use it to deny access if the IP of a client is detected as malicious by some vendors.

The following settings can be implemented :

• SCAN_IP_ADDRESS=yes/no : enable/disable scan of IP address
• IP_MALICIOUS_COUNT : Minimum number of "malicious" detections to consider the IP as rogue.
• IP_SUSPICIOUS_COUNT : Minimum number of "suspicious" detections to consider the IP as rogue.

Implementations ideas (optional)
https://developers.virustotal.com/reference/ip-info

Plugin(s)
CLAMAV

Description
ACCESS] clamav:access() call failed : error from request : error while sending request : clamav-api could not be resolved (2: Server failure), `

How to reproduce
copying the dockercompose example

BunkerWeb version
1.5

Logs
ACCESS] clamav:access() call failed : error from request : error while sending request : clamav-api could not be resolved (2: Server failure), `

i had to add the network to the docker compose for it to work

  clamav-api:
    image: bunkerity/bunkerweb-clamav
    environment:
      - CLAMAV_HOST=clamav
      - REDIS_HOST=redis
    networks:
      - bw-universe
      - bw-docker

  clamav:
    image: clamav/clamav:1.1.0
    volumes:
      - ./clamav-data:/var/lib/clamav
    networks:
      - bw-universe
      - bw-docker

  redis:
    image: redis:7-alpine
    networks:
      - bw-universe
      - bw-docker