Hello. I have no idea what actually happened.
A few days ago I set up crowdsec in a Docker container as well as the crowdsec-cloudflare-bouncer. I got everything running with my Docker container of NGINX Proxy Manager. I tried some things on my website and my own IP landed on the blocklist even though I thought I had whitelisted it. But unfortunately, this IPv6 address had changed a bit.
So I thought okay just delete the decision and you’ll be fine but I’m not at all.
My logs are full of this and I cannot even save a page in my wiki:
2024/01/19 08:07:18 [error] 261#261: *1574 auth request unexpected status: 431 while sending to client, client: xxxx:908:eb40:yyyy:f57a:281a:493:xxxx, server: wiki.xyz.de, request: "POST /graphql HTTP/2.0", host: "wiki.xyz.de", referrer: "https://wiki.xyz.de/"
I added the IP to my whitelist and restarted crowdsec as well as NGINX Proxy Manager and also put Cloudflare in development mode to get nothing that is cached and deactivated the WAF firewall rule “CrowdSec managed_challenge rule”. Nothing helps. I’m really struggling. Because it blocks everything now. On my website, it is blocking everything containing js
aka JavaScript. I can access everything fine from my phone with a different IP.
What is happening?
Edit: I found this and that’s why I’m sure it has something to do with this combination of things:
This error is a generic network failure error, which is usually caused by a reverse-proxy (such as Cloudflare, nginx, Traefic, etc.) blocking the request. For example, trying to save a page with content like scripts or other special characters can trigger some reverse-proxy firewalls.
Try white-listing your IP and make sure your reverse-proxy config is correct so that requests don’t get blocked and routed incorrectly.