You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The AppSec component does not set the actual useragent of the remote user, so any of the sec rules that try to match on useragent may currently produce false negatives.
What did you expect to happen?
Send remote useragent as a header and set correctly within the parsed request stage
How can we reproduce it (as minimally and precisely as possible)?
Dump request sent to inband rules and you will see lua resty useragent as the remote users
Anything else we need to know?
No response
Crowdsec version
$ cscli version
# paste output here
OS version
# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here
# On Windows:C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here
Enabled collections and parsers
$ cscli hub list -o raw
# paste output here
Acquisition config
```console
# On Linux:
$ cat /etc/crowdsec/acquis.yaml /etc/crowdsec/acquis.d/*
# paste output here
Check Releases to make sure your agent is on the latest version.
Details
I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.
What happened?
The AppSec component does not set the actual useragent of the remote user, so any of the sec rules that try to match on useragent may currently produce false negatives.
What did you expect to happen?
Send remote useragent as a header and set correctly within the parsed request stage
How can we reproduce it (as minimally and precisely as possible)?
Dump request sent to inband rules and you will see lua resty useragent as the remote users
Anything else we need to know?
No response
Crowdsec version
OS version
Enabled collections and parsers
Acquisition config
On Windows:
C:> Get-Content C:\ProgramData\CrowdSec\config\acquis.yaml
paste output here
Config show
Prometheus metrics
Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.
The text was updated successfully, but these errors were encountered: