✨ Add variable to not block if redis is unreachable (#214)

* ✨ Add variable to not block if redis is unreachable * 🚨 fix lint * 📝 Update README.md
2025-11-08 15:15:05 +01:00 · 2025-02-10 20:10:29 +01:00
parent c34d7f4617
commit 4708d76854
4 changed files with 22 additions and 2 deletions
--- a/README.md
+++ b/README.md
@@ -411,6 +411,10 @@ Only one instance of the plugin is *possible*.
  - string 
  - default: ""
  - Database selection for the Redis service
+- RedisUnreachableBlock
+  - bool
+  - default: true
+  - Block request when Redis is unreachable (if Redis is unreachable, 1-second delay is added to each request)
 - HTTPTimeoutSeconds
  - int64
  - default: 10
@@ -535,6 +539,7 @@ http:
          redisCacheHost: "redis:6379"
          redisCachePassword: password
          redisCacheDatabase: "5"
+          redisCacheUnreachableBlock: true
          crowdsecLapiTLSCertificateAuthority: |-
            -----BEGIN CERTIFICATE-----
            MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
--- a/bouncer.go
+++ b/bouncer.go
@@ -81,6 +81,7 @@ type Bouncer struct {
 	forwardedCustomHeader   string
 	crowdsecStreamRoute     string
 	crowdsecHeader          string
+	redisUnreachableBlock   bool
 	banTemplateString       string
 	clientPoolStrategy      *ip.PoolStrategy
 	serverPoolStrategy      *ip.PoolStrategy
@@ -168,6 +169,7 @@ func New(_ context.Context, next http.Handler, config *configuration.Config, nam
 		remediationCustomHeader: config.RemediationHeadersCustomName,
 		forwardedCustomHeader:   config.ForwardedHeadersCustomName,
 		defaultDecisionTimeout:  config.DefaultDecisionSeconds,
+		redisUnreachableBlock:   config.RedisCacheUnreachableBlock,
 		banTemplateString:       banTemplateString,
 		crowdsecStreamRoute:     crowdsecStreamRoute,
 		crowdsecHeader:          crowdsecHeader,
@@ -240,7 +242,7 @@ func New(_ context.Context, next http.Handler, config *configuration.Config, nam

 // ServeHTTP principal function of plugin.
 //
-//nolint:nestif
+//nolint:nestif,gocyclo
 func (bouncer *Bouncer) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	if !bouncer.enabled {
 		bouncer.next.ServeHTTP(rw, req)
@@ -278,6 +280,11 @@ func (bouncer *Bouncer) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		if cacheErr != nil {
 			cacheErrString := cacheErr.Error()
 			bouncer.log.Debug(fmt.Sprintf("ServeHTTP:Get ip:%s isBanned:false %s", remoteIP, cacheErrString))
+			if !bouncer.redisUnreachableBlock && cacheErrString == cache.CacheUnreachable {
+				bouncer.log.Error(fmt.Sprintf("ServeHTTP:Get ip:%s redisUnreachable=true", remoteIP))
+				handleNextServeHTTP(bouncer, remoteIP, rw, req)
+				return
+			}
 			if cacheErrString != cache.CacheMiss {
 				bouncer.log.Error(fmt.Sprintf("ServeHTTP:Get ip:%s %s", remoteIP, cacheErrString))
 				handleBanServeHTTP(bouncer, rw)
--- a/pkg/cache/cache.go
+++ b/pkg/cache/cache.go
@@ -23,6 +23,8 @@ const (
 	CaptchaDoneValue = "d"
 	// CacheMiss error string when cache is miss.
 	CacheMiss = "cache:miss"
+	// CacheUnreachable error string when cache is unreachable.
+	CacheUnreachable = "cache:unreachable"
 )

 //nolint:gochecknoglobals
@@ -60,9 +62,13 @@ func (redisCache) get(key string) (string, error) {
 	if err == nil && len(valueString) > 0 {
 		return valueString, nil
 	}
-	if err.Error() == simpleredis.RedisMiss {
+	errRedisMessage := err.Error()
+	if errRedisMessage == simpleredis.RedisMiss {
 		return "", errors.New(CacheMiss)
 	}
+	if errRedisMessage == simpleredis.RedisUnreachable {
+		return "", errors.New(CacheUnreachable)
+	}
 	return "", err
 }

--- a/pkg/configuration/configuration.go
+++ b/pkg/configuration/configuration.go
@@ -74,6 +74,7 @@ type Config struct {
 	RedisCachePassword                       string   `json:"redisCachePassword,omitempty"`
 	RedisCachePasswordFile                   string   `json:"redisCachePasswordFile,omitempty"`
 	RedisCacheDatabase                       string   `json:"redisCacheDatabase,omitempty"`
+	RedisCacheUnreachableBlock               bool     `json:"redisCacheUnreachableBlock,omitempty"`
 	BanHTMLFilePath                          string   `json:"banHtmlFilePath,omitempty"`
 	CaptchaHTMLFilePath                      string   `json:"captchaHtmlFilePath,omitempty"`
 	CaptchaProvider                          string   `json:"captchaProvider,omitempty"`
@@ -128,6 +129,7 @@ func New() *Config {
 		RedisCacheHost:                 "redis:6379",
 		RedisCachePassword:             "",
 		RedisCacheDatabase:             "",
+		RedisCacheUnreachableBlock:     true,
 	}
 }