Geoblock - Blocklisted country correctly blocked with 403 code via browser, however can still access via a Nikto test with 404 code

Y57 · July 2, 2024, 7:19am

Hi all,

Setup:

Docker
Traefik v3
Traefik PascalMinder/geoblock plugin: Plugin
- Only allow Australian IP addresses.
VPN location used for test: Non-Australian Server
- 403 code returned via web browser
- 404 code returned if testing using Nikto (Web Server Scanner) against my domain.

Question:

Should this not be returning 403, regardless on how my domain is accessed?
Would somebody mind confirming if I have a misconfiguration somewhere?

Tests:

VPN: Non-Australian Server
- Accessing through web browser - correctly returns a 403 code:
  - Traefik access.log:
    {"ClientAddr":"CLIENTIP:59132","ClientHost":"CLIENTIP","ClientPort":"59132","ClientUsername":"-","DownstreamContentSize":0,"DownstreamStatus":403,"Duration":2919561,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":2919561,"RequestAddr":MYDOMAIN","RequestContentSize":0,"RequestCount":19190,"RequestHost":"MYDOMAIN","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"J-rtr@docker","StartLocal":"2024-07-02T16:28:32.336551072+00:30","StartUTC":"2024-07-02T06:58:32.336551072Z","TLSCipher":"TLS_CHACHA20_POLY1305_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2024-07-02T16:28:32+00:30"}

VPN: Non-Australian Server
- Accessing through Nikito Command Line - returns 404 code:
  docker run frapsoft/nikto -host https://DOMAIN
  - Traefik access.log:
    {"ClientAddr":"CLIENTIP:59112","ClientHost":"CLIENTIP","ClientPort":"59112","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":157045,"GzipRatio":0,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":157045,"RequestAddr":MYDOMAIN:443","RequestContentSize":0,"RequestCount":19189,"RequestHost":"MYDOMAIN","RequestMethod":"GET","RequestPath":"/lPWGKUQF.x-shop","RequestPort":"443","RequestProtocol":"HTTP/1.1","RequestScheme":"http","RetryAttempts":0,"StartLocal":"2024-07-02T16:28:27.441108347+00:30","StartUTC":"2024-07-02T06:58:27.441108347Z","entryPointName":"websecure","level":"info","msg":"","time":"2024-07-02T16:28:27+00:30"}

Traefik docker compose:

    command: # CLI arguments
      - --experimental.plugins.geoblock-pascalminder-plugin.modulename=github.com/PascalMinder/geoblock  # GeoBlock Plugin 
      - --experimental.plugins.geoblock-pascalminder-plugin.version=v0.2.8          # GeoBlock Plugin

    labels:
      - "traefik.enable=true"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=websecure"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$REVERSEPROXY_DOMAINNAME_0_CLOUD_SERVER`)  || Host(`traefik.$REVERSEPROXY_DOMAINNAME_1_CLOUD_SERVER`)  || Host(`traefik.$REVERSEPROXY_DOMAINNAME_2_CLOUD_SERVER`) || Host(`traefik.$REVERSEPROXY_DOMAINNAME_3_CLOUD_SERVER`)"
      # Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
      # Middlewares
      - "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth-crowdsecbouncer-geoblock@file" # For Basic HTTP Authentication

Webapp docker compose:

    labels:
      - "traefik.enable=true"
      # HTTP Routers
      - "traefik.http.routers.j-rtr.entrypoints=websecure"
      - "traefik.http.routers.j-rtr.rule=Host(`SUBDOMAIN.$REVERSEPROXY_DOMAINNAME_0_CLOUD_SERVER`)"
      # Middlewares
      - "traefik.http.routers.j-rtr.middlewares=chain-no-auth-crowdsecbouncer-geoblock@file"
      # HTTP Services
      - "traefik.http.routers.j-rtr.service=j-svc"
      - "traefik.http.services.j-svc.loadbalancer.server.port=PORT"

Traefik yml files:

chain-basic-auth-crowdsecbouncer-geoblock.yml

http:
  middlewares:
    chain-basic-auth-crowdsecbouncer-geoblock:
      chain:
        middlewares:
          - middlewares-rate-limit
          - middlewares-secure-headers
          - middlewares-basic-auth
          - crowdsec-bouncer-traefik-plugin
          - geoblock-pascalminder-plugin

chain-no-auth-crowdsecbouncer-geoblock.yml

http:
  middlewares:
    chain-no-auth-crowdsecbouncer-geoblock:
      chain:
        middlewares:
          - middlewares-rate-limit
          - middlewares-secure-headers
          - crowdsec-bouncer-traefik-plugin
          - geoblock-pascalminder-plugin

geoblock-pascalminder-plugin.yml

http:
  middlewares:
    geoblock-pascalminder-plugin:
      plugin:
        geoblock-pascalminder-plugin:
          silentStartUp: false
          allowLocalRequests: true
          logLocalRequests: false
          logAllowedRequests: true
          logApiRequests: true
          api: "https://get.geojs.io/v1/ip/country/{ip}"
          apiTimeoutMs: 500
          cacheSize: 25
          forceMonthlyUpdate: true
          allowUnknownCountries: false
          unknownCountryApiResponse: "nil"
          blackListMode: false
          countries:
            - AU # Australia

bluepuma77 · July 2, 2024, 7:49am

What is Nikto/Nikito?

Y57 · July 2, 2024, 8:52am

Web Server Scanner initialised through command line.

Topic		Replies	Views
How to properly apply Geoblock plugin to traefik setup Traefik v2 plugin	11	1135	January 25, 2024
Geoblock plugin throwing errors in traefik log Traefik v2 docker	4	299	December 25, 2023
How to install Traefik Plugin in Kubernetes? Traefik v2 kubernetes-crd , kubernetes-ingress , middleware , plugin	8	4253	October 20, 2021
Why is my GeoBlock middleware not working for a Docker container? Traefik v2 docker , middleware , plugin	4	1599	February 23, 2022
Custom HTTP codes when geoblocked Traefik v3 (latest) middleware , plugin	7	38	August 11, 2024

Geoblock - Blocklisted country correctly blocked with 403 code via browser, however can still access via a Nikto test with 404 code

Related topics