il/ilnmors-homelab

Files

T

il 70bf539546 docs(issues): fix crowdsec whitelist regex to whitelist expressions

2026-05-02 20:40:10 +09:00

1.1 KiB

Raw Blame History

Immich crowdsec false positive issue

Status

Finished

Date

2026-03-21

Version

Immich: 2.6.1

Problem

When users access and log in Immich while Immich is generating thumbnail, all connections to homelab services are refused.
- fw ban users' IP address.

Reason

Immich sends 404 error to clients when the client request thumbnail while it is generating them.
LAPI decides a ban when a lot of 404 errors occur in short time

Timeline

2026-03-21: Release Immich
2026-03-21: Find the false positive case, and add whitelist

Solution

Access to fw
- Check the ban list with sudo cscli alerts list
- Read the ban case with sudo cscli alerts inspect $NUMBER
Add expressions on whitelist
- evt.Meta.target_fqdn == '{{ services['immich']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/api/assets/' && evt.Meta.http_path contains '/thumbnail'
Delete false positive decision
- Check false positive decision with sudo cscli decision list
- Delete false positive decision with sudo cscli decision delete --id $ID