Blacklisting: stuck in loop
Closed this issue · 1 comments
It seems like I encountered a bug in the blacklisting mechanism. Imagine the following:
A user performs several malicious activities that are totaled up by the EvidenceCollector. As soon as the score exceeds the IP-threshold, the user's IP is blacklisted for the configured amount of time.
After the blacklisting has expired, the user can access the application again. However, the collected and aggregated evidence is still stored by the EvidenceCollector. Upon the next request (doesn't matter if malicious or not) the aggregated evidence is checked and the user is blacklisted again because the score has not been cleared and is still exceeding the IP-threshold.
Is this a bug or something I got wrong?
I implemented a small Bugfix that clears the evidence from the EvidenceCollector as soon as a BlacklistIpAction is performed. Now the blacklisting mechanism works fine.
That sounds like a bug :-) I'll have a look if I can reproduce it - meanwhile feel free to issue a pull request.