Fix Bouncer bypass when using HTTP1.0

lib/plugins/crowdsec/ban.lua

@@ -9,32 +9,34 @@ M.ret_code = ngx.HTTP_FORBIDDEN
 
 
 function M.new(template_path, redirect_location, ret_code)
-    if template_path == nil then
-        return "BAN_TEMPLATE_PATH variable is empty, will ban without template"
-    end
-    if utils.file_exist(template_path) == false then
-        return "ban template file doesn't exist, will ban without template"
-    else
-        M.template_str = utils.read_file(template_path)
-        if M.template_str == nil then
-            M.template_str = ""
-            return "ban template file doesn't exist, will ban without template"
-        end
-    end
-
     M.redirect_location = redirect_location
 
-    for k, v in pairs(utils.HTTP_CODE) do
-        if k == ret_code then
-            M.ret_code = utils.HTTP_CODE[ret_code]
-            break
+    if ret_code ~= nil and ret_code ~= 0 then
+        for k, v in pairs(utils.HTTP_CODE) do
+            if k == ret_code then
+                M.ret_code = utils.HTTP_CODE[ret_code]
+                break
+            end
         end
     end
 
+    template_file_ok = false
+    if (template_path ~= nil and template_path ~= "" and utils.file_exist(template_path) == true) then
+        M.template_str = utils.read_file(template_path)
+        if M.template_str ~= nil then
+            template_file_ok = true
+        end
+    end
+
+    if template_file_ok == false and (M.redirect_location == nil or M.redirect_location == "") then
+        ngx.log(ngx.ERR, "BAN_TEMPLATE_PATH and REDIRECT_LOCATION variable are empty, will return HTTP " .. M.ret_code  .. " for ban decisions")
+    end
+
     return nil
 end
 
 
+
 function M.apply()
     if M.redirect_location ~= "" then
         ngx.redirect(M.redirect_location)
@@ -44,6 +46,7 @@ function M.apply()
         ngx.header.content_type = "text/html"
         ngx.status = M.ret_code
         ngx.say(M.template_str)
+        ngx.exit(M.ret_code)
         return
     end