From d65ae46067c1af91c9c686642c1fa8abf6f9358e Mon Sep 17 00:00:00 2001
From: Brian Munro <brian.alexander.munro@gmail.com>
Date: Tue, 22 Feb 2022 06:33:05 +0200
Subject: [PATCH 1/4] Add ability to enabled/disable bouncer from config.

---
 config_example.conf             | 1 +
 lib/crowdsec.lua                | 8 ++++++++
 lib/plugins/crowdsec/config.lua | 3 ++-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/config_example.conf b/config_example.conf
index ae1cb5c..ce758b8 100644
--- a/config_example.conf
+++ b/config_example.conf
@@ -1,3 +1,4 @@
+ENABLED=true
 API_URL=${CROWDSEC_LAPI_URL}
 API_KEY=${API_KEY}
 CACHE_EXPIRATION=1
diff --git a/lib/crowdsec.lua b/lib/crowdsec.lua
index 0b47fad..c788543 100644
--- a/lib/crowdsec.lua
+++ b/lib/crowdsec.lua
@@ -32,6 +32,9 @@ function csmod.init(configFile, userAgent)
   runtime.cache = ngx.shared.crowdsec_cache
   runtime.fallback = runtime.conf["FALLBACK_REMEDIATION"]
 
+  if runtime.conf["ENABLED"] == "false" then
+    return "Disabled", nil
+  end
 
   if runtime.conf["REDIRECT_LOCATION"] == "/" then
     ngx.log(ngx.ERR, "redirect location is set to '/' this will lead into infinite redirection")
@@ -382,6 +385,11 @@ end
 
 
 function csmod.Allow(ip)
+  
+  if runtime.conf["ENABLED"] == "false" then
+    return "Disabled", nil
+  end
+
   if utils.table_len(runtime.conf["EXCLUDE_LOCATION"]) > 0 then
     for k, v in pairs(runtime.conf["EXCLUDE_LOCATION"]) do
       if ngx.var.uri == v then
diff --git a/lib/plugins/crowdsec/config.lua b/lib/plugins/crowdsec/config.lua
index 0837f7c..e3b458c 100644
--- a/lib/plugins/crowdsec/config.lua
+++ b/lib/plugins/crowdsec/config.lua
@@ -35,10 +35,11 @@ function config.loadConfig(file)
         return nil, "File ".. file .." doesn't exist"
     end
     local conf = {}
-    local valid_params = {'API_URL', 'API_KEY', 'BOUNCING_ON_TYPE', 'MODE', 'SECRET_KEY', 'SITE_KEY', 'BAN_TEMPLATE_PATH' ,'CAPTCHA_TEMPLATE_PATH', 'REDIRECT_LOCATION', 'RET_CODE', 'EXCLUDE_LOCATION', 'FALLBACK_REMEDIATION'}
+    local valid_params = {'ENABLED','API_URL', 'API_KEY', 'BOUNCING_ON_TYPE', 'MODE', 'SECRET_KEY', 'SITE_KEY', 'BAN_TEMPLATE_PATH' ,'CAPTCHA_TEMPLATE_PATH', 'REDIRECT_LOCATION', 'RET_CODE', 'EXCLUDE_LOCATION', 'FALLBACK_REMEDIATION'}
     local valid_int_params = {'CACHE_EXPIRATION', 'CACHE_SIZE', 'REQUEST_TIMEOUT', 'UPDATE_FREQUENCY', 'CAPTCHA_EXPIRATION'}
     local valid_bouncing_on_type_values = {'ban', 'captcha', 'all'}
     local default_values = {
+        ['ENABLED'] = "true",
         ['REQUEST_TIMEOUT'] = 0.2,
         ['BOUNCING_ON_TYPE'] = "ban",
         ['MODE'] = "stream",

From e688107dc4b3c6ee366c659aa9be816da453af0c Mon Sep 17 00:00:00 2001
From: Brian Munro <brian.alexander.munro@gmail.com>
Date: Tue, 22 Feb 2022 16:16:32 +0200
Subject: [PATCH 2/4] Make sure only true|false is entered into the config.

---
 lib/plugins/crowdsec/config.lua | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/plugins/crowdsec/config.lua b/lib/plugins/crowdsec/config.lua
index e3b458c..236a076 100644
--- a/lib/plugins/crowdsec/config.lua
+++ b/lib/plugins/crowdsec/config.lua
@@ -38,6 +38,7 @@ function config.loadConfig(file)
     local valid_params = {'ENABLED','API_URL', 'API_KEY', 'BOUNCING_ON_TYPE', 'MODE', 'SECRET_KEY', 'SITE_KEY', 'BAN_TEMPLATE_PATH' ,'CAPTCHA_TEMPLATE_PATH', 'REDIRECT_LOCATION', 'RET_CODE', 'EXCLUDE_LOCATION', 'FALLBACK_REMEDIATION'}
     local valid_int_params = {'CACHE_EXPIRATION', 'CACHE_SIZE', 'REQUEST_TIMEOUT', 'UPDATE_FREQUENCY', 'CAPTCHA_EXPIRATION'}
     local valid_bouncing_on_type_values = {'ban', 'captcha', 'all'}
+	local valid_truefalse_values = {'false', 'true'}
     local default_values = {
         ['ENABLED'] = "true",
         ['REQUEST_TIMEOUT'] = 0.2,
@@ -58,6 +59,13 @@ function config.loadConfig(file)
             local s = split(line, "=")
             for k, v in pairs(s) do
                 if has_value(valid_params, v) then
+					if v == "ENABLED" then
+                        local value = s[2]
+                        if not has_value(valid_truefalse_values, s[2]) then
+                            ngx.log(ngx.ERR, "unsupported value '" .. s[2] .. "' for variable '" .. v .. "'. Using default value 'ban' instead")
+                            break
+                        end
+                    end
                     if v == "BOUNCING_ON_TYPE" then
                         local value = s[2]
                         if not has_value(valid_bouncing_on_type_values, s[2]) then

From 39e00286e30797bb12d0e34a70afdca2033a3ad3 Mon Sep 17 00:00:00 2001
From: Brian Munro <brian.alexander.munro@gmail.com>
Date: Thu, 24 Feb 2022 17:07:35 +0200
Subject: [PATCH 3/4] Fix indentation, use space instead of tabs

---
 lib/plugins/crowdsec/config.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/plugins/crowdsec/config.lua b/lib/plugins/crowdsec/config.lua
index 236a076..f253b4b 100644
--- a/lib/plugins/crowdsec/config.lua
+++ b/lib/plugins/crowdsec/config.lua
@@ -38,7 +38,7 @@ function config.loadConfig(file)
     local valid_params = {'ENABLED','API_URL', 'API_KEY', 'BOUNCING_ON_TYPE', 'MODE', 'SECRET_KEY', 'SITE_KEY', 'BAN_TEMPLATE_PATH' ,'CAPTCHA_TEMPLATE_PATH', 'REDIRECT_LOCATION', 'RET_CODE', 'EXCLUDE_LOCATION', 'FALLBACK_REMEDIATION'}
     local valid_int_params = {'CACHE_EXPIRATION', 'CACHE_SIZE', 'REQUEST_TIMEOUT', 'UPDATE_FREQUENCY', 'CAPTCHA_EXPIRATION'}
     local valid_bouncing_on_type_values = {'ban', 'captcha', 'all'}
-	local valid_truefalse_values = {'false', 'true'}
+    local valid_truefalse_values = {'false', 'true'}
     local default_values = {
         ['ENABLED'] = "true",
         ['REQUEST_TIMEOUT'] = 0.2,
@@ -59,7 +59,7 @@ function config.loadConfig(file)
             local s = split(line, "=")
             for k, v in pairs(s) do
                 if has_value(valid_params, v) then
-					if v == "ENABLED" then
+                    if v == "ENABLED" then
                         local value = s[2]
                         if not has_value(valid_truefalse_values, s[2]) then
                             ngx.log(ngx.ERR, "unsupported value '" .. s[2] .. "' for variable '" .. v .. "'. Using default value 'ban' instead")

From a7d712f65d29e193888e8fb32f89ebf31591db07 Mon Sep 17 00:00:00 2001
From: Brian Munro <brian.alexander.munro@gmail.com>
Date: Thu, 24 Feb 2022 17:09:03 +0200
Subject: [PATCH 4/4] Fix nginx error to reflect option default.

---
 lib/plugins/crowdsec/config.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/plugins/crowdsec/config.lua b/lib/plugins/crowdsec/config.lua
index f253b4b..5c3ade5 100644
--- a/lib/plugins/crowdsec/config.lua
+++ b/lib/plugins/crowdsec/config.lua
@@ -62,7 +62,7 @@ function config.loadConfig(file)
                     if v == "ENABLED" then
                         local value = s[2]
                         if not has_value(valid_truefalse_values, s[2]) then
-                            ngx.log(ngx.ERR, "unsupported value '" .. s[2] .. "' for variable '" .. v .. "'. Using default value 'ban' instead")
+                            ngx.log(ngx.ERR, "unsupported value '" .. s[2] .. "' for variable '" .. v .. "'. Using default value 'true' instead")
                             break
                         end
                     end