From a53d2b1d63159c17575578019719a753e28e2466 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Tue, 17 Mar 2026 12:41:14 +0100 Subject: [PATCH] fix(metrics): Get WAF blocked count from CrowdSec mitmproxy decisions - WAF blocked now counts mitmproxy scenario decisions (1031 blocks) - Removed waf_threats field (redundant with waf_blocked) - Fixed dashboard to show 3 WAF stats: Bans, Alerts, Blocked Co-Authored-By: Claude Opus 4.5 --- .../luci-static/resources/view/metrics/dashboard.js | 9 ++------- .../root/usr/libexec/rpcd/luci.metrics | 13 +++++-------- 2 files changed, 7 insertions(+), 15 deletions(-) diff --git a/package/secubox/luci-app-metrics-dashboard/htdocs/luci-static/resources/view/metrics/dashboard.js b/package/secubox/luci-app-metrics-dashboard/htdocs/luci-static/resources/view/metrics/dashboard.js index 9b23a51a..8a54f8b0 100644 --- a/package/secubox/luci-app-metrics-dashboard/htdocs/luci-static/resources/view/metrics/dashboard.js +++ b/package/secubox/luci-app-metrics-dashboard/htdocs/luci-static/resources/view/metrics/dashboard.js @@ -301,12 +301,8 @@ return view.extend({ E('span', { 'class': 'mx-row-val', 'id': 'w-alerts' }, String(w.alerts_today || 0)) ]), E('div', { 'class': 'mx-row' }, [ - E('span', { 'class': 'mx-row-label' }, 'WAF Threats'), - E('span', { 'class': 'mx-row-val', 'id': 'w-threats' }, String(w.waf_threats || 0)) - ]), - E('div', { 'class': 'mx-row' }, [ - E('span', { 'class': 'mx-row-label' }, 'Blocked'), - E('span', { 'class': 'mx-row-val', 'id': 'w-blocked', 'style': 'color:#f44336' }, String(w.waf_blocked || 0)) + E('span', { 'class': 'mx-row-label' }, 'WAF Blocked'), + E('span', { 'class': 'mx-row-val', 'id': 'w-blocked', 'style': (w.waf_blocked || 0) > 0 ? 'color:#ff9800' : '' }, String(w.waf_blocked || 0)) ]) ]), @@ -367,7 +363,6 @@ return view.extend({ 's-tcp': String(c.total_tcp || 0), 'w-bans': String(w.active_bans || 0), 'w-alerts': String(w.alerts_today || 0), - 'w-threats': String(w.waf_threats || 0), 'w-blocked': String(w.waf_blocked || 0), 'c-https': String(c.https || 0), 'c-http': String(c.http || 0), diff --git a/package/secubox/luci-app-metrics-dashboard/root/usr/libexec/rpcd/luci.metrics b/package/secubox/luci-app-metrics-dashboard/root/usr/libexec/rpcd/luci.metrics index ad93ba24..db6804c6 100644 --- a/package/secubox/luci-app-metrics-dashboard/root/usr/libexec/rpcd/luci.metrics +++ b/package/secubox/luci-app-metrics-dashboard/root/usr/libexec/rpcd/luci.metrics @@ -57,7 +57,7 @@ build_overview() { # Build WAF stats build_waf_stats() { local cs_running=false mitmproxy_running=false - local bans=0 alerts_today=0 waf_threats=0 waf_blocked=0 + local bans=0 alerts_today=0 waf_blocked=0 pgrep crowdsec >/dev/null 2>&1 && cs_running=true pgrep -f mitmdump >/dev/null 2>&1 && mitmproxy_running=true @@ -65,15 +65,12 @@ build_waf_stats() { if [ "$cs_running" = "true" ]; then bans=$(cscli decisions list -o json 2>/dev/null | grep -c '"id"' || echo 0) alerts_today=$(cscli alerts list --since 24h -o json 2>/dev/null | grep -c '"id"' || echo 0) + # WAF blocks = mitmproxy scenario decisions + waf_blocked=$(cscli decisions list -o json 2>/dev/null | grep -c 'mitmproxy' || echo 0) fi - if [ -f "/tmp/secubox-mitm-stats.json" ]; then - waf_threats=$(jsonfilter -i /tmp/secubox-mitm-stats.json -e '@.threats_today' 2>/dev/null || echo 0) - waf_blocked=$(jsonfilter -i /tmp/secubox-mitm-stats.json -e '@.blocked_today' 2>/dev/null || echo 0) - fi - - printf '{"crowdsec_running":%s,"mitmproxy_running":%s,"active_bans":%d,"alerts_today":%d,"waf_threats":%d,"waf_blocked":%d}' \ - "$cs_running" "$mitmproxy_running" "$bans" "$alerts_today" "$waf_threats" "$waf_blocked" + printf '{"crowdsec_running":%s,"mitmproxy_running":%s,"active_bans":%d,"alerts_today":%d,"waf_blocked":%d}' \ + "$cs_running" "$mitmproxy_running" "$bans" "$alerts_today" "$waf_blocked" } # Build connections