nginx lua error on requests after publish

[yanushg]

1. Change setting to trigger publish
2. after publish is done send a request

error in logs
2022/12/01 09:13:00 [error] 39#39: *90196 lua entry thread aborted: runtime error: ./lua/session_nginx.lua:186: attempt to compare table with number
stack traceback:
coroutine 0:
./lua/session_nginx.lua: in function 'inspect'
access_by_lua(proxy___default_____default_____default___.in:3: in main chunk, client: 199.203.196.185, server: fire-prod-pty5.rbzdevshai002wmia.dev.rbzdns.com, request: "GET / HTTP/1.1", host: "fire-prod-pty5.rbzdevshai002wmia.dev.rbzdns.com"
2022/12/01 09:13:00 [error] 39#39: 90196 failed to run log_by_lua: ./lua/session_nginx.lua:226: attempt to index local 'res' (a nil value)
stack traceback:
./lua/session_nginx.lua:226: in function 'log'
log_by_lua(proxy___default_____default_____default___.inc:3:3: in main chunk while logging request, client: 199.203.196.185, server: fire-prod-pty5.rbzdevshai002wmia.dev.rbzdns.com, request: "GET / HTTP/1.1", host: "fire-prod-pty5.rbzdevshai002wmia.dev.rbzdns.com"

[aisenbergmor]

@bartavelle, can you please update when you can investigate this issue?

[tzuryby]

@yanushg please share ASAP the following:

JSON files representing

• config of rate limits
• ACl
• Content filter
• security policies

The request(s) you have sent
The full error logs
Images version for conf and proxy services

[yanushg]

Rate limit:

[{"id": "rl-asn-path-ddos", "name": "global rate limit asn per host+path 10k/60", "description": "10K+ requests per minute", "include": [], "exclude": [], "tags": ["rtc:ddos"], "active": true, "timeframe": 60, "thresholds": [{"limit": 10000, "action": "action-monitor"}], "pairwith": {"self": "self"}, "key": [{"attrs": "asn"}, {"headers": "host"}, {"attrs": "path"}], "global": true}, {"id": "rl-session-host-ddos", "name": "global rate limit session per host 300/180", "description": "300 requests per 3 minutes", "include": [], "exclude": ["static-content"], "tags": ["rtc:ddos"], "active": true, "timeframe": 180, "thresholds": [{"limit": 300, "action": "action-monitor"}], "pairwith": {"self": "self"}, "key": [{"attrs": "session"}, {"headers": "host"}], "global": true}, {"id": "rl-session-host-ddos-static", "name": "global rate limit session per host 400/180", "description": "400 requests per 3 minutes for static content", "include": ["static-content"], "exclude": [], "tags": ["rtc:ddos"], "active": true, "timeframe": 180, "thresholds": [{"limit": 400, "action": "action-monitor"}], "pairwith": {"self": "self"}, "key": [{"attrs": "session"}, {"headers": "host"}], "global": true}, {"id": "rl-session-path-ddos", "name": "global rate limit session per path 60/60", "description": "60 requests per minute", "include": [], "exclude": [], "tags": ["rtc:ddos"], "active": true, "timeframe": 60, "thresholds": [{"limit": 60, "action": "action-monitor"}], "pairwith": {"self": "self"}, "key": [{"attrs": "session"}, {"headers": "host"}, {"attrs": "path"}], "global": true}, {"id": "rl-session-cross-ip", "name": "global rate limit session per ip 5/3600", "description": "5 unique IPs per hour", "include": [], "exclude": [], "tags": ["rtc:account-takeover", "owasp-api04-lroarl", "owasp-app07-iaaf"], "active": false, "timeframe": 3600, "thresholds": [{"limit": 5, "action": "action-monitor"}], "pairwith": {"attrs": "ip"}, "key": [{"attrs": "session"}], "global": true}, {"id": "rl-session-cross-asn", "name": "global rate limit session per asn 2/3600", "description": "2 unique ASNs per hour", "include": [], "exclude": [], "tags": ["rtc:account-takeover", "owasp-api04-lroarl", "owasp-app07-iaaf"], "active": false, "timeframe": 3600, "thresholds": [{"limit": 2, "action": "action-monitor"}], "pairwith": {"attrs": "asn"}, "key": [{"attrs": "session"}], "global": true}, {"id": "rl-session-cross-country", "name": "global rate limit session per country 2/3600", "description": "2 unique countries per hour", "include": [], "exclude": [], "tags": ["rtc:account-takeover", "owasp-api04-lroarl", "owasp-app07-iaaf"], "active": false, "timeframe": 3600, "thresholds": [{"limit": 2, "action": "action-monitor"}], "pairwith": {"attrs": "country"}, "key": [{"attrs": "session"}], "global": true}, {"id": "rl-rbzid-cross-ip", "name": "global rate limit rbzid per ip 5/3600", "description": "5 unique IPs per hour", "include": [], "exclude": [], "tags": ["rtc:account-takeover", "owasp-api04-lroarl", "owasp-app07-iaaf"], "active": false, "timeframe": 3600, "thresholds": [{"limit": 5, "action": "action-monitor"}], "pairwith": {"attrs": "ip"}, "key": [{"cookies": "rbzid"}], "global": true}, {"id": "rl-rbzid-cross-asn", "name": "global rate limit rbzid per asn 2/3600", "description": "2 unique ASNs per hour", "include": [], "exclude": [], "tags": ["rtc:account-takeover", "owasp-api04-lroarl", "owasp-app07-iaaf"], "active": false, "timeframe": 3600, "thresholds": [{"limit": 2, "action": "action-monitor"}], "pairwith": {"attrs": "asn"}, "key": [{"cookies": "rbzid"}], "global": true}, {"id": "rl-rbzid-cross-country", "name": "global rate limit rbzid per country 2/3600", "description": "2 unique ips per hour", "include": [], "exclude": [], "tags": ["rtc:account-takeover", "owasp-api04-lroarl", "owasp-app07-iaaf"], "active": false, "timeframe": 3600, "thresholds": [{"limit": 2, "action": "action-monitor"}], "pairwith": {"attrs": "country"}, "key": [{"cookies": "rbzid"}], "global": true}]

ACL:

[{"id": "__acldefault__", "name": "acl-default", "tags": [], "action": "action-acl-block", "allow": [], "allow_bot": [], "deny_bot": [], "passthrough": ["skip-waf"], "deny": ["acl-deny"], "force_deny": ["enforce-acl-deny"]}, {"id": "__acldenybot__", "name": "acl-deny-bot", "tags": [], "action": "action-acl-block", "allow": [], "allow_bot": ["allow-bot"], "deny_bot": ["all"], "passthrough": ["skip-waf"], "deny": ["acl-deny"], "force_deny": ["enforce-acl-deny"]}, {"id": "__acldenyall__", "name": "acl-deny-all", "tags": [], "action": "action-acl-block", "allow": [], "allow_bot": [], "deny_bot": [], "passthrough": [], "deny": [], "force_deny": ["all"]}]

Content filter

[{"id": "__defaultcontentfilter__", "name": "default contentfilter", "active": ["cf-rule-risk:5", "cf-rule-risk:4", "cf-rule-risk:3", "cf-rule-subcategory:libinjection-xss"], "action": "action-contentfilter-block", "content_type": [], "decoding": {"base64": true, "dual": true, "html": false, "unicode": false}, "ignore": [], "report": [], "masking_seed": "CHANGEME", "allsections": {"max_count": 42, "max_length": 1024, "names": [], "regex": []}, "path": {"max_count": 42, "max_length": 1024, "names": [], "regex": []}, "cookies": {"max_count": 42, "max_length": 1024, "names": [], "regex": []}, "headers": {"max_count": 42, "max_length": 1024, "names": [], "regex": []}, "args": {"max_count": 512, "max_length": 1024, "names": [], "regex": []}, "ignore_alphanum": true}]

SP:

[{"id": "__default__", "name": "default security policy", "map": [{"id": "__root_entry__", "name": "__root__", "description": null, "match": "^/(\\W.*)?$", "acl_profile": "__acldefault__", "acl_active": true, "content_filter_profile": "__defaultcontentfilter__", "content_filter_active": true, "limit_ids": []}, {"id": "__default_entry__", "name": "__default__", "description": null, "match": "/", "acl_profile": "__acldefault__", "acl_active": true, "content_filter_profile": "__defaultcontentfilter__", "content_filter_active": true, "limit_ids": []}], "tags": [], "match": "__default__", "session": [{"attrs": "ip"}]}]

The log is the full log i am getting in proxy pod

[tzuryby]

according to @Ronyk11 this caused by the fast we use Redis cluster, and somewhere in one of those lines we get an error such as
MOVED 2814 172.31.211.149:6379

perhaps we should consider switching to https://github.com/steve0511/resty-redis-cluster or similar