[appsec]: Unable to parser URL due to semi colon #4152
Description
What happened?
My HAProxy dev box has no restrictions on methods, an external IP sent CONNECT requests which contains an IP in the request line:
http-in crowdsec/s1 0/0/15/15/0/0/1/16 404 89 - - CD-- 2/2/0/0/0 0/0 "CONNECT 116.202.157.104:80 HTTP/1.1" remediation: allow iso: GB
results in:
time="2025-12-17T10:44:23Z" level=error msg="unable to parse url '116.202.157.104:80': parse \"116.202.157.104:80\": first path segment in URL cannot contain colon" module=acquisition.appsec name=myAppSecComponent type=appsec
yes a proper setup should enforce restrictions on methods but we should also be able to detect these if user wishes.
What did you expect to happen?
AppSec should be able to parse any URL loosly to pass to the underlying coraza engine.
How can we reproduce it (as minimally and precisely as possible)?
Setting up the minimal haproxy spoa with appsec enabled and sending a CONNECT request should be enough to trigger.
Anything else we need to know?
No response
Crowdsec version
Details
$ cscli version
# paste output hereOS version
Details
# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here
# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output hereEnabled collections and parsers
Details
$ cscli hub list -o raw
# paste output hereAcquisition config
Details
```console # On Linux: $ cat /etc/crowdsec/acquis.yaml /etc/crowdsec/acquis.d/* # paste output hereOn Windows:
C:> Get-Content C:\ProgramData\CrowdSec\config\acquis.yaml
paste output here
Config show
Details
$ cscli config show
# paste output herePrometheus metrics
Details
$ cscli metrics
# paste output here