[BUG] appsec responding with 502, 503 or 504 should be considered as unavailable

[dani]

Describe the bug 🐛
When reaching the appsec endpoint through a proxy (in my case envoy, but would be the same with anything else), setting crowdsecAppsecUnreachableBlock to false has no effect. When using a L7 proxy to reach the appsec endpoint, if appsec is down, the proxy will respond (usually with a 502, 503 or 504 error code). In this case, Traefik will block every requests no matter crowdsecAppsecUnreachableBlock

Expected behavior 👀
Appsec endpoint replying with 502, 503 or 504, it should be considered as appsec being unavailable, so crowdsecAppsecUnreachableBlock setting is honored

Context 🔎
When I shut down crowdsec, traefik replies with a 403 for any req, despite crowdsecAppsecUnreachableBlock being false. In Traefik's logs :

time=2026-06-17T08:12:00.559+02:00 level=DEBUG msg="handleNextServeHTTP ip:192.168.7.106 isWaf:true appsecQuery statusCode:503" component=CrowdsecBouncerTraefikPlugin
time=2026-06-17T08:12:00.557+02:00 level=DEBUG msg="ServeHTTP ip:192.168.7.106 isTrusted:false" component=CrowdsecBouncerTraefikPlugin

Version (please complete the following information):

• OS: Docker
• Traefik version: 3.7.5
• Plugin version: 1.6.0
• Redis ? : no

To Reproduce
Steps to reproduce the behavior:

1. Configure so that Traefik -> appsec endpoint is done through an L7 proxy
2. Shutdown crowdsec
3. Try any request : Traefik replies with a 403