nginx bouncer: attempt to concatenate local 'ip_type' (a nil value)
I just noticed that my NGINX Bouncer has stopped contacting my LAPI for decisions and has stopped bouncing, I re-created the API token for the bouncer just in case it was a weird bug but that didn't fix it. I haven't changed my config in a while so that shouldn't be the issue.
I can see in NGINX's logs the Bouncer quits on startup and then never runs again.
```
2025/10/02 20:47:47 [info] 68873#68873: 1 [lua] crowdsec_nginx.conf:28):5: Initializing stream mode for worker 0, context: init_worker_by_lua...
State of cs-cloud-firewall-bouncer
Hi !
My company is in need of a cloud firewall bouncer that can sync decisions to clouders firewalls. After digging a bit, I found the crowdsecurity/cs-cloud-firewall-bouncer repo which seems to do exactly that. We're willing to add an implementation for Scaleway LB ACLs but wanted to know if we should fork it or if the project is definitively abandoned.
Cheers...
Huge RAM consumption after upgrade
Hiya!
Our CrowdSec LAPI had been running on 1.6.10 for a while, but our agents got upgraded to 1.7.0.
We've just noticed that there have been errors in the communication between the agents and the LAPI, as mentioned here in a few tickets already.
We upgraded our LAPI to the newest version and immediately the VM ran out of RAM. ...
Not receiving notifications from (not LAPI) machine
As the titel says... I have not been receiving notifications as of recently when an alert originated from my host 'tower'... Distributed setup, mix of containers and native installs, LAPI is a container. Instance not sending notifications is also a container...
I don't see any relevant erros in the docker logs. However I have a feeling some parsing is failing and thus not sending anything?
I have 2 notifications formats, discord & pushover:...
New to crowdsec - conntrack full after installing crowdsec
Uh, hi. I'm pretty new to crowdsec in general, so please pardon me if this is a stupid question. I recently just installed crowdsec replacing fail2ban on my 2 servers, after installing it, I seem to be starting to get some alert from netdata that the conntrack limit is at 100%, which I presume is a bad thing. I'm wondering if there's any config from crowdsec that I can use to help with this? Thanks
nixos
Hey Folks,
Sorry to bother you, but do you know which is the "official" NixOS CrowdSec package and which wiring is suggested?
(currently using: crowdsec = nixpkgs-unstable.legacyPackages.${system}.crowdsec;)
Thanks!...
New to CrowdSec, 5 servers, 3 not sending data to console
I am new to crowdsec, and have 5 servers that I have set up for crowdsec and enrolled in the console. 2 of them are working well, but the other three aren’t sending data. They appear to be working locally just not sending data to console. For example, see the attached screen shot.
What I’ve noticed, in comparing the working ones with the non-working ones, is that the working ones show “crowdsec (security engine)” below the CAPI line, and the ones that don’t, don’t. Which totally makes sense. But how to fix?...
Authentik (docker) with remote crowdsec component on network
Trying to determine how to configure the Crowdsec components for Authentik log ingestion and point it to my existing Crowdsec server that already has logs feeding into it.
Also curious on how to validate nginx logs are being ingested by the Crowdsec server i already have established....
Allowlisted IP still triggers LePresidente/http-generic-403-bf scenario
Environment:
• CrowdSec v1.7.0-c3036e21-docker
• Docker deployment with Traefik
• Ubuntu Linux
...
Nextcloud client for Linux causes a ban by 'securityEngineIconhttp-crawl-non_statics'
I use the Nextcloud client to sync my local files with my Nextcloud server. This worked very well as long as I were in the same local network as the Nextcloud server. I recently moved to a new location and noticed, that crowdsec bans my IP as soon as I boot up my computer. I tracked it down to the Nextcloud Client. I reset the client and set everything up again. A few minutes, after the client began to sync all the files to this PC, the internet IP was banned again. I am looking forward to your...
Failed sending alert to LAPI, Invalid character.
Hi, I do get this error when looking at the docer logs:
time="2025-09-21T15:00:00+02:00" level=error msg="while pushing to api : failed sending alert to LAPI: API error: invalid character '\x1f' looking for beginning of value"
My Setup has a OPNsense which acts a the LAPI and a Debian Server with Crowdsec and Nginx Proxy Manager Container. The setup was functional before and when I check the OPNSense I can see alerts from a day before. I'm not really sure if I did something that broke it or if onlye some alerts get pushed to the opnsense... I added a new service to my nginx proxy manager today and thats why I looked into crowdsec to check if everything is working. ...
nftables IP ban based on appsec?
I've tried to search for support threads here on discord, but can't really find anything. I've also tried to read the docs and asked chatgpt (increadiably useless, but was worth a try) but I feel like I'm missing something fundamental here.
What I want:
- AppSec triggered from traefik to add an IP block on nftables.
...
Notification for already banned ip from cscli-import blocklist
I use a script for import ip in abuseipdb with confidence minimum score to 75
Ban duration is 24H
the script use cscli-import for that.
It's the firt day I use this script, the script import +100k ip.
Since then, I haven't seen any alerts in CrowdSec....
friewall-bouncer fail to add rules
I just installed the official firewall bouncer in nftables mod but get this error :
unable to commit add decisions nftables: failed to flush conn: conn.Receive: netlink receive: no such file or directory
I am using the image docker image ghcr.io/shgew/cs-firewall-bouncer-docker...Postoverflow is not retrieving my link.
Hello, I tried to set up a list of IPs and use it via a Postoverflow scenario, but it didn't work. Do you know why ?
```yaml
name: aukfood/aukfood-whitelist
description: "Whitelist Aukfood monitoring IPs"...
cscli machines inspect not showing all machine detail in distributed setup
Hey, I am currently trialling a distributed setup. i have a centralised security engine running on a dedicated VM (lets call it server1), then 3 apache webservers with the engine installed doing log parsing and reporting back to the LAPI on Server1.
The first webserver we setup is working perfectly, were seeing tons of alerts and decisions, if i run cscli machines inspect against this machine (server5) i see a ton of acquisition and parser metrics as you would expect for a busy server.
However we then set log parsing up on servers 2 and 6 and are not having the same results. If i run machines inspect against server2 i see the machine overview box with the datasource and collection information (this all looks good), but i have no parser or acquisition boxes. If i check logs and metrics on server2 itself it seems to be working as expected, i can see lots of acquisition and parser detail. Its as if its not making it back to server1 for some reason.
...
Opnsense Crowdsec email notifications
Hi,
Im using crowdsec latest with opnsense latest, all is working well, and i have notifications to email, also working well, only that when i receive a notificatrion for ban ip due to portscan for example, i dont get which wan interface did that ban get on, i have 4 WAN interfaces and i want to know on which interface / WAN IP was that detceted on / banned on.
Thanks...
Bouncer decision source across unreliable network
I am running crowdsec with a topology very similar to the multi-server setup described in the docs. It works great!
I have recently added a new machine to my ecosystem that is a VPS VM, outside my local network. It has a log processor reporting back to my LAPI inside my local network and a firewall bouncer getting decisions from that LAPI. It is connected via Wireguard and works fine across this overlay, currently.
However, I've run into an issue with this topology. My local network lost power and all my machines had to shut down, including the LAPI and, of course, the Wireguard peer routing to the VPS. My bouncer was left without an LAPI to query....
Custom scenario and local RegexpInFile data
Hi, based on http-bad-user-agent, i've created a
local/http-bad-user-agent
```
type: trigger
format: 2.0...