Traefik, Bouncer plugin and firewall bouncer issues
Hi, I have been trying for a while and I cannot figure out where I am going wrong.
I am running traefik in a container with docker compose, I wanted to add crowdsec to it, it was working when I fiddled with some options but I am not a 100% sure why and when. I cannot get the firewall bouncer to work at all and I seem to have lost the ability to get the traefik bouncer plugin to work now as well, I am getting 403s everywhere.
I am attaching all my config files/logs.
...
Cant list allowlists?
I tried to list allowlists with 'cscli allowlist list' and get the following error:
Error: Get "http://localhost:8080/v1/allowlists?with_content=true": API error: ent: machine not foun
I'm using cscli from the LAPI pod on 1.6.11. I was able to create and add IPs to an allowlist but can't list them. I also can't 'cscli allowlist inspect <my list>'. Any ideas?...
How to allow bots access to some URLs but not others
I have a site behind haproxy / crowdsec-spoa-bouncer I would like to ban known bad IP addresses across the board. For bots I would like to allow some url paths but not others, for the resource intensive url paths I would like to present a captcha.
Is it possible to configure behaviour by URL and, if so, where should this be configured / is there an example config ?...
Update chocolatey packages
Hey I just noticed that the chocolatey package of the cs windows firewall bouncer and crowdsec are outdated in the chocolatey package repository. The updates are available through winget but not chocolatey.
Btw crowdsec 1.7.0 is missing the detect.yaml on windows ( for cscli setup ).
Bouncer:
Version: 0.0.3...
Priority tag before syslog line...
Hi,
I'm in the process of setting up a syslog server and I chose Vector for this. However it seems like they add a <priority> tag before every syslog line... Like so:
```
<86>Sep 8 09:50:30 Tower sshd-session[2240196]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)...
PfSense or npm or both
Iβve been using CrowdSec with the npmplus Docker image for about a year now, and just set up a pfSense box. npmplus is running on a separate physical machine from my pfSense. Is there any way to set up both without paying 59$ a month for a second slot? I tried just having the npmplus be the LAPI and having the pfSense box send the logs to the npmplus parser, but whenever I do that, it requires me to add a second slot to my engine. Not saying I donβt want to support CrowdSec in the amazing things...
NPM remediation component can't reach LAPI due to certificate error
proxy-host-6_error.log:2025/09/06 04:41:52 [error] 241#241: *1782 [lua] live.lua:39: live_query(): failed to query LAPI https://crowdsec.local.rxample.net/v1/decisions?ip=192.168.1.52: 20: unable to get local issuer certificate, client: 192.168.1.52, server: homeassistant.example.net, request: "POST /api/webhook/wow HTTP/1.1", host: "homeassistant.example.net"
The crowdsec log processor and curl etc. in the same machine can reach the LAPI just fine.
My LAPI runs in a separate machine reachable through https://crowdsec.local.example.net inside the local network.
Other log processors running in home assistant and it's bouncer can also connect with the LAPI without issues....
Nextcloud AIO Docker Container and Crowdsec
Hi,
I run Nextcloud AIO (NC AIO) in docker and would like to also use the Crowdsec docker container. From my limited understanding, Crowdsec works by parsing the webserver logs and I do know that NC AIO uses apache as it's webserver, so the Crowdsec container will need to be able to parse the apache log files. I'm just not sure how to make this happen and was hoping someone with knowledge could help me out here. Thank you π...
Curious about expiration on Decisions around the 22 hour space
It seems there are 3 different groupings of expiring decisions, those around the 4 hour length, a jump up to the 22 hour length with a huge group of IPs, and then another rather large jump up to 104 with its group going on up to less than 168 hours
The 22-24 hour group, does it stay around, or do the elements in the group occasionally or often 'expire naturally'?
```...
kubernetes k8s overriding parameters for Scenario
I want to increase the
capacity in the crowdsecurity/nginx-req-limit-exceeded scenario.
(Scenario installed together with the collection crowdsecurity/nginx)
How can I do this?...Nginx + Crowdsec on Debian, Unparsed logs
Hi guys,
I just installed Crowdsec and what I noticed is that I have some unparsed logs. I have talked to AI for 2 hours straight and now im wondering if this is even worth fixing or just normal behaviour.
Parser Metrics β
ββββββββββββββββββββββββββββββββββββββ¬βββββββ¬βββββββββ¬βββββββββββ€...
Container Acquisition randomly stopping
I setup CrowdSec to acquire logs from Traefik and Authelia. The logs are read through a socket proxy.
So i have a config file for Authelia like this:
```yaml
container_name:...
Docker-based Engine Keeps Disconnecting
Hey guys,
I have a working crowdsec/traefik config running via Docker Compose. My issue is that it seems that I get the engine registered in the container via cscli enroll and it will work for a few hours then just stop checking in.
What's the best way to register the container's engine and make 100% sure it won't just disappear?...
AppSec whitelist? Ignore vpatch-git-config when matching?
Hello, I am new to CrowdSec and have always worked with Fail2Ban before.
I secured my NPM with CrowdSec. Like many others, NPM acts as a bridge to underlying services. The
access.logs and error.logs are processed, and AppSec is also configured. Everything works. Today, I put my Nextcloud behind the NPM into operation. I was able to successfully configure the parser whitelist (s02-enrich) so that http-sensitive-files does not block my .git directories, etc.
However, I still occasionally got 403 and 404 errors during synchronization, which ultimately led to a ban for some directories (http-probing)....How to test CAPTCHA with crowdsec-haproxy-spoa-bouncer
Hello,
I'm new to crowdsec and really impressed with it so far. I think I've got crowdsec-haproxy-spoa-bouncer setup correctly using the v0.0.5-rc2 release (I'm using turnstile so needed that, thank you)
How do I test the CAPTCHAs?
If I go to my site normally I am allowed in.
If I set
cscli decisions add --ip my.ip.ad.dr --type captcha I get the captcha and pass it but I am redirected to the CAPTCHA page again....Enrollment of server with docker in Security Engine
After installing crowdsec in a Docker environment, what is the best way to enroll it into the Crowdsec Security Engine?
traefik logs
i am trying to get traefik to show up in cscli metrics, but the container does not show up and i've created the file traefik.yaml and placed in the
acquis.d directory where it should goGrafana Dashboards showing no data for many panels
I just setup the Prometheus export (
level = "full") and setup a couple of Grafana dashboards from here: https://github.com/crowdsecurity/grafana-dashboards
Now most of the panels have no data at all.
An example of the CrowdSec Overview panel is in the attachment.
...
Upgrade to 1.7.0
I just tried to upgrade from 1.6.11 to 1.7.0 but the update always fails on either main nor lapi connected machines.
Main machine:
...
Sep 03 10:07:50 vps crowdsec[1090085]: FATAL crowdsec init: while loading acquisition config: missing labels in /etc/crowdsec/acquis.yaml (position 3)
Sep 03 10:07:50 vps systemd[1]: crowdsec.service: Control process exited, code=exited, status=1/FAILURE
Sep 03 10:07:50 vps crowdsec[1090085]: FATAL crowdsec init: while loading acquisition config: missing labels in /etc/crowdsec/acquis.yaml (position 3)
Sep 03 10:07:50 vps systemd[1]: crowdsec.service: Control process exited, code=exited, status=1/FAILURE
k8s test not working, possibly due to real IPs not being passed?
I have everything deployed in k8s.
I am using nginx-ingress from here.
I have manually modified the helm chart for the local lapi container to use the
use_forwarded_for_headers flag....