Docker Compose Crowdsec Cloudflare Bouncer on Free Cloudflare account
Heh, overloaded my 10000 item list lists and this isn't very well documented, but I had to:
Then to re-setup my lists (as I had changed from challenge to block, this was expecially necessary:
...
docker compose exec crowdsec-cloudflare-bouncer crowdsec-cloudflare-bouncer -d
docker compose exec crowdsec-cloudflare-bouncer crowdsec-cloudflare-bouncer -d
docker compose exec crowdsec-cloudflare-bouncer crowdsec-cloudflare-bouncer -s
docker compose exec crowdsec-cloudflare-bouncer crowdsec-cloudflare-bouncer -s
Seafile Creating Http-probing
Hi,
Can anyone help me figure out what needs to be done so that Seafile doesn't trigger http-probing anymore ?
Thank you...
Enable appsec only for specific NGINX locations
Hi. Is there a way to only enable the WAF (appsec) for certain NGINX locations? I'm reverse proxying different locations to different backends and I don't want the WAF applied to all of them.
Multi-server setup, database, should we comment out the db config for all the nodes
When you setup a multi-server setup, have a main LAPI w/DB backend, does each log processor/client need its own DB (otherwise it gives an error about the DB) or can you comment that out of the config.yaml for the clients (leaving it configured for the main LAPI/main-server)?
Cloudflare Worker : error 1001
Hi,
I try to setup the crowdsec cloudflare worker bouncer, but when I run the command generator I've got this error :
command : ...
Help me update my possibly outdated crowdsec setup.
Hello everyone,
It has been a while since I last worked with crowdsec, a lot seems to have changed, and I am lost. My personal setup has changed as well, I was using authelia as my auth service, but I've moved over to authentik.
That's also where my first question lies, I used to have authelia setup. With the collection
LePresidente/authelia
...
Bad IP lists in open source (free) version
Hi guys
I'm confused regarding the sources of bad IPs in the open souce (free) version. Does everyone get access to the crowdsourced IP list? (the list of bad IPs collected from all the other Crowdsec instances out there). Or is that only available as a paid blocklist?...
cloudflare worker & pricing
Hi,
I'm currently looking at the cloudflare worker bouncer.
The cloudflare documentation say that request to "static asset" are free.
But it seem you have to setup some route for that....
Need an insight for cloudflare tunnels --->> Nginx ---->> Website
Everything is working perfectly but alerts are not pop up.
SystemOS- Ubuntu 24.04
Nginx version is 1.26.2...
Testing AppSec rules with POST body contents
I'm testing whether my AppSec component blocks in case one of the rules of the virtual patching collection is being hit. I'm using CVE-2024-29824 as an example: https://app.crowdsec.net/hub/author/crowdsecurity/appsec-rules/vpatch-CVE-2024-29824. According to the rule a POST request to a URL ending in
/wsstatusevents/eventhandler.asmx and containing xp_cmdshell should trigger the rule. When I'm simulating such a request, it's not blocked, though.
As far as I know this is an in-band rule, so it should react immediately. I have successfully tested with GET /rpc2, so the AppSec component itself seems to be functioning. POST requests that only consider headers being set seem to be result in the expected response too.
When I check the (debug) logs I see this:...file.yaml doesn't work
Hello, I noticed that the file.yaml file initially created for integration with SIEM is not working. I am using Wazuh, and the logs are not being forwarded. I suggest modifying it as follows.
before :
```yaml
Don't change this...
Permanent ban for IPs and ASNs
Is there an existing feature or pattern for proactively blocking IP blocks and ideally, IP blocks associated with an ASN? Was going to implement a cron job of sorts that manages a decision on the LAPI but was wondering if there's a builtin solution for this first.
Nginx ingress controller unexpected DNS response
Hi everyone,
I'm trying out Crowdsec for the first time in Kubernetes.
It's an AKS cluster with an Nginx ingress controller.
The setup is currently working and blocking visitors using the free community blocklist....
Whitelists ranges and ips block
Hello,
i was wondering if ip addresses with CIDR /32 could be put under the ranges block in /etc/crowdsec/parsers/s02-enrich/whitelists.yaml ?
I added an IP address with CIDR range of /32 and it was present in agent and LAPI whitelists but got blocked anyway.
...
Assistance with haproxy bouncer for freebsd/opnsense
hello. I put this message asking for help but after a few days of waiting I got nothing. https://discord.com/channels/921520481163673640/1198990268821684338/1298742532691460226
Have I placed it in the wrong place? (I noticed now that is in a section labelled "support read only") , or am I being too impatient? What's the right place to ask for opnsense-related assistance please?...