Cloudflare bans me when using Jellyseerr
So I have a crowdsec setup and it looks to work relatively fine, except there is this one app I use which is named Jellyseerr. Whenever I use this and browse for a while I get banned from my server. The reason is this:
http-crawl-non_statics. A quick search and chatgpt gave me the reason has to do with those /requests, info and such domains that I change a lot. What is there to do so I can fix this issue?Deploy my own scenario to my production system
I am successfully test my own scenario in my testing environment.
How can i deploy my scenario to my production system?...
How to manage two bouncers ?
Hello, I have a LAMP web server with two bouncers. The first one is crowdsec-firewall-bouncer, which blocks IP addresses at the system level, and the second one is the PHP bouncer, which handles the captcha part.
Right now I have an issue: when someone gets banned, itβs handled by the firewall bouncer. However, I would like it to be handled by the PHP bouncer instead, so that the user can see the ban.html page.
How can I configure it so that all HTTP requests are processed by the PHP bouncer, while everything else is still handled by the firewall bouncer?...
ban duration not applying
Hi!
I changed the default ban duration in profiles.yaml to 12h but its still banning 4h.
What am i missing? π
...
...
Tag issue in github that I didn't write for named counters in the firewall bouncer
is there a way I can tag and triage the issue for named counters on nftables even though I was not the one that submitted the issue?
https://github.com/crowdsecurity/cs-firewall-bouncer/issues/404...
CrowdSec Docker Setup on TrueNAS SCALE EE with Tailscale + TSDproxy
Hi everyone! Iβm running TrueNAS SCALE 24.10.2.3 (Electric Eel) and Iβm working on setting up CrowdSec inside a Docker container.
My goals:
Use CrowdSec to protect Vaultwarden and Immich, which are also running in Docker on the same TrueNAS server....
Wazuh integration
Hi all,
i'm trying to integrate Crowdsec agents into Wazuh.
In my current config, my self-hosted CAPI outputs (with the file notifications plugin) in /tmp/crowdsec_alerts.json on Wazuh server.
The problem is: all records in Wazuh shows the agent.name of the Wazuh server not the agent where the alert was detected....
CrowdSec Agent UnmarshalJSON: unexpected end of JSON input with Traefik logs on Kubernetes (Containe
Hi everyone,
I'm facing a persistent issue with my CrowdSec agent on Kubernetes.
My Setup:
CrowdSec: Deployed via Helm chart.
Container Runtime: containerd is configured (container_runtime: containerd in values.yaml)....
Technitium parser
Hi,
I'm trying to write a custom parser for technitium failed auth logs. However I'm unable to get it working properly... (Grok Debugger confirms that the correct things are getting matched though)
```yaml...
Caddy Appsec
Hi!
I have setup crowdsec with https://github.com/hslatman/caddy-crowdsec-bouncer.
But im not sure if appec is working as it should, have I missed anything?
...
Crowdsec behind cloudflare proxy, will it ban my real IP?
Hey, I'm enjoing vacation and why not learn something new? Settled for Crowdsec. π π¦
I've installed it on multiple firewalls (opnsense and pfsense) and agents parsing nginx-logs.
I've attacked my website using nikto and the cs-agent at nginx did detect the attack and reported it to the LAPI. When looking at the decisions in the LAPI@pfsense I can see that I should be banned. Great.
...
ERR error="middleware \"globalcrowdsec@file\" does not exist" entryPointName=http routerName=acme-ht
I am use this Tutorial : https://www.crowdsec.net/blog/securing-automated-app-deployment-crowdsec-and-coolify to Installing the Traefik Remediation Component
in coolify. but when i add Compose Command section by adding the following lines:
command:
- '--experimental.plugins.crowdsec.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin'...
Crowdsec banning local IP by default
Hello,
I am using crowdsec with bouncer-traefik as stack and traefik in different container but in same host.
Everything is up and running but I can not access any of the service I have, it says "Forbiden" on top left corner....
Traefik bouncer plugin-metrics 403
I set up the crowdsec helm chart + traefik bouncer yesterday and seeing some errors I can't explain. The bouncer plugin reports every 10 minutes:
ERROR: CrowdsecBouncerTraefikPlugin: 2025/07/25 11:31:08 handleMetricsTicker:reportMetrics reportMetrics:query crowdsecQuery method:POST url:http://crowdsec-service.crowdsec.svc.cluster.local:8080/v1/usage-metrics, statusCode:403 (expected: 2xx)
I suspect this is also related to this error in the agent logs as they seem to have the same timestamp ...New to self-hosting, seeking advice from cybersecurity buffs.
I have the Oracle Free Tier. I've already ran it for a year or so with the usual services like Nextcloud and Immich, but I'm still inexperienced and want advice. I want to do it right this time, documenting it as I go through the setup so that I don't forget.
Up until now, my plan was to run Rootless Docker with NPM and Keycloak. Then I found out about CrowdSec, and it seems that it attaches to whatever reverse-proxy service one uses?
The real question is: Together with CrowdSec, what other services/setup would you recommend for security?...
CrowdSec agent: runtime errors when processing Traefik logs
I'm facing multiple warnings in the crowdsec-agent logs when trying to process events from Traefik:
go
Copiar
Editar...
k8s bouncer key from Secret
I was able to successfully configure the Traefik bouncer connecting to the Crowdsec deployed via the helm chart. Currently the bouncer key is specified in the values.yaml and the Middleware manifest. Has anyone configured this value from a kubernetes Secret so that it's not committed to SCM along with the rest of the yaml manifests?
Best Bouncer Configuration for AppSec on a LAMP Server
Hello, I have a question. I currently have several LAMP web servers, notably with Apache2 + PHP. Right now, Iβd like to set up AppSec, but first I want to install the appropriate bouncers. I see that there is a bouncer for PHP and another for Apache. What would you recommend? Should I install both, or just one of them? Which one would work best with AppSec? Thank you in advance.
Vaultwarden: `cscli explain` matches, but `metrics` disagree
I'm trying to integrate this collection: https://app.crowdsec.net/hub/author/Dominic-Wagner/collections/vaultwarden. I've hit the login endpoint with bad user info hundreds of time and see logs like the following.
From
cscli explain --file /logs/vaultwarden.log --type Vaultwarden:
line: [TIMESTAMP][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 111.111.111.111. Username: user@example.com.
β s00-raw...