CrowdSec

C

CrowdSec

CrowdSec: IDS/IPS/WAF Community

Join
jjg23
jjg23
View on Discord
8/15/2025

No alerts received within the last 24 hours

One of my engines which has been working well now shows this error in the console. cscli capi status looks like it's all good. The console (app.crowdsec.net) shows that it has recently authenticated, and the console has received status, but that signals haven't been retrieved for a couple days. Alerts aren't showing up in the console either. Any suggestions to troubleshoot?
freddy
freddy
View on Discord
8/14/2025

crowdsec nginx bouncer without IP

Hello CrowSec community, I'm new to CrowdSec. I am running an nginx reverse proxy serving a demo web app in a docker container. My dockerized nginx container is running with ports 80 and 443. I installed crowdsec and related remediation components (bouncers) baremetal. Seems that it is working, however, I noticed after running the command sudo cscli bouncers list See attached image....
No description
jjg23
jjg23
View on Discord
8/14/2025

Clean up old log parsers / machines

My security engine currently shows 30 log parsers in cscli and the console. The log parsers specifically are old LAPI pods. I understand there are options to automatically clean up old agent and bouncer connections though it apparently doesn't apply to LAPI. Is there a way to cause these to be cleaned up automatically? I know I can cscli machine prune but in a kubernetes environment it's expected that pods are ephemeral, so it seems like there should be a function to autodelete or autopru...
Alfredo Borges
Alfredo Borges
View on Discord
8/14/2025

help configuration bouncer traefik

apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: bouncer namespace: traefik...
Mrx
Mrx
View on Discord
8/13/2025

Haproxy-Spoa captcha always reload and not redirect to site

Dear Crowedsec Team I set up my haproxy to show the chaptcha.html file from your Github repo. But my turnstile widget always reloads and never sent the cookie back to the server for verification....
badmas
badmas
View on Discord
8/13/2025

Multiple Notifications of the same IP Ban

I'm currently using CrowdSec on my OPNsense firewall, and overall, it's been working very well. However, I've recently noticed multiple repeated ban notifications for the same IP range (89.248.160.0/21), which is known to be malicious. This has been occurring consistently over the past few days. To mitigate this, I increased the ban duration from 4 hours to 72 hours, hoping it would reduce the repeated activity. Unfortunately, that hasn’t made a difference—similar IPs keep appearing. I came across some information suggesting that CrowdSec bans don't necessarily block traffic entirely and that firewall-level blocking is needed to fully stop incoming connections. Since I'm using the CrowdSec plugin directly on OPNsense, I was expecting it to integrate with the firewall to block banned IPs....
No description
Pierrick
Pierrick
View on Discord
8/12/2025

Strungling with Bouncer Middleware in Traefik 3 on kubernetes.

Hy everyone, i wondering if someone allready have trouble to deploy bouncer middleware on traefik 3 ? - Security engine is registered - traefik3 is deployed on kubenetes. Everything look ok but when i activate crowdsec middleware on HTTProute. ...
No description
alendroit
alendroit
View on Discord
8/12/2025

data directive in scenario do not load local file in memory

Hello, I created a dummy scenario to import local data file (with a list of IPs) but it seems to not be loaded in memory. I use the imported file with the File() function in filters section of profiles.yaml: ```filters: - Alert.Remediation == true && Alert.GetScope() == "Ip" && Alert.GetValue() in File("importtrustedip.txt")...
minzi90
minzi90
View on Discord
8/12/2025

Remediation components aren't visible

Hello! I've installed CrowdSec on a fresh Ubuntu 24.04 VPS and connected it to the web, but I don't see any active remediation components. When I run sudo cscli bouncer list, it shows the firewall bouncer as valid and the last API pull was recent. Both the crowdsec and crowdsec-firewall-bouncer services are active and running. However, despite numerous IPs being present in the iptables, I can't see the active remediation components. Could someone please help me understand why the remediation components aren't visible and how I can resolve this? ...
Nicollas
Nicollas
View on Discord
8/11/2025

need help with fortigate integration

I'm trying to integrate crowdsec blocklist with my fortigate but I can't
cowlug
cowlug
View on Discord
8/10/2025

The recipient server did not accept our requests to connect.mails from gmail blocked by crowdsec

The recipient server did not accept our requests to connect. I have no idea why mails from gmail are blocked. I am able to send to gmail without any problem, but the othe way doesn't work. How can I allow incoming mail from gmail smtp servers ?...
marko
marko
View on Discord
8/10/2025

2FA authorization

Hi CrowdSec team 👋 I lost access to my 2FA device and cannot log into my CrowdSec account.
I sent a support request to support@crowdsec.net on 02.08.25 but haven’t received any reply for over a week.
This completely blocks me from accessing my account....
ColouredCats
ColouredCats
View on Discord
8/10/2025

AppSec ignores X-Crowdsec-Appsec-Ip header from Caddy bouncer, uses connection source IP instead

Hi 👋 I'm trying to track down what's going on between Caddy and AppSec and could use a suggestion for where to look next. I've documented my issue and findings on hslatman/caddy-crowdsec-bouncer, and ruled it out a plugin issue - https://github.com/hslatman/caddy-crowdsec-bouncer/issues/91 Let me know if anyone has a suggestion for where to dig next....
joshward9182
joshward9182
View on Discord
8/9/2025

Collection Not Banning

I'm just getting into Crowdsec and installed on my Unraid server, with Traefik as my reverse proxy. I followed an Ibracorp tutorial for help. Multiple collections don't seem to be parsing the logs correctly. One example being LePresidente/overseerr-logs....
No description
XTROIL
XTROIL
View on Discord
8/9/2025

Same IP banned twice 2 hours apart?

I've seen the same IP getting banned twice 2 hours apart, not sure how it's possible? My default bans are for longer, so it shouldn't be possible, I do see the active decision for that IP, so I wonder if I'm missing something? Thanks....
No description
JaimeZX
JaimeZX
View on Discord
8/8/2025

Re: the 6 Aug announcement about updating

I ran the curl -s https://install.crowdsec.net/ | sh with sudo and got back "this script must be run as root." What am I missing? Thanks!
-_-;.....
-_-;.....
View on Discord
8/8/2025

prevent notifications for manual add ip/range or use own custom blocklist

Hello, and apologies if this has already been asked and answered. I have a self-maintained blacklist that I would like to use with Crowdsec. My first approach was to use cscli to add the IPs and ranges, as well as a reason. However, this resulted in the reports being duplicated via notification....
carrotcakee
carrotcakee
View on Discord
8/8/2025

Helm chart add allowlist

Is it possible to add IPs to a allowlist from the helm values? I saw that whitelist is deprecated and i've managed to create it using the documentation and cscli but im running without persistent storage so on pod deletion the config is lost...
Dimitar
Dimitar
View on Discord
8/6/2025

Openresty bouncer disconnects from CrowdSec

Hi team, need support hence joining the channel here, need to admit this is my fist post here... Our setup: We are using the drop-in replacement of Nginx Proxy Manager (lepresidente/nginxproxymanager) runnign in Docker of course, CrowdSec is also running in Docker. ...

message.txt

Willpower
Willpower
View on Discord
8/6/2025

Docker based log parser not connecting to Opnsense running LAPI

I am working on setting up crowdsec on my second network and im running into issues getting another machine connected to the LAPI running on opnsense. My opnsense crowdsec config can be see in the attached picture as well as the firewall rule on the LAN interface that allows the docker machine (an unraidbox) to connect to port 8080 on the router. When running the sudo cscli lapi register -u http://192.168.20.1:8080 command on my crowdsec docker it says its successful and saves the creds into local_api_credentials.yaml. I then stopped the docker and edit config.yaml in the docker server and disable the server api. On the Opnsense lapi i validate the machine. now whenever trying to start the crowdsec docker it will not start successfully. It gets stuck in a loop of crashing over and over. This can be found in the logs: ...
No description
PreviousNext