All posts for CrowdSec

• Installed on OPNsense and blocking unraid community store
• ban disappeared before expiration
• ngx.timer error when loading decisions
• How to do without a service key and HTTP value?
• Error while parsing logs - schiz0phr3ne/sonarr-logs
• Can't connect to remote LAPI with agent
• Updating Decisions List
• Traefik logs only showing internal docker IP address.
• Help with crowdsec plugin
• No alerts received within the last 24 hours
• crowdsec nginx bouncer without IP
• Clean up old log parsers / machines
• help configuration bouncer traefik
• Haproxy-Spoa captcha always reload and not redirect to site
• Multiple Notifications of the same IP Ban
• Strungling with Bouncer Middleware in Traefik 3 on kubernetes.
• data directive in scenario do not load local file in memory
• Remediation components aren't visible
• need help with fortigate integration
• The recipient server did not accept our requests to connect.mails from gmail blocked by crowdsec
• 2FA authorization
• AppSec ignores X-Crowdsec-Appsec-Ip header from Caddy bouncer, uses connection source IP instead
• Collection Not Banning
• Same IP banned twice 2 hours apart?
• Re: the 6 Aug announcement about updating
• prevent notifications for manual add ip/range or use own custom blocklist
• Helm chart add allowlist
• Openresty bouncer disconnects from CrowdSec
• Docker based log parser not connecting to Opnsense running LAPI
• About Hub collections
• cscli alerts list -i not showing all alerts
• Ban immediately after scenario is triggered
• LAPI whitelist
• No target_host in AppsecAlerts
• Viewing / deleting decisions with cscli
• Remove allow list for local addresses?
• Is my caddy setup missing anything?
• Unmarshal JSON warnings
• 2FA-Authentifizierung
• Inconsistencies between web, cscli, and ipset
• Console-connection gets stalled when container is restarted
• Cloudflare bans me when using Jellyseerr
• Deploy my own scenario to my production system
• How to manage two bouncers ?
• ban duration not applying
• Tag issue in github that I didn't write for named counters in the firewall bouncer
• CrowdSec Docker Setup on TrueNAS SCALE EE with Tailscale + TSDproxy
• Wazuh integration
• CrowdSec Agent UnmarshalJSON: unexpected end of JSON input with Traefik logs on Kubernetes (Containe
• question about cscli metrics
• Technitium parser
• Caddy Appsec
• Crowdsec behind cloudflare proxy, will it ban my real IP?
• ERR error="middleware \"globalcrowdsec@file\" does not exist" entryPointName=http routerName=acme-ht
• Crowdsec banning local IP by default
• Traefik bouncer plugin-metrics 403
• New to self-hosting, seeking advice from cybersecurity buffs.
• CrowdSec agent: runtime errors when processing Traefik logs
• k8s bouncer key from Secret
• Best Bouncer Configuration for AppSec on a LAMP Server
• Vaultwarden: `cscli explain` matches, but `metrics` disagree
• No decisions and no alerts in the console
• Filtering specific URI in CrowdSec profile
• im using tailscale tunnel and got locked
• Debian apt install - How not to install discovered collections automatically
• New to crowdsec: next steps
• A few questions about metrics
• postoverflows and 1.6.10
• problem enroll
• Transfering enterprise plan from personal to organization
• Logs Not Being Parsed
• Bouncers mixed up?
• NPMplus and Crowdsec as per the instructions posted by Zoey on the Crowdsec site
• Discord Notification Not Send
• Crowdsec makes my server crash
• Gpg key error on debaun 12 404 no key found. Trying to update
• How to temporarily disable for a while?
• is there a way to disable emails for incremental bans.
• Pfsense Blocked IPs Disappear from Alias/Table After a While
• Traefik bouncer not connecting to LAPI
• cscli allows decisions on CIDR ranges, but nftables sets do not have the `interval` flag
• decisions list strange result
• crowdsec-nginx-bouncer memory leak?
• How to test than setup will block attack
• Enable context using helm
• Should Prometheus Work in Multi-Server Setup?
• Console Signup KO
• Does whitelisting still lead to ban requests?
• Blocklists and decisions streaming
• High CPU load since restart haproxy bouncers
• Last fetched signals (on web console)
• Minecraft Server Collections?
• Blocklist unsubscribe
• New issue: $LAPI_HOST resolves to the wrong service name
• CrowdSec Windows Exchange
• how to handle redeployment?
• Crowdsec-haproxy-bouncer
• JSON logging
• Parser failure
• Postoverflow Whitelist Ignored
• nginx: [error] [lua] crowdsec.lua:130: init(): APPSEC is enabled on 'crowdsec:7422'
• Mikrotik, 2x Caddy (internal only/ internal + public)
• CrowdSec Runtime Error: High CPU Load and Memory Errors Causing Restarts
• Correctly block Cloudflare proxies IPs
• Which haproxy frontend does the crowdsec use to query decisions?
• Whitelist
• How much cost implement CrowdSec in Coolify?
• Cloudflare, Traefik and Crowdsec
• Help Connecting Unraid Docker Agent to OPNsense plugin?
• Need Help Whitelisting Specific URL Paths
• Are there currently still problems with pfsense 2.8.0?
• Help Request: CrowdSec CAPI Connection Blocked – Proxy Support?
• countries are not listed
• Whitelisting Google Maps and reCAPTCHA
• Got 502 from bouncer to LAPI when enabling trusted_ips and use_forwarded_for_headers
• Parser failures with NPMplus logs
• Let's Encrypt IPs Blocked by CAPI – Need Whitelisting Guidance
• Enroll command bug ?
• Decisions not displaying on browser page.
• does installed Crowdsec packages smoothly transition to the PfSense upgrade to 2.8.0 release?
• Error 500 connecting to app.crowdsec.net
• opnsense bombarded with blocks coming OUT of the LAN
• docs about running tests are incorrect
• Deploy CrowdSec in agent mode with docker-compose
• PSA: Installing crowdsec on ancient Debian 8 can trigger systemd segfault
• Traefik Bouncer not pulling from CrowdSec API
• Possible bug in cscli decisions list
• Anyone know how to setup Notifications in a Multiserver Architecture?
• Scenario is not banning IP
• Question creating Postoverflow Whitelist
• Direct manipulation of the allowlist in the database.
• Manual decision disappear before expiration
• Apache parser failure
• Docker infrastructure with multiple services and host strategy
• Crowdsec log questions.
• Is it possible to parse multiple log lines combined?
• OPNsense LAPI Multiserver Setup with NPMPlus
• Try to understand the crowdsec log
• Disable protection on a OPNsense interface?
• Questions on Integrating CrowdSec with Traefik Behind Cloudflare
• GID for docker-compose
• How to massively ban a pool of @ip?
• Heavy load on mariadb
• Key not valid Docker installation
• Remediation Metrics only showing for one engine
• Are negative ban time values normal?
• Unifi s01 parser
• Custom Unifi parser
• Custom parser in test env. not working
• explain me a list notation in postoverflow
• Not sure if I understand difference between multi-server setup and log centralization.
• Decisions not showing up in crowdsec browser Decisions page? Is it not normal?
• crowdsec & coolify in cluster
• Two traefik-bouncers and can't delete the one that's not working
• Caddy not showing up in acquisition metrics
• Set timezone
• cron.daily updated & outdated
• Whitelist user agent from file
• Scenarios that have hit whitelist still showing up as alerts?
• git-dumper requests not being blocked despite sensitive-files scenario
• Diagnosing what causes "Http error 400 while talking to LAPI"
• Caddy Crowdsec no metrics
• Stuck sending event
• Check if decision has been succesfully taken?
• Find out which type for acquisition?
• Setup firewall-bouncer-docker
• Discord Notification Formatting Help
• Need a help for Post "https://api.crowdsec.net/v3/watchers": net/http: TLS handshake timeout
• auth.log seems to not get parsed
• apache bouncer
• List of available bouncers?
• Docker compose example outdated?
• `runtime stderr: creating `/etc/crowdsec/acquis.d`: openat2 `etc/crowdsec/acquis.d`: No such file or
• Difference between `datasources` and `acquisitions`?
• How to confirm if blocking?
• Migrating LAPI
• private blocklist for development
• CrowdSec blocking googlebot SEO crawler
• Multi-SERVER - Problem with an agent with 2 IPs
• Handle PersistentVolume for multiple LAPI replicas in Kubernetes environment
• how to ban those
• Opnsense reporting only "Unknown Behavior" in console Remediation Metrics
• Pocket-Id Scenario
• NGinx bouncer / appsec / no remediation
• how do I use the BOUNCER_KEY_<name>=<key> ?
• Does my Crowdsec block correctly?
• Migrating LAPI from Docker to Opnsense
• the list/decisions for ssh:bruteforce are not available on a standard query
• Whitelisting specific IPs based on a file
• Service machine won't connect to LAPI
• CrowdSec not reacting to .git scans
• No decisions are made when testing with nikto on Kubernetes
• Services with internal subdomain get blocked with Traefik bouncer
• csLapiSecret and registrationToken injection from k8s secret impossible
• Old decisions with long duration are eventually lost
• looking into appsec setup, looks like some cvs are disabled, should i enable / update and how
• detect ddos attack
• Delete decision doesn't work on the site
• Safely update openresty?
• Attack via URL
• Zero Prometheus metrics parser ok but parser is considered as ok
• k8s traefik bouncer + cscli manual decision: disappear after some minutes
• Have a working Traefik, trying to enable CrowdSec Appsec feature, need help
• Traefik logs parsing name=child-crowdsecurity/traefik-logs stage=s01-parse
• Crowdsec + PG on K8S: agent can’t connect lapi
• CAPI whitelist
• Uptime-kuma baremetal
• k8s Traefik bouncer: decision not applied
• false positive wordpress
• CrowdSec NGINX Bouncer internal server error
• Error messages after updating to latest Crowdsec
• Nginx bouncer log spam
• JWT Auth timeout
• CloudPanel Dependency Issue: Lua Module for CrowdSec Nginx remediation component Installation
• can restore old blocked ip ?
• Setting up captcha once per x time
• bouncer testing access forbidden - wordpress
• Cloudflare tunnel -> traefik -> crowdsec
• Machine registration on a different @ip range.
• Wrong Grok Pattern for Custom Parser
• Console_management is disabled
• crowdsec-haproxy-bouncer is failing to spot attempted intrusions. Parser failures maybe.
• Haproxy bouncer try to pull expired decisions from LAPI
• A little randomly, Crowdsec's main website will not be reachable
• Openresty bouncer not working?
• whitelist from file
• Whitelist not working?
• XML syntax error
• Import scenarios from files using helm chart
• CrowdSec Hub "Show more" button broken
• Bouncer unknown version?
• Custom scenario not triggering neither alert nor decision
• Chaining bouncer inside access_by_lua_block
• Active bans with Prometheus
• Injection of a banned IPv4
• CrowdSec Mikrotik Bouncer fails to add banned ip to address list
• "No matching files for pattern /services/traefik/traefik.log" altough file exists
• Where to put the `.yaml.local` files?
• Keep bouncer API as a secret?
• crowdsec init: while loading acquisition config: no datasource enabled
• FATA can't find 'crowdsecurity/linux' in collections
• Create dashboard without using cli?
• Newbie: How to use CrowdSec
• How do you write a custom bouncer script fed from stdin ?
• ENROLL_KEY and Auto-Accept in Crowdsec Console ?
• New how-to for crowdsec for haproxy on opnsense
• PR rdns_seo_bots.txt
• Nextcloud, false positive, blocks users
• block the vpn servers
• LAPI stream mode doesn't return active decision when filtering origin "crowdsec"
• IP banned, but I still receive alerts
• CrowdSec for CloudPanel/WordPress websites
• NPMplus won’t connect to api
• how to get notification variables
• Ban all IPs parsed from a specific acquisition
• Inactive bouncers
• Instant attack notification stays disabled
• Max number of machines a LAPI can handle
• Query local api for scenario containing http
• Docker Compose Crowdsec Cloudflare Bouncer on Free Cloudflare account
• Seafile Creating Http-probing
• Enable appsec only for specific NGINX locations
• Multi-server setup, database, should we comment out the db config for all the nodes
• Cloudflare Worker : error 1001
• Help me update my possibly outdated crowdsec setup.
• Bad IP lists in open source (free) version
• cloudflare worker & pricing
• Need an insight for cloudflare tunnels --->> Nginx ---->> Website
• Testing AppSec rules with POST body contents
• file.yaml doesn't work
• Permanent ban for IPs and ASNs
• Nginx ingress controller unexpected DNS response
• Whitelists ranges and ips block
• Cloudflare & Crowdsec
• Assistance with haproxy bouncer for freebsd/opnsense
• how to choose to block all public ip as 0.0.0.0 and any mask, in order to ban any public ip that com
• Appsec / NGinx / Distributed Network
• Crowdsec on Ubuntu
• Guidelines for Writing a Good Support Thread