Cloudflare Worker : error 1001
Hi,
I try to setup the crowdsec cloudflare worker bouncer, but when I run the command generator I've got this error :
command :
Error :
I tried to search online to resolve my issue but I didn't find anything usefull...
Any idea on how I can resolve this issue ?
[EDIT]
If I try to setup manually the config file I've got this error :
I have try to setup the config file by hand.
The bouncer start, the worker is created.
But the route is not created on the domain, and turnstile doesn't properly setup the hostname, it's blank.
Does this bouncer be limited to 10 hostname on cloudflare side ? Turnstile only allow 10 hostname...
[/EDIT]
[EDIT2]
Ok, I start to progress, you have to add the "route to protect" to create the route...
But big issue, you have to edit the failmode each time the bouncer restart...
Can we tell the bouncer to not delete / recreate everything at earch restart ?
[/EDIT2]
9 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
For the 1st error: the token needs to be scoped at the user level, not account (we list all the accounts to generate the config, but I guess we could try to detect this and only use the account the token belongs to in this case ?)
The YAML error is likely a syntax error in the config file, can you paste the (redacted) content ?
and for turnstile, if cloudflare has a limitation on their side, there's not much we can do about it :/
and no, it's not possible to configure the bouncer to not delete/create everything on start
let me check the CF doc to see if we can expose the failmode option in the config
ok ok, I advance, I can manually generate the config file.
I was able to setup the "route to protect" too.
What happen if I setup "turnstile" off ?
Only block will be available ? Challenge need turnstile ?
I think I will need to switch to the nginx bouncer, but as I use the "cache everything" option, this can create some issue when the deny page from crowdsec is put in cache...
Thx for your time, I'll continue my test.
yes challenge is just another name for captcha
Yes but challenge/captcha require turnstile.
This mean I can only use this option on 10 sites/account.
The good part is that I can just create more account.
But each time I need a worker subscription.
I come back on this topic.
Is there a way when we do the -g <token> to setup the default action ? I didn't find anything about that.
I would like to change :
actions: # supported actions for this zone. eg value ["ban", "captcha"]
- captcha > to ban
turnstile: # Turnstile must be enabled if captcha action is used.
enabled: true > to false
default_action: captcha > to ban
Did you ever have any luck getting IPs into your list? My Custom List in Cloudflare has 0 items on it and I'm rate limited to even add 1 manually?
the first cloudflare bouncer using list is broken.
Because cloudflare impose a very very very low request limit on the API.
This was not the case at the begining, they made the change on their side...
is there a second cloudflare bouncer? my account is a 'free' zt account, with several zones, and i've been able to have the bouncer create the list, 'install' the list into the zones i've selected it to, but the list at most has ever had 8 items in it... and i cannot imagine what the rate limit must be and have not found the documentation to match, so far, i've understood it is 10,000 changes in 5 minutes for the custom list api interaction - https://developers.cloudflare.com/waf/tools/lists/lists-api/#rate-limiting-for-lists-api-requests
Cloudflare Docs
Lists API · Cloudflare Web Application Firewall (WAF) docs
The Lists API provides an interface for programmatically managing the following types of lists:
This one :
https://docs.crowdsec.net/u/bouncers/cloudflare-workers/
And the real limit is far less that the one in the documentation of cloudflare.
CrowdSec Cloudflare Worker | CrowdSec
📚 Documentation