C
CrowdSec9mo ago
j0nny54l1v3

Docker Compose Crowdsec Cloudflare Bouncer on Free Cloudflare account

Heh, overloaded my 10000 item list lists and this isn't very well documented, but I had to: 
docker compose exec crowdsec-cloudflare-bouncer crowdsec-cloudflare-bouncer -d
docker compose exec crowdsec-cloudflare-bouncer crowdsec-cloudflare-bouncer -d
Then to re-setup my lists (as I had changed from challenge to block, this was expecially necessary: 
docker compose exec crowdsec-cloudflare-bouncer crowdsec-cloudflare-bouncer -s
docker compose exec crowdsec-cloudflare-bouncer crowdsec-cloudflare-bouncer -s
Now, I also added this to the config file (stdout is important, otherwise no logs in Docker): 
# Bouncer Config
daemon: false
log_mode: stdout
log_level: info # valid choices are either debug, info, error
# Bouncer Config
daemon: false
log_mode: stdout
log_level: info # valid choices are either debug, info, error
As noted in their API docs: https://developers.cloudflare.com/waf/tools/lists/lists-api/ When I saw the logs for 'debug' I noticed it seemed the IPs were in Newest -> Oldest, and with the limit (example below) that goes after the accounts 'default action': 
    total_ip_list_capacity: 10000 # only this many latest ip scoped decisions would be kept
    total_ip_list_capacity: 10000 # only this many latest ip scoped decisions would be kept
Then the 10040 errors, so It seems wise to keep the Cloudflare update frequency at 310m (and keep the limit at 10000 as above): 
  update_frequency: 310m # the frequency to update the cloudflare IP list
  update_frequency: 310m # the frequency to update the cloudflare IP list
I'm curious how the list gets "cut" as it is sent to Cloudflare - ASC/DSC? Is it first/latest items + last/oldest or the first/oldest + last/latest? What I want is the latest IPs alerted, and especially the ones I added to block going to Cloudflare, but getting 'web/http/scanners' from the Community/Crowdsecurity would be good too. Please feel free to correct how I'm stating this! Was also curious about setting up multiple Cloudflare IP list updaters (have each with a different prefix) and focus the 'feature' across them? Again, thank you for such amazing tools, thank you for the time spent, hopefully this helps others and I can find a neat extra detail out.
Cloudflare Docs
Lists API · Cloudflare Web Application Firewall (WAF) docs
The Lists API provides an interface for programmatically managing the following types of lists:
1 Reply
CrowdSec
CrowdSec9mo ago
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.
Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️

Did you find this page helpful?