Docker Compose Crowdsec Cloudflare Bouncer on Free Cloudflare account
Heh, overloaded my 10000 item list lists and this isn't very well documented, but I had to:
Then to re-setup my lists (as I had changed from challenge to block, this was expecially necessary:
Now, I also added this to the config file (stdout is important, otherwise no logs in Docker):
As noted in their API docs:
https://developers.cloudflare.com/waf/tools/lists/lists-api/
When I saw the logs for 'debug' I noticed it seemed the IPs were in Newest -> Oldest, and with the limit (example below) that goes after the accounts 'default action':
Then the 10040 errors, so It seems wise to keep the Cloudflare update frequency at 310m (and keep the limit at 10000 as above):
I'm curious how the list gets "cut" as it is sent to Cloudflare - ASC/DSC? Is it first/latest items + last/oldest or the first/oldest + last/latest?
What I want is the latest IPs alerted, and especially the ones I added to block going to Cloudflare, but getting 'web/http/scanners' from the Community/Crowdsecurity would be good too. Please feel free to correct how I'm stating this!
Was also curious about setting up multiple Cloudflare IP list updaters (have each with a different prefix) and focus the 'feature' across them?
Again, thank you for such amazing tools, thank you for the time spent, hopefully this helps others and I can find a neat extra detail out.
Then to re-setup my lists (as I had changed from challenge to block, this was expecially necessary:
Now, I also added this to the config file (stdout is important, otherwise no logs in Docker):
As noted in their API docs:
https://developers.cloudflare.com/waf/tools/lists/lists-api/
When I saw the logs for 'debug' I noticed it seemed the IPs were in Newest -> Oldest, and with the limit (example below) that goes after the accounts 'default action':
Then the 10040 errors, so It seems wise to keep the Cloudflare update frequency at 310m (and keep the limit at 10000 as above):
I'm curious how the list gets "cut" as it is sent to Cloudflare - ASC/DSC? Is it first/latest items + last/oldest or the first/oldest + last/latest?
What I want is the latest IPs alerted, and especially the ones I added to block going to Cloudflare, but getting 'web/http/scanners' from the Community/Crowdsecurity would be good too. Please feel free to correct how I'm stating this!
Was also curious about setting up multiple Cloudflare IP list updaters (have each with a different prefix) and focus the 'feature' across them?
Again, thank you for such amazing tools, thank you for the time spent, hopefully this helps others and I can find a neat extra detail out.
Cloudflare Docs
The Lists API provides an interface for programmatically managing the following types of lists:
