Whitelisting specific IPs based on a file

Hi! We're having some trouble with a custom whitelist setup. Basically this is what we have:

name: <company-name>/custom-whitelist
description: "Whitelist special IP's and ranges on customer's requests"
whitelist:
        reason: " <company-name> customer requested whitelist"
        expression:
            - "any(File(' <company-name>_ipwl.txt'), { IpInRange(evt.Overflow.Alert.Source.IP, #)})"
data:
        - source_url: <URL from where it downloads the list>
          dest_file:  <company-name>_ipwl.txt
          type: string

name: <company-name>/custom-whitelist
description: "Whitelist special IP's and ranges on customer's requests"
whitelist:
        reason: " <company-name> customer requested whitelist"
        expression:
            - "any(File(' <company-name>_ipwl.txt'), { IpInRange(evt.Overflow.Alert.Source.IP, #)})"
data:
        - source_url: <URL from where it downloads the list>
          dest_file:  <company-name>_ipwl.txt
          type: string

So we have this <company-name>_ipwl.txt that has CIDR ranges, one on each line. And this is used as a postoverflow. The whitelist doesn't seem to be triggering whenever an IP from a specific range triggers any scenario, so they get banned. I've tried a few things, but can't seem to find the problem, and I've been having issues with finding proper documentation on how to use any() in a crowdsec context. Any help is appreciated!

3 Replies

CrowdSec•5mo ago

Important Information

This post has been marked as resolved. If this is a mistake please press the red button below or type /unresolve

alukasOP•5mo ago

Okay, it was my bad. No need for the extra curly braces.

CrowdSec•5mo ago

Resolving Whitelisting specific IPs based on a file This has now been resolved. If you think this is a mistake please run /unresolve

Gaming

Programming

Whitelisting specific IPs based on a file

Did you find this page helpful?